Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jNgn7hOISZetPipBOfevfSjUSmg.roa
File:                     jNgn7hOISZetPipBOfevfSjUSmg.roa (raw, json)
Hash identifier:          ixOooIh7Gzqf1tcqAgL62HSCM2T8/WY5EJ/s1Dk390Q=
Subject key identifier:   8C:D8:27:EE:13:88:49:97:AD:3E:2A:41:39:F7:AF:7D:28:D4:4A:68
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4255A4BF00D98D7174132EAA4DB6AAF
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jNgn7hOISZetPipBOfevfSjUSmg.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60949
IP address blocks:        163.5.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:4b:f0:0d:98:d7:17:41:32:ea:a4:db:6a:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cd827ee13884997ad3e2a4139f7af7d28d44a68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:51:84:bf:62:da:c1:7d:a4:d4:3a:d4:93:b0:
                    eb:92:3c:4a:6a:6a:c5:6d:04:66:24:22:56:2d:7c:
                    9e:ad:76:e7:ab:d2:e4:b2:91:62:54:db:48:fd:f0:
                    0c:9c:0e:ec:b7:20:11:a2:4c:8b:f6:2e:63:cd:c2:
                    77:df:70:1a:96:d8:7b:d4:fd:14:98:03:91:43:48:
                    4b:20:21:07:06:cb:b6:cf:0b:5b:99:4f:4f:07:72:
                    ae:8f:70:3c:fe:f8:21:9f:85:16:d0:9d:8b:07:f4:
                    82:59:4f:12:fc:dd:48:06:f9:75:3d:43:63:f4:db:
                    9f:bc:d4:f9:42:8f:6c:1d:ce:ef:3c:0c:5d:70:b3:
                    9b:6d:8b:a0:c5:89:ba:36:ca:20:ed:f9:9b:68:52:
                    ac:71:b5:df:4b:a7:9c:44:30:32:22:8d:52:65:58:
                    13:05:1f:31:1c:61:5c:a1:93:37:26:59:20:f4:3d:
                    42:ad:75:f6:57:2d:f9:76:ff:84:89:6c:95:56:dd:
                    13:b3:2c:64:c4:ee:af:04:ac:9f:52:f8:22:20:b0:
                    50:8a:85:48:79:a9:4d:93:a4:99:f8:31:0e:a5:3f:
                    d0:8a:87:8b:a8:83:db:c3:71:42:1d:6e:cc:0a:07:
                    60:f2:c1:f7:a8:6f:4b:86:e4:ee:5f:dc:9a:44:9c:
                    73:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D8:27:EE:13:88:49:97:AD:3E:2A:41:39:F7:AF:7D:28:D4:4A:68
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jNgn7hOISZetPipBOfevfSjUSmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f6:9b:fc:be:5f:bc:d4:0f:dc:78:11:94:d7:55:54:72:d4:
         1f:69:33:44:b0:fc:a5:67:8a:3d:07:94:92:7f:80:58:7c:7a:
         29:5b:2e:7c:5e:81:e9:79:60:19:1a:74:67:89:92:43:e0:94:
         9f:84:e6:f6:bd:d4:bb:e5:9e:18:7c:df:99:4a:e9:9e:46:b6:
         bc:7a:80:e6:3a:73:ab:6a:ee:b0:9f:50:0e:89:bc:30:19:bd:
         75:f9:73:34:83:2e:c0:2f:3b:78:de:80:98:da:39:4d:66:5e:
         c0:87:49:84:df:2a:33:0b:d5:69:df:ff:ce:fd:52:39:16:3d:
         eb:3c:c7:78:fc:eb:57:43:2a:40:eb:90:07:58:39:05:3b:2b:
         c9:a5:ac:65:57:e8:29:eb:99:17:46:2f:45:1c:6c:aa:b7:84:
         98:e0:84:e5:6c:5a:44:97:fa:f8:8c:06:17:c4:e6:3b:b4:9e:
         6e:59:f9:24:d3:d6:c7:ab:12:5c:66:20:e7:02:2a:4c:76:04:
         0a:25:a1:80:56:59:97:55:e2:ba:0c:a3:03:eb:87:0d:39:54:
         61:49:f4:b0:08:8f:fc:6e:3c:06:40:1f:32:9e:e1:bd:e1:f6:
         bb:b6:f9:fa:d4:7d:d2:f8:7f:09:d4:d8:f2:34:7e:40:b5:40:
         56:1b:74:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVpL8A2Y1xdBMuqk22qvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Q4MjdlZTEzODg0OTk3YWQzZTJhNDEzOWY3YWY3ZDI4ZDQ0YTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklGEv2LawX2k1DrUk7DrkjxKamrF
bQRmJCJWLXyerXbnq9LkspFiVNtI/fAMnA7styARokyL9i5jzcJ333Aalth71P0U
mAORQ0hLICEHBsu2zwtbmU9PB3Kuj3A8/vghn4UW0J2LB/SCWU8S/N1IBvl1PUNj
9NufvNT5Qo9sHc7vPAxdcLObbYugxYm6Nsog7fmbaFKscbXfS6ecRDAyIo1SZVgT
BR8xHGFcoZM3Jlkg9D1CrXX2Vy35dv+EiWyVVt0TsyxkxO6vBKyfUvgiILBQioVI
ealNk6SZ+DEOpT/QioeLqIPbw3FCHW7MCgdg8sH3qG9LhuTuX9yaRJxzGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzYJ+4TiEmXrT4qQTn3r30o1EpoMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvak5nbjdoT0lTWmV0UGlwQk9mZXZmU2pVU21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXFMA0G
CSqGSIb3DQEBCwUAA4IBAQAR9pv8vl+81A/ceBGU11VUctQfaTNEsPylZ4o9B5SS
f4BYfHopWy58XoHpeWAZGnRniZJD4JSfhOb2vdS75Z4YfN+ZSumeRra8eoDmOnOr
au6wn1AOibwwGb11+XM0gy7ALzt43oCY2jlNZl7Ah0mE3yozC9Vp3//O/VI5Fj3r
PMd4/OtXQypA65AHWDkFOyvJpaxlV+gp65kXRi9FHGyqt4SY4ITlbFpEl/r4jAYX
xOY7tJ5uWfkk09bHqxJcZiDnAipMdgQKJaGAVlmXVeK6DKMD64cNOVRhSfSwCI/8
bjwGQB8ynuG94fa7tvn61H3S+H8J1NjyNH5AtUBWG3Tg
-----END CERTIFICATE-----