Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/h3e1MCXqQzZ_m-vSBZ-AklZxSJ0.roa
File:                     h3e1MCXqQzZ_m-vSBZ-AklZxSJ0.roa (raw, json)
Hash identifier:          oaAp3+rOFSSfFECzZRCtcLPVU2T3jCrDwGJ3M3OWMm0=
Subject key identifier:   87:77:B5:30:25:EA:43:36:7F:9B:EB:D2:05:9F:80:92:56:71:48:9D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01950994842F3E246A8FEC8117ED169E3473
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/h3e1MCXqQzZ_m-vSBZ-AklZxSJ0.roa
Signing time:             Sat 15 Feb 2025 12:28:02 +0000
ROA not before:           Sat 15 Feb 2025 12:28:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        163.5.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:09:94:84:2f:3e:24:6a:8f:ec:81:17:ed:16:9e:34:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 15 12:28:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8777b53025ea43367f9bebd2059f80925671489d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:ba:2d:5b:22:de:7e:d3:1b:2c:cf:25:a2:7d:
                    a8:da:af:f2:1f:30:93:d1:3e:be:15:b5:cb:25:f2:
                    9d:59:26:47:98:92:10:c2:d3:5d:8c:85:0a:f8:5c:
                    c8:74:cb:1d:4f:35:2c:98:ef:a3:4a:0e:79:7d:a7:
                    5d:d6:24:46:e8:0e:0b:f3:a7:c9:f4:80:69:56:0c:
                    dd:9c:59:6f:b3:65:4c:d9:c9:47:a1:8f:3f:72:65:
                    88:0a:ca:47:12:52:71:36:3f:b7:90:4b:c9:f2:95:
                    2a:6f:6b:74:af:5d:2f:23:11:7b:a0:66:f9:23:c2:
                    21:4b:3e:c5:c0:22:5d:f6:61:27:8a:62:04:fc:07:
                    a8:c7:c8:e1:76:7d:c0:a1:ad:69:ed:06:bf:08:84:
                    78:f1:07:a5:06:a2:f2:9d:ac:5a:72:1a:f2:cb:ce:
                    cb:b2:db:f1:b2:50:6a:ec:ba:27:fd:b1:5b:07:ef:
                    6f:a3:3d:ad:ee:ba:22:04:c5:4d:84:49:f6:cd:ca:
                    0e:ff:b5:04:9f:a8:c6:6c:aa:eb:0b:62:77:78:42:
                    bb:17:ee:1a:51:3e:80:52:b1:d1:de:9f:a0:66:b7:
                    c1:66:df:0f:ca:af:af:b6:42:38:fe:c8:b5:44:07:
                    3c:70:e4:b0:d4:74:29:17:43:6f:92:8e:34:cf:14:
                    89:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:77:B5:30:25:EA:43:36:7F:9B:EB:D2:05:9F:80:92:56:71:48:9D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/h3e1MCXqQzZ_m-vSBZ-AklZxSJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:13:99:68:ac:d4:d3:99:3c:af:a1:af:de:8a:e0:b8:ab:bd:
         18:a8:b9:5e:5d:f4:d8:d9:e7:fd:07:7d:d0:0f:a5:97:d0:44:
         d7:38:18:d1:6d:0d:4b:21:4c:98:64:60:ae:cb:db:7e:53:a4:
         36:f5:4e:2e:aa:72:91:b0:7a:94:ab:7e:5b:55:c2:0e:da:66:
         33:de:35:25:f9:f7:2e:74:0e:67:13:51:b4:51:13:b5:4e:6d:
         62:ed:0d:6f:69:e6:b6:45:09:62:d3:b1:08:51:54:ae:22:6d:
         21:14:f5:ed:3f:d9:f2:54:81:b5:c5:b3:c4:55:13:c6:c8:ca:
         ba:32:23:f9:e5:d8:f6:3b:5c:e3:f9:d0:9d:d0:74:62:c3:4f:
         f4:6e:ee:14:f4:65:c4:b9:88:4f:58:d9:99:02:2a:c9:85:8f:
         24:8d:3f:6c:47:f0:97:9d:9e:de:49:7f:d1:24:5e:b1:5d:95:
         fd:26:e2:e9:a8:b1:9e:c6:49:03:03:87:82:8d:67:6b:11:aa:
         a3:b7:48:40:b4:39:d7:1a:a2:eb:6c:da:a0:b0:5c:d0:b6:22:
         27:6e:c5:af:d6:6d:79:ce:fe:14:6f:ba:88:ec:2b:a2:f0:ee:
         3a:1b:f3:24:69:e7:95:d7:8d:04:6f:1b:58:5e:ed:a2:a4:38:
         fd:4a:11:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUJlIQvPiRqj+yBF+0WnjRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMjE1MTIyODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzc3YjUzMDI1ZWE0MzM2N2Y5YmViZDIwNTlmODA5MjU2NzE0ODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+7otWyLeftMbLM8lon2o2q/yHzCT
0T6+FbXLJfKdWSZHmJIQwtNdjIUK+FzIdMsdTzUsmO+jSg55fadd1iRG6A4L86fJ
9IBpVgzdnFlvs2VM2clHoY8/cmWICspHElJxNj+3kEvJ8pUqb2t0r10vIxF7oGb5
I8IhSz7FwCJd9mEnimIE/Aeox8jhdn3Aoa1p7Qa/CIR48QelBqLynaxachryy87L
stvxslBq7Lon/bFbB+9voz2t7roiBMVNhEn2zcoO/7UEn6jGbKrrC2J3eEK7F+4a
UT6AUrHR3p+gZrfBZt8Pyq+vtkI4/si1RAc8cOSw1HQpF0Nvko40zxSJ8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFId3tTAl6kM2f5vr0gWfgJJWcUidMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaDNlMU1DWHFRelpfbS12U0JaLUFrbFp4U0owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWIMA0G
CSqGSIb3DQEBCwUAA4IBAQBIE5lorNTTmTyvoa/eiuC4q70YqLleXfTY2ef9B33Q
D6WX0ETXOBjRbQ1LIUyYZGCuy9t+U6Q29U4uqnKRsHqUq35bVcIO2mYz3jUl+fcu
dA5nE1G0URO1Tm1i7Q1vaea2RQli07EIUVSuIm0hFPXtP9nyVIG1xbPEVRPGyMq6
MiP55dj2O1zj+dCd0HRiw0/0bu4U9GXEuYhPWNmZAirJhY8kjT9sR/CXnZ7eSX/R
JF6xXZX9JuLpqLGexkkDA4eCjWdrEaqjt0hAtDnXGqLrbNqgsFzQtiInbsWv1m15
zv4Ub7qI7Cui8O46G/MkaeeV140EbxtYXu2ipDj9ShGP
-----END CERTIFICATE-----