Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/n8Eqs8gIrMn8SLXPbRbZXxx5JH8.roa
File:                     n8Eqs8gIrMn8SLXPbRbZXxx5JH8.roa (raw, json)
Hash identifier:          hPjxrylvgBbMEO/eex2r9iYu843UhmLDg3smWpNJ1sE=
Subject key identifier:   9F:C1:2A:B3:C8:08:AC:C9:FC:48:B5:CF:6D:16:D9:5F:1C:79:24:7F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A44D96CDC4DA73B6BA53750304055
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/n8Eqs8gIrMn8SLXPbRbZXxx5JH8.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207994
IP address blocks:        163.5.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:44:d9:6c:dc:4d:a7:3b:6b:a5:37:50:30:40:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fc12ab3c808acc9fc48b5cf6d16d95f1c79247f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:34:fd:35:a4:6b:84:d1:5a:3c:81:ca:48:64:
                    05:7c:fa:63:26:05:3e:ff:60:51:c0:a3:fa:e7:45:
                    3a:13:e2:54:ce:7d:ce:c8:41:ab:54:a2:5f:1c:21:
                    5b:5c:d3:b3:a9:8b:32:f9:70:08:da:42:de:4b:d9:
                    e1:50:cd:0c:02:63:d7:b9:2d:59:77:6c:20:cc:9c:
                    30:6d:0d:4e:ca:6d:36:bb:33:a9:ee:03:08:23:65:
                    ff:22:9e:a4:e5:a9:1b:be:a1:13:7a:70:6b:39:0d:
                    f1:ce:29:92:f0:0a:1a:15:d2:c2:f1:a4:d7:50:3b:
                    29:10:68:a7:c2:cf:d4:96:ff:dc:9d:2b:ee:24:d1:
                    cd:9c:52:5d:c3:32:88:05:33:9d:9a:61:69:40:f8:
                    54:8f:3f:7f:68:13:ee:9c:af:19:1a:12:00:1a:41:
                    c4:8e:6d:50:a6:ad:c6:53:df:07:ad:2e:fe:66:81:
                    99:b5:2e:65:fe:0a:70:be:d0:1a:ee:36:f2:cf:e4:
                    57:57:d6:06:87:16:6e:fd:8d:49:ad:5b:47:8b:ec:
                    d1:e7:d6:b0:4c:c3:15:4a:63:14:5f:64:d5:c7:8f:
                    2d:73:aa:5d:06:8a:fa:24:3e:cb:e1:89:68:18:9f:
                    18:ca:28:43:2f:cd:aa:ff:00:9c:42:d5:4e:60:69:
                    2b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:C1:2A:B3:C8:08:AC:C9:FC:48:B5:CF:6D:16:D9:5F:1C:79:24:7F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/n8Eqs8gIrMn8SLXPbRbZXxx5JH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:81:63:f0:24:ca:5d:92:b6:03:54:e8:ed:c2:94:d1:cf:11:
         d6:46:c1:b8:03:d5:44:05:2f:4c:d3:5d:ad:f0:d2:61:7e:0b:
         a3:5f:37:09:c4:39:dc:05:23:ba:a2:b2:65:c4:0c:b3:1b:85:
         ac:60:fe:4b:41:ab:24:6f:2e:96:9f:14:40:b3:bd:9b:bb:cd:
         cb:fc:62:36:d8:ff:1f:1b:be:3f:23:42:34:f8:e3:94:26:65:
         b6:9c:a2:f9:1a:2d:3a:81:17:2e:c4:30:dc:f7:82:3e:6a:e8:
         4c:47:0c:d9:20:e5:d0:f9:ac:74:d1:cd:15:37:5f:cc:9b:76:
         1b:9d:75:f0:98:e4:3d:9d:02:ad:6b:90:7f:78:55:d0:29:44:
         a6:9e:da:9e:7c:63:ae:e2:96:53:e4:10:bb:3c:bf:b6:fc:73:
         fe:64:d2:b4:93:b8:44:65:d5:d4:96:7b:26:17:0a:3d:c4:61:
         97:4f:04:60:f6:9e:56:d9:d4:7b:1f:0d:19:08:35:70:f0:c8:
         eb:7f:77:c6:f4:8f:26:79:db:0c:49:d6:db:a9:7f:16:9e:6b:
         c4:a6:3d:23:b7:cb:f9:94:e5:40:af:ba:7e:d8:6c:86:6a:27:
         9b:31:19:4a:91:3e:4f:85:4f:2d:cf:17:fc:a7:28:8c:38:a8:
         a1:4e:f3:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakTZbNxNpztrpTdQMEBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmMxMmFiM2M4MDhhY2M5ZmM0OGI1Y2Y2ZDE2ZDk1ZjFjNzkyNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzT9NaRrhNFaPIHKSGQFfPpjJgU+
/2BRwKP650U6E+JUzn3OyEGrVKJfHCFbXNOzqYsy+XAI2kLeS9nhUM0MAmPXuS1Z
d2wgzJwwbQ1Oym02uzOp7gMII2X/Ip6k5akbvqETenBrOQ3xzimS8AoaFdLC8aTX
UDspEGinws/Ulv/cnSvuJNHNnFJdwzKIBTOdmmFpQPhUjz9/aBPunK8ZGhIAGkHE
jm1Qpq3GU98HrS7+ZoGZtS5l/gpwvtAa7jbyz+RXV9YGhxZu/Y1JrVtHi+zR59aw
TMMVSmMUX2TVx48tc6pdBor6JD7L4YloGJ8YyihDL82q/wCcQtVOYGkr8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/BKrPICKzJ/Ei1z20W2V8ceSR/MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbjhFcXM4Z0lyTW44U0xYUGJSYlpYeHg1Skg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVMMA0G
CSqGSIb3DQEBCwUAA4IBAQClgWPwJMpdkrYDVOjtwpTRzxHWRsG4A9VEBS9M012t
8NJhfgujXzcJxDncBSO6orJlxAyzG4WsYP5LQaskby6WnxRAs72bu83L/GI22P8f
G74/I0I0+OOUJmW2nKL5Gi06gRcuxDDc94I+auhMRwzZIOXQ+ax00c0VN1/Mm3Yb
nXXwmOQ9nQKta5B/eFXQKUSmntqefGOu4pZT5BC7PL+2/HP+ZNK0k7hEZdXUlnsm
Fwo9xGGXTwRg9p5W2dR7Hw0ZCDVw8Mjrf3fG9I8medsMSdbbqX8WnmvEpj0jt8v5
lOVAr7p+2GyGaiebMRlKkT5PhU8tzxf8pyiMOKihTvMi
-----END CERTIFICATE-----