Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oil419zl7P3UoZDQjkGrnjatNTs.roa
File:                     oil419zl7P3UoZDQjkGrnjatNTs.roa (raw, json)
Hash identifier:          ni7FqswIU0+Qeob5HVeZ7KUVakCaMn9dNMRJ12/ihXM=
Subject key identifier:   A2:29:78:D7:DC:E5:EC:FD:D4:A1:90:D0:8E:41:AB:9E:36:AD:35:3B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A4995287631290771890166FD57E1
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oil419zl7P3UoZDQjkGrnjatNTs.roa
Signing time:             Wed 01 Jan 2025 19:49:15 +0000
ROA not before:           Wed 01 Jan 2025 19:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214143
IP address blocks:        163.5.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:49:95:28:76:31:29:07:71:89:01:66:fd:57:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a22978d7dce5ecfdd4a190d08e41ab9e36ad353b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:58:7d:39:8e:09:f4:bb:60:10:f3:e1:54:fd:
                    b9:7b:6a:e3:39:41:93:9b:62:25:9b:35:52:b7:bc:
                    a9:3f:35:e9:ef:ff:b3:a7:9d:57:e7:c6:a1:48:98:
                    c8:f5:d7:1c:91:f1:44:af:b9:66:bf:f6:e6:22:d6:
                    20:d3:62:9d:a6:59:c6:85:b7:a9:44:aa:e3:26:57:
                    3f:76:81:e4:bc:d9:cf:95:a2:ae:2b:3e:01:94:15:
                    c1:0f:d3:00:06:3f:05:3a:56:db:e5:5e:cd:0d:e2:
                    aa:7d:85:5d:68:3e:04:1f:f0:3c:6e:fa:3a:a1:3b:
                    34:9f:0b:b6:f1:5b:6a:c0:3e:e0:c3:81:12:3f:37:
                    e7:76:59:f9:19:ea:e1:ad:22:6b:e9:00:40:2a:73:
                    f0:50:25:fb:50:4f:52:8b:db:b9:3a:39:7c:f0:19:
                    b9:7d:4f:18:e1:9f:da:64:75:e4:37:6b:5f:f7:97:
                    0e:42:5e:a5:c9:e9:88:5a:8c:1d:24:a2:05:37:e1:
                    86:9a:a2:f7:be:a9:2f:3e:42:ef:7f:8d:5a:09:62:
                    b8:38:81:ed:ec:e5:85:9f:e8:c0:c0:8d:3a:a8:29:
                    73:cb:1a:7e:c8:26:4e:90:68:2c:a6:28:d7:29:04:
                    72:f3:57:1f:8a:3f:e7:32:fe:df:8a:67:91:fc:10:
                    0e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:29:78:D7:DC:E5:EC:FD:D4:A1:90:D0:8E:41:AB:9E:36:AD:35:3B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oil419zl7P3UoZDQjkGrnjatNTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:39:2c:c8:59:e2:f4:67:78:7f:7d:d5:5b:ab:1d:d6:06:7f:
         c4:c0:00:06:da:41:23:3d:8c:d7:4a:a6:b4:e9:76:67:63:d9:
         81:d2:f4:c4:92:f8:48:e0:b4:08:9c:26:a1:54:65:a6:1e:11:
         0c:8a:d6:42:95:b5:03:17:bf:bb:c1:d7:63:ba:72:7b:57:9e:
         0a:ae:de:02:90:ad:65:40:6f:1e:5b:9e:ca:48:3b:27:e7:e3:
         27:50:25:2b:4b:ec:78:8e:d6:9b:d8:ec:2c:50:d3:60:a8:9f:
         fc:78:ee:47:e7:94:86:a1:00:cc:f1:c5:69:8e:23:3a:d9:52:
         21:26:39:9a:59:d9:cd:4d:05:6e:c8:e7:b5:89:7c:ad:4f:e2:
         77:6e:63:93:ce:86:73:74:be:f3:3d:4a:28:db:b6:c2:d9:d6:
         40:fa:ad:8f:f2:70:76:c7:e6:08:12:38:29:3e:97:2a:fd:14:
         ec:c9:f1:8a:4f:4e:6a:e3:ae:2a:21:75:af:5d:e1:4d:8d:dc:
         1d:a7:fd:e7:78:fb:4b:c4:de:eb:11:de:d8:77:b2:88:a5:c8:
         49:f1:55:4b:b3:8f:ac:11:2c:f6:7b:e4:39:d1:3d:08:5f:6c:
         33:ea:8b:61:11:aa:45:5b:1f:f2:bc:ca:ab:53:14:ae:c2:61:
         62:82:e6:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakmVKHYxKQdxiQFm/VfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjI5NzhkN2RjZTVlY2ZkZDRhMTkwZDA4ZTQxYWI5ZTM2YWQzNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVh9OY4J9LtgEPPhVP25e2rjOUGT
m2IlmzVSt7ypPzXp7/+zp51X58ahSJjI9dcckfFEr7lmv/bmItYg02KdplnGhbep
RKrjJlc/doHkvNnPlaKuKz4BlBXBD9MABj8FOlbb5V7NDeKqfYVdaD4EH/A8bvo6
oTs0nwu28VtqwD7gw4ESPzfndln5GerhrSJr6QBAKnPwUCX7UE9Si9u5Ojl88Bm5
fU8Y4Z/aZHXkN2tf95cOQl6lyemIWowdJKIFN+GGmqL3vqkvPkLvf41aCWK4OIHt
7OWFn+jAwI06qClzyxp+yCZOkGgspijXKQRy81cfij/nMv7fimeR/BAOSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIpeNfc5ez91KGQ0I5Bq542rTU7MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvb2lsNDE5emw3UDNVb1pEUWprR3JuamF0TlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUjMA0G
CSqGSIb3DQEBCwUAA4IBAQAgOSzIWeL0Z3h/fdVbqx3WBn/EwAAG2kEjPYzXSqa0
6XZnY9mB0vTEkvhI4LQInCahVGWmHhEMitZClbUDF7+7wddjunJ7V54Krt4CkK1l
QG8eW57KSDsn5+MnUCUrS+x4jtab2OwsUNNgqJ/8eO5H55SGoQDM8cVpjiM62VIh
JjmaWdnNTQVuyOe1iXytT+J3bmOTzoZzdL7zPUoo27bC2dZA+q2P8nB2x+YIEjgp
Ppcq/RTsyfGKT05q464qIXWvXeFNjdwdp/3nePtLxN7rEd7Yd7KIpchJ8VVLs4+s
ESz2e+Q50T0IX2wz6othEapFWx/yvMqrUxSuwmFiguYU
-----END CERTIFICATE-----