Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ofRwCHxypsuBCfiZjxxxrhTYkPY.roa
File:                     ofRwCHxypsuBCfiZjxxxrhTYkPY.roa (raw, json)
Hash identifier:          RQ4bVFyL5738LUPNvwOYv19urq+56P7bimnU//PYMnE=
Subject key identifier:   A1:F4:70:08:7C:72:A6:CB:81:09:F8:99:8F:1C:71:AE:14:D8:90:F6
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0197372149CDDC3959CF51C1C0831272270E
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ofRwCHxypsuBCfiZjxxxrhTYkPY.roa
Signing time:             Tue 03 Jun 2025 18:50:17 +0000
ROA not before:           Tue 03 Jun 2025 18:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55470
IP address blocks:        163.5.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:21:49:cd:dc:39:59:cf:51:c1:c0:83:12:72:27:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  3 18:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1f470087c72a6cb8109f8998f1c71ae14d890f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e3:a6:fa:15:9b:e3:de:24:4c:19:0d:91:3c:
                    97:1d:1a:9c:33:38:d9:70:57:33:d3:ef:6e:8c:60:
                    4e:c3:1e:38:9c:98:0d:73:7e:9c:8f:00:80:9f:35:
                    81:49:3c:e4:eb:da:17:0d:94:9a:cb:15:11:ad:2e:
                    a6:ec:be:f0:6c:e2:aa:88:3f:0a:12:d4:80:1d:2d:
                    b6:8d:44:c5:d3:f1:40:1d:1b:e5:64:0b:89:d8:4a:
                    37:5f:02:b8:df:53:96:5b:44:b8:4d:5b:75:74:bb:
                    2e:10:ee:d6:f7:cb:14:a0:ee:0e:26:38:3a:5d:fe:
                    d2:cb:67:41:3a:76:bd:92:87:8c:7c:e6:3d:e5:dd:
                    33:e1:34:bd:18:7c:b5:90:40:7d:3d:32:a9:e1:ce:
                    ac:33:08:fc:69:4e:6b:ab:2d:3e:fc:cc:5e:b0:9d:
                    63:dd:7c:8c:a9:a7:18:3b:9a:dd:9d:ae:08:bc:b5:
                    65:30:79:29:0a:b2:30:e9:55:42:7d:96:86:6c:1d:
                    61:a3:f6:ba:bc:29:b2:2b:00:05:22:b0:6c:cc:ce:
                    42:39:d4:9e:d2:3e:33:64:23:e6:ad:1d:c9:c2:0e:
                    0f:86:f6:55:6c:d1:c9:83:fa:73:d7:9b:c9:94:23:
                    46:a3:d3:e6:91:42:b7:0e:1c:bc:bf:e3:b6:d7:78:
                    3a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:F4:70:08:7C:72:A6:CB:81:09:F8:99:8F:1C:71:AE:14:D8:90:F6
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ofRwCHxypsuBCfiZjxxxrhTYkPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:86:98:83:5b:1e:a6:b2:b1:a0:77:7a:a8:f3:a4:00:91:3f:
         8e:15:21:f6:61:8f:49:81:c1:d8:bd:4b:5f:40:26:e6:d8:2c:
         ab:9a:06:6a:17:da:62:49:46:03:c8:91:e6:88:d8:3b:f2:16:
         64:95:4f:5f:10:29:e0:b9:f6:84:74:5d:9c:db:75:24:94:6a:
         c7:3e:ef:36:db:ab:f2:9f:77:d9:5d:a7:e3:45:51:0a:7f:94:
         94:28:12:1c:05:fb:f0:3d:c0:bc:cc:e7:a5:2a:92:22:62:41:
         7e:fd:43:5a:47:dc:bc:50:40:25:29:b5:1c:1c:02:b9:b8:e5:
         5d:65:77:0c:d7:22:0e:cd:c3:b8:fc:bf:d4:cd:07:80:97:54:
         57:6e:36:43:f5:7d:76:74:aa:ae:4d:69:12:ed:b0:2b:f4:6a:
         b4:64:b7:4b:30:ae:7f:51:56:fd:71:1d:7e:ee:b9:70:11:e3:
         d3:87:ae:7d:c4:4b:3d:3e:bf:34:5e:e4:a7:b4:7f:14:19:51:
         27:98:0c:07:b8:b4:90:57:56:79:3a:50:92:9d:6b:58:94:5d:
         0c:37:a2:8c:17:46:93:a1:23:b0:8b:bd:72:a5:3d:76:cb:17:
         e8:d6:c0:e1:94:c7:84:ac:ae:22:7e:a2:e2:95:12:35:14:ce:
         b3:f4:55:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc3IUnN3DlZz1HBwIMScicOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjAzMTg1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWY0NzAwODdjNzJhNmNiODEwOWY4OTk4ZjFjNzFhZTE0ZDg5MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueOm+hWb494kTBkNkTyXHRqcMzjZ
cFcz0+9ujGBOwx44nJgNc36cjwCAnzWBSTzk69oXDZSayxURrS6m7L7wbOKqiD8K
EtSAHS22jUTF0/FAHRvlZAuJ2Eo3XwK431OWW0S4TVt1dLsuEO7W98sUoO4OJjg6
Xf7Sy2dBOna9koeMfOY95d0z4TS9GHy1kEB9PTKp4c6sMwj8aU5rqy0+/MxesJ1j
3XyMqacYO5rdna4IvLVlMHkpCrIw6VVCfZaGbB1ho/a6vCmyKwAFIrBszM5COdSe
0j4zZCPmrR3Jwg4PhvZVbNHJg/pz15vJlCNGo9PmkUK3Dhy8v+O213g6MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKH0cAh8cqbLgQn4mY8cca4U2JD2MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvb2ZSd0NIeHlwc3VCQ2ZpWmp4eHhyaFRZa1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW/MA0G
CSqGSIb3DQEBCwUAA4IBAQAchpiDWx6msrGgd3qo86QAkT+OFSH2YY9JgcHYvUtf
QCbm2CyrmgZqF9piSUYDyJHmiNg78hZklU9fECngufaEdF2c23UklGrHPu8226vy
n3fZXafjRVEKf5SUKBIcBfvwPcC8zOelKpIiYkF+/UNaR9y8UEAlKbUcHAK5uOVd
ZXcM1yIOzcO4/L/UzQeAl1RXbjZD9X12dKquTWkS7bAr9Gq0ZLdLMK5/UVb9cR1+
7rlwEePTh659xEs9Pr80XuSntH8UGVEnmAwHuLSQV1Z5OlCSnWtYlF0MN6KMF0aT
oSOwi71ypT12yxfo1sDhlMeErK4ifqLilRI1FM6z9FX9
-----END CERTIFICATE-----