Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ibHBq9RV13jdtYbvmGXfRnipOHs.roa
File:                     ibHBq9RV13jdtYbvmGXfRnipOHs.roa (raw, json)
Hash identifier:          JILc2Y6jDn0dr7W9EvPSnVVf+5MB8V3zXmJjkKTH2XI=
Subject key identifier:   89:B1:C1:AB:D4:55:D7:78:DD:B5:86:EF:98:65:DF:46:78:A9:38:7B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A529F4DD6B912F50A238A7705975C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ibHBq9RV13jdtYbvmGXfRnipOHs.roa
Signing time:             Wed 01 Jan 2025 19:49:18 +0000
ROA not before:           Wed 01 Jan 2025 19:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400897
IP address blocks:        163.5.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:52:9f:4d:d6:b9:12:f5:0a:23:8a:77:05:97:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89b1c1abd455d778ddb586ef9865df4678a9387b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:77:b9:39:03:4f:ae:c9:cd:04:13:63:fc:b6:
                    cb:e1:0c:0f:d6:f3:1b:92:81:46:b9:16:8b:13:c5:
                    e8:7a:32:30:0f:c9:d6:af:bf:9f:ac:9e:db:36:3a:
                    72:16:89:55:13:e9:8f:c6:1b:78:17:87:ba:ee:0c:
                    3d:01:e2:11:eb:86:7c:9a:ad:fc:47:14:bb:6f:fe:
                    1b:0c:77:c2:24:2a:7f:ed:78:1b:c8:54:cb:44:91:
                    b2:ae:1c:e3:d7:5a:94:11:ef:bd:79:8e:62:16:ca:
                    d0:35:1e:2c:05:10:8a:de:0e:50:12:ec:15:9d:ef:
                    0b:9a:59:58:6c:ec:c4:a0:cf:1d:5e:a8:56:cd:df:
                    23:9e:4d:3f:a6:6a:0b:39:f4:7a:a2:d8:6b:f8:a4:
                    77:33:37:68:38:8e:0b:b7:ca:59:7a:a7:59:6d:dd:
                    27:ea:ca:5f:d1:1e:c6:63:de:b1:76:68:a1:c6:e8:
                    4a:3f:1d:ed:74:08:3c:2b:3d:42:7d:61:d4:23:bf:
                    d2:50:2e:f4:7d:e8:1b:e0:8f:35:ac:61:f9:cb:69:
                    c5:3b:c9:f9:bd:a1:9f:1e:52:f2:59:28:db:75:91:
                    e8:b5:b4:1f:3f:f4:75:dd:2d:21:d9:00:91:f6:e8:
                    08:d0:51:53:65:06:50:b7:1e:a8:46:3f:0e:14:30:
                    ab:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B1:C1:AB:D4:55:D7:78:DD:B5:86:EF:98:65:DF:46:78:A9:38:7B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ibHBq9RV13jdtYbvmGXfRnipOHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:ec:18:4c:d0:af:ca:01:77:d0:c9:70:f6:d0:13:dd:3e:16:
         a7:54:0d:be:a5:97:17:bf:57:0f:db:e3:c6:43:26:5a:c7:60:
         a9:29:b0:62:e3:67:b9:d8:00:d9:03:af:55:c4:07:2d:07:a8:
         e0:cb:97:80:e8:69:10:da:e7:03:08:aa:b4:4b:4e:67:8a:8f:
         97:08:19:2a:57:57:04:33:6d:38:69:ae:2e:03:90:01:14:ad:
         31:28:00:6d:bc:50:91:12:46:2f:9f:44:97:b7:5c:e0:e7:d8:
         ce:d8:4e:a9:ba:77:ba:c2:c1:ce:25:90:dc:b3:01:7f:81:9d:
         66:75:c7:10:74:8d:3b:fd:af:2b:14:a3:66:36:92:e3:66:32:
         90:50:2f:24:c4:6d:86:42:a8:2c:59:e3:dd:7f:82:b3:a1:9a:
         e7:f8:d1:59:d2:34:d5:cc:5e:79:be:db:10:40:e5:a9:47:63:
         c7:f0:ba:63:79:bd:79:d0:3b:4f:6e:2e:53:ac:63:09:5f:46:
         b7:71:23:98:87:82:6c:08:7a:6b:4d:05:2a:5c:eb:9d:77:63:
         37:f3:28:6f:f6:e0:b5:74:22:14:2b:f4:0b:a4:84:38:39:62:
         8a:e6:69:0a:b9:58:92:83:49:d2:c1:f5:6a:9f:34:b5:e8:49:
         ac:65:8c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjalKfTda5EvUKI4p3BZdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIxYzFhYmQ0NTVkNzc4ZGRiNTg2ZWY5ODY1ZGY0Njc4YTkzODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Xe5OQNPrsnNBBNj/LbL4QwP1vMb
koFGuRaLE8XoejIwD8nWr7+frJ7bNjpyFolVE+mPxht4F4e67gw9AeIR64Z8mq38
RxS7b/4bDHfCJCp/7XgbyFTLRJGyrhzj11qUEe+9eY5iFsrQNR4sBRCK3g5QEuwV
ne8LmllYbOzEoM8dXqhWzd8jnk0/pmoLOfR6othr+KR3MzdoOI4Lt8pZeqdZbd0n
6spf0R7GY96xdmihxuhKPx3tdAg8Kz1CfWHUI7/SUC70fegb4I81rGH5y2nFO8n5
vaGfHlLyWSjbdZHotbQfP/R13S0h2QCR9ugI0FFTZQZQtx6oRj8OFDCrAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImxwavUVdd43bWG75hl30Z4qTh7MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaWJIQnE5UlYxM2pkdFlidm1HWGZSbmlwT0hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowX+MA0G
CSqGSIb3DQEBCwUAA4IBAQCT7BhM0K/KAXfQyXD20BPdPhanVA2+pZcXv1cP2+PG
QyZax2CpKbBi42e52ADZA69VxActB6jgy5eA6GkQ2ucDCKq0S05nio+XCBkqV1cE
M204aa4uA5ABFK0xKABtvFCREkYvn0SXt1zg59jO2E6pune6wsHOJZDcswF/gZ1m
dccQdI07/a8rFKNmNpLjZjKQUC8kxG2GQqgsWePdf4KzoZrn+NFZ0jTVzF55vtsQ
QOWpR2PH8Lpjeb150DtPbi5TrGMJX0a3cSOYh4JsCHprTQUqXOudd2M38yhv9uC1
dCIUK/QLpIQ4OWKK5mkKuViSg0nSwfVqnzS16EmsZYxK
-----END CERTIFICATE-----