Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kKdm0VQwq6ub7X8lFI7gIc-nRkA.roa
File:                     kKdm0VQwq6ub7X8lFI7gIc-nRkA.roa (raw, json)
Hash identifier:          w7mrDgHIVF8QBEaF/aBrOFNs/JFqfHHTinetyFM1d2M=
Subject key identifier:   90:A7:66:D1:54:30:AB:AB:9B:ED:7F:25:14:8E:E0:21:CF:A7:46:40
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC425611D8D580284F54A5E71387B93D4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kKdm0VQwq6ub7X8lFI7gIc-nRkA.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200136
IP address blocks:        163.5.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:61:1d:8d:58:02:84:f5:4a:5e:71:38:7b:93:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90a766d15430abab9bed7f25148ee021cfa74640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8f:0c:de:dd:19:b6:aa:e5:05:fe:5d:a5:14:
                    00:6f:76:36:41:06:42:b8:3a:60:02:4c:bd:d2:c0:
                    c6:24:fc:a4:60:af:be:b7:4d:cd:ea:61:93:28:22:
                    54:7e:8d:b7:39:10:9a:e5:bd:b6:0a:4c:37:9d:6b:
                    6f:2f:8a:39:fe:70:d0:fc:3a:e4:2d:c2:d7:5c:ff:
                    89:d1:96:5c:af:86:df:71:22:ad:4f:50:a4:84:32:
                    bd:fb:3e:e5:d9:ce:e5:bb:5f:10:ea:06:06:0a:66:
                    4f:66:04:7c:da:0e:24:7e:6f:fc:1f:7c:47:c1:37:
                    c7:00:82:1c:e1:cc:b7:76:72:1f:a3:53:f0:8a:cc:
                    36:50:8e:71:96:ef:cd:e0:cf:1a:3a:33:f5:a0:e3:
                    74:e6:91:af:66:87:6d:d9:bd:d9:14:8c:68:02:dc:
                    35:6f:de:55:5a:80:76:9b:8f:d7:41:0d:5a:ce:31:
                    84:48:29:b9:2f:03:ec:a2:aa:cf:a8:ce:7f:4b:b0:
                    7c:0e:a3:57:99:79:6c:4a:1e:f9:0f:16:88:6f:66:
                    90:53:02:24:3c:7b:d1:fb:d6:aa:b8:d4:a7:d8:49:
                    81:c3:b2:32:10:7c:b6:8d:73:f4:df:64:9d:1a:74:
                    54:ad:d5:ef:ab:03:16:97:2d:f4:cb:67:58:a6:09:
                    9c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:A7:66:D1:54:30:AB:AB:9B:ED:7F:25:14:8E:E0:21:CF:A7:46:40
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kKdm0VQwq6ub7X8lFI7gIc-nRkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:4a:62:ed:37:82:b0:4c:48:3b:f3:e7:83:4b:4b:bf:6d:d3:
         db:f4:81:69:61:66:6a:f7:3c:43:b5:83:93:9d:c0:ea:ab:18:
         59:ba:85:36:57:8d:89:20:4f:99:de:e5:10:8f:14:80:cf:35:
         83:f4:9b:33:5c:48:64:ba:26:23:86:81:a0:38:cb:11:35:0d:
         74:eb:b8:a2:fb:b9:d9:bc:74:03:78:f4:60:df:72:da:de:a7:
         de:a3:91:d5:e9:2f:73:de:ee:2d:60:a4:79:b5:1a:9d:8e:67:
         a8:37:70:e4:7b:6c:18:30:60:d8:e4:25:50:cf:0a:9e:43:75:
         3a:27:63:14:a6:d1:df:a7:bc:16:2b:e9:7c:e2:10:d1:d0:f4:
         77:63:25:0f:4a:bf:7a:84:34:6f:06:6f:51:e8:95:e3:5f:c4:
         f3:ba:0a:4b:ea:21:b2:7e:1d:8e:95:fd:4e:3c:2d:53:d5:3d:
         aa:f6:89:50:e3:7f:86:61:58:fa:e0:a1:6a:70:69:03:37:1b:
         4b:1c:49:a4:c4:d0:72:55:2a:77:4d:28:b0:b8:69:d4:5b:82:
         7c:e2:c5:02:f2:09:00:4e:27:6d:d7:43:e9:e2:ff:cd:bb:d5:
         43:56:39:5c:e9:1a:00:52:64:11:a6:d8:4b:1d:c1:fc:10:49:
         03:b9:63:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWEdjVgChPVKXnE4e5PUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGE3NjZkMTU0MzBhYmFiOWJlZDdmMjUxNDhlZTAyMWNmYTc0NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn48M3t0ZtqrlBf5dpRQAb3Y2QQZC
uDpgAky90sDGJPykYK++t03N6mGTKCJUfo23ORCa5b22Ckw3nWtvL4o5/nDQ/Drk
LcLXXP+J0ZZcr4bfcSKtT1CkhDK9+z7l2c7lu18Q6gYGCmZPZgR82g4kfm/8H3xH
wTfHAIIc4cy3dnIfo1Pwisw2UI5xlu/N4M8aOjP1oON05pGvZodt2b3ZFIxoAtw1
b95VWoB2m4/XQQ1azjGESCm5LwPsoqrPqM5/S7B8DqNXmXlsSh75DxaIb2aQUwIk
PHvR+9aquNSn2EmBw7IyEHy2jXP032SdGnRUrdXvqwMWly30y2dYpgmc6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCnZtFUMKurm+1/JRSO4CHPp0ZAMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEva0tkbTBWUXdxNnViN1g4bEZJN2dJYy1uUmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWPMA0G
CSqGSIb3DQEBCwUAA4IBAQBHSmLtN4KwTEg78+eDS0u/bdPb9IFpYWZq9zxDtYOT
ncDqqxhZuoU2V42JIE+Z3uUQjxSAzzWD9JszXEhkuiYjhoGgOMsRNQ1067ii+7nZ
vHQDePRg33La3qfeo5HV6S9z3u4tYKR5tRqdjmeoN3Dke2wYMGDY5CVQzwqeQ3U6
J2MUptHfp7wWK+l84hDR0PR3YyUPSr96hDRvBm9R6JXjX8TzugpL6iGyfh2Olf1O
PC1T1T2q9olQ43+GYVj64KFqcGkDNxtLHEmkxNByVSp3TSiwuGnUW4J84sUC8gkA
Tidt10Pp4v/Nu9VDVjlc6RoAUmQRpthLHcH8EEkDuWMH
-----END CERTIFICATE-----