Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hYh8ZibD5mB1kTKK85YK4bFy4b0.roa
File:                     hYh8ZibD5mB1kTKK85YK4bFy4b0.roa (raw, json)
Hash identifier:          wNYW0wjbwxCInbcslfAzBh9obFQ/vD5fE3WrwvNdytQ=
Subject key identifier:   85:88:7C:66:26:C3:E6:60:75:91:32:8A:F3:96:0A:E1:B1:72:E1:BD
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01943D61FD2C7FDE7A99F2BABE3F03E49882
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hYh8ZibD5mB1kTKK85YK4bFy4b0.roa
Signing time:             Mon 06 Jan 2025 20:50:19 +0000
ROA not before:           Mon 06 Jan 2025 20:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        163.5.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3d:61:fd:2c:7f:de:7a:99:f2:ba:be:3f:03:e4:98:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  6 20:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85887c6626c3e6607591328af3960ae1b172e1bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e0:f5:00:ac:24:dc:2a:63:4a:8c:29:e1:61:
                    37:fe:f1:69:d0:8c:2c:a0:fc:3c:07:6e:b6:87:eb:
                    06:09:e5:2d:83:62:02:b4:ce:c5:a3:27:c3:76:aa:
                    68:5a:e8:6a:35:16:bf:7e:a6:d7:80:eb:0d:34:e7:
                    26:8c:79:dd:2f:2b:bc:1e:aa:41:0c:3c:77:d4:c9:
                    cf:e5:40:7f:a5:70:9f:70:3d:be:ff:04:5b:ef:b7:
                    e5:22:84:a1:28:ac:47:22:bb:e9:b0:ad:d5:68:ee:
                    15:7a:f5:8f:7e:6b:e3:06:33:45:58:fd:23:46:32:
                    ae:dd:d2:d0:3c:5b:d4:08:4a:78:0e:52:30:e8:82:
                    7c:da:48:32:2e:62:75:ee:1e:ca:8a:4f:59:27:22:
                    ac:5c:f9:55:0f:b4:66:27:7d:49:82:7e:05:a9:0c:
                    86:30:b0:d5:5f:3f:b8:3f:1c:22:55:18:88:88:80:
                    ef:46:1c:1a:5e:a1:e3:54:5f:0f:4a:d7:76:d6:91:
                    da:c3:6d:10:41:d5:f6:82:f2:c2:e9:e4:08:62:21:
                    ed:d9:f3:21:03:29:26:6b:72:59:bd:66:3f:1a:bc:
                    32:1a:27:bc:25:78:1e:37:11:ae:ec:30:2f:1c:02:
                    0e:a6:7e:a5:ec:84:af:86:8f:b9:b6:b3:7d:08:4e:
                    f1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:88:7C:66:26:C3:E6:60:75:91:32:8A:F3:96:0A:E1:B1:72:E1:BD
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hYh8ZibD5mB1kTKK85YK4bFy4b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:75:09:e5:96:e9:a1:44:23:57:88:61:45:bf:80:d1:b3:17:
         72:ef:82:a7:d6:6e:5a:59:b5:3f:4f:57:14:58:1d:fb:47:21:
         bb:d1:49:fe:ea:da:a5:8d:1d:d0:e3:78:ad:8f:6e:74:91:63:
         09:26:31:3f:0e:5a:93:4a:92:b9:c0:92:f1:de:eb:19:52:db:
         3b:4a:b1:82:58:52:e1:11:39:16:42:5c:4c:93:dd:3c:97:e5:
         5a:22:e4:b5:77:fb:be:da:b9:21:18:ff:eb:98:af:3e:d4:42:
         e7:0c:b3:f9:44:31:5b:59:49:1e:75:63:df:5d:f5:54:73:82:
         89:ed:ec:04:ac:d4:2f:dc:74:09:95:2d:de:ca:b6:3e:35:25:
         80:0d:92:ae:ab:2d:35:c2:1d:3a:66:0a:ea:36:ea:2a:83:50:
         81:22:4b:23:5a:cb:54:12:60:b3:88:1f:f7:d9:82:69:32:a4:
         68:6b:98:2e:a5:7f:af:63:00:c3:11:a6:e1:4d:5b:1e:19:68:
         e7:b7:92:d0:cb:a6:3c:bf:a1:38:cf:c9:1a:80:d6:55:18:71:
         1f:db:31:02:a9:f4:12:bb:f3:8a:c4:fc:b0:a4:f1:5d:fd:f3:
         10:f7:73:ec:5e:13:8d:ad:2e:bf:12:c7:6a:a2:31:19:54:d6:
         a4:9e:fd:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ9Yf0sf956mfK6vj8D5JiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTA2MjA1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTg4N2M2NjI2YzNlNjYwNzU5MTMyOGFmMzk2MGFlMWIxNzJlMWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+D1AKwk3CpjSowp4WE3/vFp0Iws
oPw8B262h+sGCeUtg2ICtM7FoyfDdqpoWuhqNRa/fqbXgOsNNOcmjHndLyu8HqpB
DDx31MnP5UB/pXCfcD2+/wRb77flIoShKKxHIrvpsK3VaO4VevWPfmvjBjNFWP0j
RjKu3dLQPFvUCEp4DlIw6IJ82kgyLmJ17h7Kik9ZJyKsXPlVD7RmJ31Jgn4FqQyG
MLDVXz+4PxwiVRiIiIDvRhwaXqHjVF8PStd21pHaw20QQdX2gvLC6eQIYiHt2fMh
Aykma3JZvWY/GrwyGie8JXgeNxGu7DAvHAIOpn6l7ISvho+5trN9CE7xWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWIfGYmw+ZgdZEyivOWCuGxcuG9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaFloOFppYkQ1bUIxa1RLSzg1WUs0YkZ5NGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUiMA0G
CSqGSIb3DQEBCwUAA4IBAQBUdQnllumhRCNXiGFFv4DRsxdy74Kn1m5aWbU/T1cU
WB37RyG70Un+6tqljR3Q43itj250kWMJJjE/DlqTSpK5wJLx3usZUts7SrGCWFLh
ETkWQlxMk908l+VaIuS1d/u+2rkhGP/rmK8+1ELnDLP5RDFbWUkedWPfXfVUc4KJ
7ewErNQv3HQJlS3eyrY+NSWADZKuqy01wh06ZgrqNuoqg1CBIksjWstUEmCziB/3
2YJpMqRoa5gupX+vYwDDEabhTVseGWjnt5LQy6Y8v6E4z8kagNZVGHEf2zECqfQS
u/OKxPywpPFd/fMQ93PsXhONrS6/EsdqojEZVNaknv00
-----END CERTIFICATE-----