Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/evtwl6Bjf0HqLXFuVInMaOlxTIc.roa
File:                     evtwl6Bjf0HqLXFuVInMaOlxTIc.roa (raw, json)
Hash identifier:          omGqGp9DDN24aHYJwQXY2wW+Rs9ZoR23ZtKfO2cB+lI=
Subject key identifier:   7A:FB:70:97:A0:63:7F:41:EA:2D:71:6E:54:89:CC:68:E9:71:4C:87
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256D4AE60F1419F5BA8A67321886CC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/evtwl6Bjf0HqLXFuVInMaOlxTIc.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399448
IP address blocks:        163.5.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6d:4a:e6:0f:14:19:f5:ba:8a:67:32:18:86:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7afb7097a0637f41ea2d716e5489cc68e9714c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:57:a8:e0:8e:87:1f:2a:ab:1f:08:f5:4e:f3:
                    ef:db:a7:5f:19:2f:94:43:91:db:0e:dd:50:a9:72:
                    a5:a2:cd:f1:cd:42:17:f6:d4:58:67:54:53:08:1a:
                    02:d1:80:92:23:58:b5:51:3d:bf:09:2a:50:c9:be:
                    24:c8:37:a7:82:f5:c9:cc:ab:25:a8:4b:3e:01:fe:
                    4f:ac:14:2b:ec:f8:ed:9c:d2:76:0c:22:3c:19:b9:
                    b9:4a:10:1d:d0:f9:0d:2a:fc:5e:0d:47:f3:7f:51:
                    ce:5d:e0:24:23:8a:df:41:e4:44:d1:19:fa:cb:d8:
                    5a:9f:42:88:21:05:ea:9e:b2:ef:e3:d3:18:97:d2:
                    6f:fc:8c:87:9f:8b:39:16:54:a6:43:96:f8:81:7d:
                    32:13:ea:ed:4d:fd:51:a3:78:15:2a:ce:e2:07:ca:
                    5f:13:b1:98:a2:bb:cf:25:2a:f2:c8:f5:d4:20:c9:
                    d7:ef:c9:c9:67:f9:d2:c9:18:95:65:5a:80:3c:a3:
                    7f:d1:08:ba:db:65:07:a4:53:3d:92:46:7e:5d:26:
                    a1:78:36:d1:c5:8a:4c:5e:a4:9d:d0:52:20:ef:f1:
                    17:3b:17:bd:a5:08:2c:0b:07:ca:21:df:74:ff:1a:
                    c4:d9:42:8b:04:c2:71:f7:25:e2:1d:4d:45:b4:36:
                    54:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:FB:70:97:A0:63:7F:41:EA:2D:71:6E:54:89:CC:68:E9:71:4C:87
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/evtwl6Bjf0HqLXFuVInMaOlxTIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:90:b0:0b:f3:f1:53:55:19:d8:1a:1f:1f:8a:93:2c:db:a2:
         7a:02:ad:9e:60:e4:76:f9:89:40:e1:bf:64:ee:35:f0:ef:eb:
         05:62:fb:16:b6:76:14:e7:33:56:76:42:e1:ca:5c:c0:3f:b2:
         1b:c3:a7:69:3b:55:0e:ed:5c:9f:ab:30:b4:5d:57:c9:45:54:
         f1:6c:2b:8c:e8:74:c3:9f:11:ab:25:d0:db:e4:c5:e3:e5:c5:
         9e:27:4a:ad:04:ef:e6:fe:80:4e:92:c0:6f:26:05:93:b6:35:
         be:d7:2b:b8:30:49:d5:a5:d6:32:ed:6b:ab:10:7a:81:9b:5d:
         08:19:84:9b:89:55:09:9e:19:91:3e:ab:29:54:d9:d9:ce:24:
         4e:81:0d:e5:06:f3:88:d7:54:f4:31:c5:37:5c:2b:15:2b:ee:
         bd:58:96:2a:83:0b:25:dc:e1:16:b2:06:a8:41:d1:c8:7a:c3:
         da:55:ce:3a:70:e9:d9:69:9d:d4:ce:ca:9f:58:b4:ed:8b:b0:
         f4:a2:9f:96:af:a1:99:8f:a1:77:01:7e:59:f9:a2:55:ea:b1:
         e6:b2:22:d8:84:d7:14:b6:e5:14:b3:40:b2:d9:0a:0a:19:22:
         f1:fe:66:72:16:f7:95:6f:5e:5d:ff:64:fa:b4:d1:00:79:84:
         57:81:3e:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJW1K5g8UGfW6imcyGIbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWZiNzA5N2EwNjM3ZjQxZWEyZDcxNmU1NDg5Y2M2OGU5NzE0Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVeo4I6HHyqrHwj1TvPv26dfGS+U
Q5HbDt1QqXKlos3xzUIX9tRYZ1RTCBoC0YCSI1i1UT2/CSpQyb4kyDengvXJzKsl
qEs+Af5PrBQr7PjtnNJ2DCI8Gbm5ShAd0PkNKvxeDUfzf1HOXeAkI4rfQeRE0Rn6
y9han0KIIQXqnrLv49MYl9Jv/IyHn4s5FlSmQ5b4gX0yE+rtTf1Ro3gVKs7iB8pf
E7GYorvPJSryyPXUIMnX78nJZ/nSyRiVZVqAPKN/0Qi622UHpFM9kkZ+XSaheDbR
xYpMXqSd0FIg7/EXOxe9pQgsCwfKId90/xrE2UKLBMJx9yXiHU1FtDZU0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHr7cJegY39B6i1xblSJzGjpcUyHMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZXZ0d2w2QmpmMEhxTFhGdVZJbk1hT2x4VEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWeMA0G
CSqGSIb3DQEBCwUAA4IBAQAXkLAL8/FTVRnYGh8fipMs26J6Aq2eYOR2+YlA4b9k
7jXw7+sFYvsWtnYU5zNWdkLhylzAP7Ibw6dpO1UO7VyfqzC0XVfJRVTxbCuM6HTD
nxGrJdDb5MXj5cWeJ0qtBO/m/oBOksBvJgWTtjW+1yu4MEnVpdYy7WurEHqBm10I
GYSbiVUJnhmRPqspVNnZziROgQ3lBvOI11T0McU3XCsVK+69WJYqgwsl3OEWsgao
QdHIesPaVc46cOnZaZ3UzsqfWLTti7D0op+Wr6GZj6F3AX5Z+aJV6rHmsiLYhNcU
tuUUs0Cy2QoKGSLx/mZyFveVb15d/2T6tNEAeYRXgT5D
-----END CERTIFICATE-----