Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/eJgCV0wsFIZlvMUEa2K6k3T_KWg.roa
File:                     eJgCV0wsFIZlvMUEa2K6k3T_KWg.roa (raw, json)
Hash identifier:          nI8ZcPzbo8uLvbDsHlYKZwLRPVKW/EBvULiauTVPEoQ=
Subject key identifier:   78:98:02:57:4C:2C:14:86:65:BC:C5:04:6B:62:BA:93:74:FF:29:68
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01951F8BAF04C146F5F9E77BCFB628AA1859
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/eJgCV0wsFIZlvMUEa2K6k3T_KWg.roa
Signing time:             Wed 19 Feb 2025 18:50:02 +0000
ROA not before:           Wed 19 Feb 2025 18:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209043
IP address blocks:        163.5.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1f:8b:af:04:c1:46:f5:f9:e7:7b:cf:b6:28:aa:18:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 19 18:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=789802574c2c148665bcc5046b62ba9374ff2968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:03:35:6d:ea:74:de:31:69:de:fd:73:dc:68:
                    d9:99:da:8a:d4:ea:66:7d:32:e3:a5:89:da:d0:2f:
                    d1:27:ac:b7:e2:8f:af:b2:5a:28:30:7b:d8:bd:f3:
                    57:37:c1:0c:ca:01:73:ce:9a:ae:c3:2b:cc:46:4f:
                    81:c1:16:26:4f:ee:b9:5a:b0:b5:8c:3d:de:fb:17:
                    bc:e7:d6:f5:41:10:ee:f8:9f:11:c3:48:a5:ba:31:
                    b5:cb:d2:46:cc:09:0b:1c:05:42:6f:32:1b:54:4b:
                    0b:7f:19:6b:ba:2b:43:0d:27:e3:1d:0d:8c:0f:84:
                    f7:b9:22:dd:0b:1c:db:45:7c:e7:fc:cc:38:21:a3:
                    2b:63:94:9f:77:bb:be:f3:12:02:9b:23:38:c1:2f:
                    38:69:ef:58:eb:32:2e:84:fd:de:d5:46:d6:a8:72:
                    da:5e:5e:25:07:6c:14:b6:c4:aa:57:0e:72:52:50:
                    5e:9e:ea:c5:c8:53:a6:70:73:b6:15:35:3c:d2:5f:
                    c7:62:af:1a:f6:8b:71:76:89:be:fe:4e:01:6a:ff:
                    3a:3c:42:3f:f0:69:5a:b2:18:ef:35:d1:c8:3f:69:
                    d2:bd:70:6d:fb:2e:af:8e:d7:a1:8a:4a:02:09:5d:
                    3a:fc:7b:33:04:ec:d5:87:40:af:a4:3c:91:b1:6a:
                    2b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:98:02:57:4C:2C:14:86:65:BC:C5:04:6B:62:BA:93:74:FF:29:68
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/eJgCV0wsFIZlvMUEa2K6k3T_KWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:da:46:8e:a1:08:32:52:52:86:94:36:be:b2:4e:1d:e0:b8:
         1c:a8:9e:fe:ea:12:a4:48:09:22:cc:bb:18:23:99:74:ec:77:
         0d:6a:31:24:6a:36:83:7b:a7:14:36:38:06:37:54:fe:b0:65:
         93:6b:5b:56:ff:a9:86:5d:63:56:04:a7:d0:42:1e:0b:08:f0:
         01:73:10:8a:31:e2:d0:ac:e9:b6:b8:46:3f:59:45:e4:14:68:
         cc:51:4d:e9:88:62:5f:e0:55:ad:64:fa:31:9f:5e:86:eb:5d:
         84:96:5f:93:00:ae:b3:db:95:b8:fd:a0:38:91:5d:2e:f4:95:
         d8:99:a2:53:6a:0b:21:0a:b0:2a:ed:86:a3:4d:12:99:e4:e6:
         de:e8:fa:fa:46:69:57:e8:67:fd:9d:18:04:0a:40:c8:90:d5:
         69:25:c6:5a:27:3c:b6:8b:3e:04:8a:9a:c5:d0:f1:d4:a2:ef:
         bb:29:32:0c:e8:94:7b:11:a5:05:7f:38:ec:53:09:6b:83:5b:
         dc:00:b5:e7:9a:21:72:e2:11:3c:9a:c1:2e:0f:1e:14:8c:e6:
         00:50:7d:30:70:e0:7b:50:0f:ba:72:42:f7:5a:02:0f:dd:98:
         a3:31:82:ce:58:31:86:23:ae:b2:65:11:cb:94:09:58:9c:7c:
         b8:c8:20:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUfi68EwUb1+ed7z7YoqhhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMjE5MTg1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODk4MDI1NzRjMmMxNDg2NjViY2M1MDQ2YjYyYmE5Mzc0ZmYyOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQM1bep03jFp3v1z3GjZmdqK1Opm
fTLjpYna0C/RJ6y34o+vslooMHvYvfNXN8EMygFzzpquwyvMRk+BwRYmT+65WrC1
jD3e+xe859b1QRDu+J8Rw0ilujG1y9JGzAkLHAVCbzIbVEsLfxlruitDDSfjHQ2M
D4T3uSLdCxzbRXzn/Mw4IaMrY5Sfd7u+8xICmyM4wS84ae9Y6zIuhP3e1UbWqHLa
Xl4lB2wUtsSqVw5yUlBenurFyFOmcHO2FTU80l/HYq8a9otxdom+/k4Bav86PEI/
8GlashjvNdHIP2nSvXBt+y6vjtehikoCCV06/HszBOzVh0CvpDyRsWorHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiYAldMLBSGZbzFBGtiupN0/yloMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZUpnQ1Ywd3NGSVpsdk1VRWEySzZrM1RfS1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUMMA0G
CSqGSIb3DQEBCwUAA4IBAQAy2kaOoQgyUlKGlDa+sk4d4LgcqJ7+6hKkSAkizLsY
I5l07HcNajEkajaDe6cUNjgGN1T+sGWTa1tW/6mGXWNWBKfQQh4LCPABcxCKMeLQ
rOm2uEY/WUXkFGjMUU3piGJf4FWtZPoxn16G612Ell+TAK6z25W4/aA4kV0u9JXY
maJTagshCrAq7YajTRKZ5Obe6Pr6RmlX6Gf9nRgECkDIkNVpJcZaJzy2iz4EiprF
0PHUou+7KTIM6JR7EaUFfzjsUwlrg1vcALXnmiFy4hE8msEuDx4UjOYAUH0wcOB7
UA+6ckL3WgIP3ZijMYLOWDGGI66yZRHLlAlYnHy4yCDN
-----END CERTIFICATE-----