Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/khL66f5HFKD6bbFzHdX3AkuPpF0.roa
File:                     khL66f5HFKD6bbFzHdX3AkuPpF0.roa (raw, json)
Hash identifier:          qaurOk9ch2nesXJojv2CKC0T7ruJNVypLySvNmHRNDg=
Subject key identifier:   92:12:FA:E9:FE:47:14:A0:FA:6D:B1:73:1D:D5:F7:02:4B:8F:A4:5D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0193086AB405F77D1725E9D0FBE836E85874
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/khL66f5HFKD6bbFzHdX3AkuPpF0.roa
Signing time:             Thu 07 Nov 2024 20:57:10 +0000
ROA not before:           Thu 07 Nov 2024 20:57:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9232
IP address blocks:        163.5.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:08:6a:b4:05:f7:7d:17:25:e9:d0:fb:e8:36:e8:58:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov  7 20:57:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9212fae9fe4714a0fa6db1731dd5f7024b8fa45d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:58:1c:04:ed:8c:8e:95:f2:78:0d:b5:7a:7e:
                    c3:ad:35:43:95:02:47:bc:2c:00:40:e3:99:b2:7e:
                    a7:32:1c:f0:40:72:b0:11:70:ed:c3:cd:94:7f:dc:
                    6d:e3:8e:9c:5a:b9:9f:25:84:81:30:51:e8:8b:65:
                    1c:ed:2f:11:43:8e:d0:6d:34:f9:0d:3c:2b:d2:ba:
                    d6:cb:4d:3d:f0:d2:cc:f7:f1:6a:37:cc:dd:76:17:
                    1c:5c:57:fb:19:fd:9b:ed:6c:67:36:e6:55:88:5f:
                    46:d7:83:94:67:b1:c7:77:6e:ac:7a:16:fe:f2:79:
                    d6:5f:9f:e0:51:f8:8b:2c:4f:d5:46:fb:bd:47:b7:
                    12:05:39:5c:24:7c:70:18:10:7e:48:bc:3d:28:f2:
                    b5:ee:24:23:c8:41:3e:0a:55:04:7e:4c:54:62:a9:
                    22:6d:49:76:6a:27:c6:fa:87:8f:a3:4d:90:87:57:
                    58:c4:f9:22:91:c0:a7:d3:6b:bd:b1:10:d9:df:a5:
                    4a:02:8d:c7:f1:e1:38:52:67:c0:0a:94:3b:4b:28:
                    5a:71:a8:0e:40:9f:24:6b:ad:45:05:87:56:b8:96:
                    b2:8b:9b:bb:2a:19:39:b8:7c:b2:a6:99:3c:3e:15:
                    fb:db:29:4c:1e:68:a1:23:6d:a7:a4:85:77:25:72:
                    dc:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:12:FA:E9:FE:47:14:A0:FA:6D:B1:73:1D:D5:F7:02:4B:8F:A4:5D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/khL66f5HFKD6bbFzHdX3AkuPpF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:46:8b:c6:f0:03:54:8d:88:bc:04:73:07:68:73:20:06:c0:
         f3:bf:4f:4a:f7:36:a9:72:91:41:07:06:95:23:da:1e:c4:72:
         52:9a:f3:95:d5:d0:61:89:0d:95:3a:42:b3:83:5c:94:76:9b:
         bd:3c:58:b4:9c:d1:41:39:7e:39:e3:71:b8:ac:c9:13:54:47:
         fe:7e:9e:9a:01:c6:de:fe:e9:0b:c3:eb:98:97:e0:4c:5b:f4:
         b2:ab:0a:87:b6:e7:83:27:5b:ae:42:87:32:63:fe:8c:09:cd:
         a9:e1:1a:b3:31:be:6f:11:23:84:ec:ba:e5:14:cb:be:a6:e5:
         59:4a:44:79:f9:46:d9:a1:b1:03:41:b3:f5:58:4b:69:7b:0f:
         3d:02:20:36:1b:90:9b:c3:2a:8c:9f:84:33:4b:08:fb:fa:50:
         a1:2f:09:27:9a:89:66:34:da:77:fd:4c:d4:5f:82:d6:80:b5:
         d2:87:59:01:e0:77:bc:3c:34:9b:34:10:84:30:4e:26:a5:d5:
         94:1c:ae:f6:ae:92:48:25:ca:e2:04:cd:5b:64:49:fe:45:31:
         d7:7c:42:9f:b2:4d:01:0f:a6:4f:41:3a:01:ba:9e:f2:0b:12:
         6f:d0:07:61:4c:28:19:6c:b1:a5:48:1d:8d:8c:d8:9d:a8:f1:
         06:dd:01:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMIarQF930XJenQ++g26Fh0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMTA3MjA1NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjEyZmFlOWZlNDcxNGEwZmE2ZGIxNzMxZGQ1ZjcwMjRiOGZhNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1gcBO2MjpXyeA21en7DrTVDlQJH
vCwAQOOZsn6nMhzwQHKwEXDtw82Uf9xt446cWrmfJYSBMFHoi2Uc7S8RQ47QbTT5
DTwr0rrWy0098NLM9/FqN8zddhccXFf7Gf2b7WxnNuZViF9G14OUZ7HHd26sehb+
8nnWX5/gUfiLLE/VRvu9R7cSBTlcJHxwGBB+SLw9KPK17iQjyEE+ClUEfkxUYqki
bUl2aifG+oePo02Qh1dYxPkikcCn02u9sRDZ36VKAo3H8eE4UmfACpQ7SyhacagO
QJ8ka61FBYdWuJayi5u7Khk5uHyyppk8PhX72ylMHmihI22npIV3JXLctwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIS+un+RxSg+m2xcx3V9wJLj6RdMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEva2hMNjZmNUhGS0Q2YmJGekhkWDNBa3VQcEYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUOMA0G
CSqGSIb3DQEBCwUAA4IBAQCtRovG8ANUjYi8BHMHaHMgBsDzv09K9zapcpFBBwaV
I9oexHJSmvOV1dBhiQ2VOkKzg1yUdpu9PFi0nNFBOX4543G4rMkTVEf+fp6aAcbe
/ukLw+uYl+BMW/SyqwqHtueDJ1uuQocyY/6MCc2p4RqzMb5vESOE7LrlFMu+puVZ
SkR5+UbZobEDQbP1WEtpew89AiA2G5CbwyqMn4QzSwj7+lChLwknmolmNNp3/UzU
X4LWgLXSh1kB4He8PDSbNBCEME4mpdWUHK72rpJIJcriBM1bZEn+RTHXfEKfsk0B
D6ZPQToBup7yCxJv0AdhTCgZbLGlSB2NjNidqPEG3QEr
-----END CERTIFICATE-----