Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iICe7uEjPT6bH3PHoqgUfe6cLUs.roa
File:                     iICe7uEjPT6bH3PHoqgUfe6cLUs.roa (raw, json)
Hash identifier:          6+CtChX47q566ZquAHLvXf/NT53XdOwk+2a9qWhqgL8=
Subject key identifier:   88:80:9E:EE:E1:23:3D:3E:9B:1F:73:C7:A2:A8:14:7D:EE:9C:2D:4B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A3AB3E34ACF8CE085EF729D80FCFF
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iICe7uEjPT6bH3PHoqgUfe6cLUs.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198607
IP address blocks:        163.5.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3a:b3:e3:4a:cf:8c:e0:85:ef:72:9d:80:fc:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88809eeee1233d3e9b1f73c7a2a8147dee9c2d4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6e:e8:d5:f5:e3:45:c2:7a:6c:12:0c:a5:9a:
                    87:52:bb:81:38:6b:73:ee:79:38:55:d6:9f:8c:1e:
                    0c:f6:e0:61:4d:e1:ce:62:d4:cb:a1:70:21:89:8a:
                    ff:62:d2:f2:92:b6:73:a9:26:20:de:0f:56:59:a7:
                    e3:4f:b2:45:eb:9a:c2:51:ff:67:f6:b7:08:e9:05:
                    75:7c:74:ac:c2:5f:c4:84:86:cd:90:ca:58:66:89:
                    03:b0:33:b6:bb:78:66:e0:53:20:1e:08:28:37:b9:
                    0e:5f:ea:8e:65:98:22:08:74:53:f5:d6:a9:e1:a6:
                    1c:bf:cb:2e:32:cc:22:d8:e2:c7:04:75:17:39:29:
                    7d:55:39:5b:6a:ce:f9:b8:c0:7a:fb:47:f2:ed:57:
                    81:ad:a7:9f:75:3b:86:28:09:5f:0c:4c:1f:b4:38:
                    f5:8f:d6:98:56:70:1b:67:16:d3:9e:64:53:ef:84:
                    16:f2:eb:76:ab:f2:b6:c7:a6:0b:d5:a9:3b:4f:56:
                    f0:07:66:b2:81:b7:02:a4:1a:ad:8c:fb:3a:36:56:
                    f1:70:cc:2c:6b:a9:ae:7a:26:23:8a:de:97:43:64:
                    36:c1:32:f7:79:0e:64:1a:da:69:2c:59:59:55:cf:
                    1e:d2:4d:0c:ab:7c:63:67:eb:24:0f:c8:8a:ce:9f:
                    f4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:80:9E:EE:E1:23:3D:3E:9B:1F:73:C7:A2:A8:14:7D:EE:9C:2D:4B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iICe7uEjPT6bH3PHoqgUfe6cLUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:13:6d:af:4b:c5:45:63:fb:5c:fa:14:1a:e2:7b:6f:ab:3a:
         5d:18:9a:c3:df:39:c3:23:6d:29:de:7a:ed:51:e5:5b:48:01:
         c5:66:55:06:e9:1b:d6:28:3d:a1:21:79:99:54:d0:6f:fa:05:
         03:63:5c:6d:de:14:3c:bd:8a:d1:c7:29:34:f8:4a:9b:eb:1a:
         b1:33:d8:b1:9b:8f:e9:92:26:a2:14:80:e5:56:61:ee:09:db:
         71:75:4f:96:d2:6e:98:35:b4:2d:fe:af:45:aa:2f:2c:3c:e6:
         44:3b:4b:35:e5:31:93:7c:29:c3:3e:b2:c3:ee:6d:37:d6:48:
         86:86:b6:f2:0e:16:66:0e:28:d6:66:b0:29:50:ee:ee:4b:42:
         fa:e8:e4:27:ac:b7:70:f6:fb:4d:f7:8f:5c:37:f5:57:7c:2c:
         d9:66:23:7b:f7:60:4d:e5:a5:bd:81:38:7f:68:79:8b:e7:13:
         dd:66:30:e6:cd:fa:ce:ea:00:74:e0:c9:d1:7c:aa:c1:66:6f:
         96:c2:e0:77:c9:0b:bd:ae:15:c5:3e:74:ae:27:16:d3:a1:65:
         22:14:f7:7e:24:71:d6:34:38:b0:88:3b:a9:60:84:12:12:f4:
         5b:0a:91:11:d9:8a:50:05:37:3a:6e:62:98:bb:89:cc:87:11:
         11:26:92:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajqz40rPjOCF73KdgPz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODgwOWVlZWUxMjMzZDNlOWIxZjczYzdhMmE4MTQ3ZGVlOWMyZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG7o1fXjRcJ6bBIMpZqHUruBOGtz
7nk4VdafjB4M9uBhTeHOYtTLoXAhiYr/YtLykrZzqSYg3g9WWafjT7JF65rCUf9n
9rcI6QV1fHSswl/EhIbNkMpYZokDsDO2u3hm4FMgHggoN7kOX+qOZZgiCHRT9dap
4aYcv8suMswi2OLHBHUXOSl9VTlbas75uMB6+0fy7VeBraefdTuGKAlfDEwftDj1
j9aYVnAbZxbTnmRT74QW8ut2q/K2x6YL1ak7T1bwB2aygbcCpBqtjPs6NlbxcMws
a6mueiYjit6XQ2Q2wTL3eQ5kGtppLFlZVc8e0k0Mq3xjZ+skD8iKzp/0DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiAnu7hIz0+mx9zx6KoFH3unC1LMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaUlDZTd1RWpQVDZiSDNQSG9xZ1VmZTZjTFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowV/MA0G
CSqGSIb3DQEBCwUAA4IBAQAlE22vS8VFY/tc+hQa4ntvqzpdGJrD3znDI20p3nrt
UeVbSAHFZlUG6RvWKD2hIXmZVNBv+gUDY1xt3hQ8vYrRxyk0+Eqb6xqxM9ixm4/p
kiaiFIDlVmHuCdtxdU+W0m6YNbQt/q9Fqi8sPOZEO0s15TGTfCnDPrLD7m031kiG
hrbyDhZmDijWZrApUO7uS0L66OQnrLdw9vtN949cN/VXfCzZZiN792BN5aW9gTh/
aHmL5xPdZjDmzfrO6gB04MnRfKrBZm+WwuB3yQu9rhXFPnSuJxbToWUiFPd+JHHW
NDiwiDupYIQSEvRbCpER2YpQBTc6bmKYu4nMhxERJpKj
-----END CERTIFICATE-----