Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/orIbN5DqZTh0tK5e7jU572I8S80.roa
File:                     orIbN5DqZTh0tK5e7jU572I8S80.roa (raw, json)
Hash identifier:          rdgk7CmkYvsRinxCsJa+8jumjzkxKkUZpIWH05YaJ2g=
Subject key identifier:   A2:B2:1B:37:90:EA:65:38:74:B4:AE:5E:EE:35:39:EF:62:3C:4B:CD
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A4BA3E44278A2B9F573E4826D5D73
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/orIbN5DqZTh0tK5e7jU572I8S80.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215224
IP address blocks:        163.5.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4b:a3:e4:42:78:a2:b9:f5:73:e4:82:6d:5d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2b21b3790ea653874b4ae5eee3539ef623c4bcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b1:34:d1:bb:d9:5d:87:68:a8:24:14:bc:36:
                    82:c5:65:16:f5:dc:e9:13:c9:64:aa:69:cf:f5:96:
                    dd:6d:a0:17:7f:45:8b:36:d2:5a:91:d5:00:c6:17:
                    a0:6e:03:6b:0d:2f:9e:0c:63:18:6b:9e:14:7b:a4:
                    58:ae:c2:4d:f5:08:fa:0b:94:9f:94:89:51:bf:8b:
                    1c:17:55:26:5a:1b:6f:3c:05:b4:9e:a9:46:a0:64:
                    ff:5c:ac:8a:78:31:33:fa:f4:1f:db:ec:1c:fe:45:
                    1e:5e:2f:0f:a8:04:2e:e7:08:e2:81:6f:10:ba:41:
                    a0:a5:11:47:eb:64:8a:4b:2f:60:5d:b2:2c:6e:45:
                    d8:40:14:17:7a:e4:9b:0d:e2:b4:c4:b7:90:3b:de:
                    36:91:c3:ff:10:03:68:c8:c0:f4:d6:9b:d0:8d:a3:
                    69:30:6a:1a:e6:54:1c:0e:1e:2d:b7:be:50:f0:2b:
                    f5:b7:d6:88:20:f6:41:94:a6:7c:10:82:1f:b2:58:
                    40:d7:9f:b2:b0:07:d1:5f:65:33:89:68:4d:18:54:
                    93:85:99:e6:88:20:90:51:91:f7:4e:76:ce:95:6a:
                    ae:9b:52:0d:05:5b:a1:de:61:66:f0:ac:f2:b4:90:
                    69:78:70:52:d8:3e:3e:59:4b:89:fc:82:dc:06:eb:
                    e3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B2:1B:37:90:EA:65:38:74:B4:AE:5E:EE:35:39:EF:62:3C:4B:CD
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/orIbN5DqZTh0tK5e7jU572I8S80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:7e:ad:bb:35:8b:8d:66:56:10:23:46:56:68:f4:fe:ee:c6:
         88:52:2b:df:03:40:34:92:6c:7b:36:1d:99:3b:b7:e1:f3:32:
         3e:3a:3f:3a:3c:63:02:75:a8:ab:58:16:1f:c8:48:38:b6:2f:
         04:74:3e:23:d7:37:77:2b:4f:31:d8:65:e1:b5:75:b5:c0:c0:
         df:ed:a9:eb:70:93:27:10:5d:79:7f:b7:d4:41:e1:48:85:51:
         15:be:3a:52:6f:b1:b8:6e:d1:df:40:b3:76:57:af:80:3d:06:
         06:55:f9:14:f3:42:b4:28:29:96:5a:58:ba:37:a7:a6:4d:83:
         6d:26:0b:2c:ec:7d:f5:f6:e5:09:18:f5:8d:37:6d:9d:4e:25:
         77:ed:a4:f6:6b:5c:72:99:b3:45:af:1d:ac:a0:f7:07:65:0f:
         70:fd:19:57:c4:85:ee:a1:30:10:be:07:a6:be:21:66:86:52:
         28:ce:af:d7:f7:98:67:a7:08:b0:a9:e0:e2:13:16:1a:2c:7e:
         2d:4a:61:ff:1d:d3:64:bb:a0:0f:4d:5e:47:52:e7:c2:5a:12:
         0f:47:ff:91:bf:45:77:a7:e6:53:2a:34:35:54:7a:25:53:fb:
         cb:4c:30:39:ba:2f:ed:8f:c3:e2:6c:cd:a0:76:de:9c:85:b8:
         7a:75:3c:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakuj5EJ4orn1c+SCbV1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmIyMWIzNzkwZWE2NTM4NzRiNGFlNWVlZTM1MzllZjYyM2M0YmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7E00bvZXYdoqCQUvDaCxWUW9dzp
E8lkqmnP9ZbdbaAXf0WLNtJakdUAxhegbgNrDS+eDGMYa54Ue6RYrsJN9Qj6C5Sf
lIlRv4scF1UmWhtvPAW0nqlGoGT/XKyKeDEz+vQf2+wc/kUeXi8PqAQu5wjigW8Q
ukGgpRFH62SKSy9gXbIsbkXYQBQXeuSbDeK0xLeQO942kcP/EANoyMD01pvQjaNp
MGoa5lQcDh4tt75Q8Cv1t9aIIPZBlKZ8EIIfslhA15+ysAfRX2UziWhNGFSThZnm
iCCQUZH3TnbOlWqum1INBVuh3mFm8KzytJBpeHBS2D4+WUuJ/ILcBuvjqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKyGzeQ6mU4dLSuXu41Oe9iPEvNMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvb3JJYk41RHFaVGgwdEs1ZTdqVTU3Mkk4UzgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW/MA0G
CSqGSIb3DQEBCwUAA4IBAQBNfq27NYuNZlYQI0ZWaPT+7saIUivfA0A0kmx7Nh2Z
O7fh8zI+Oj86PGMCdairWBYfyEg4ti8EdD4j1zd3K08x2GXhtXW1wMDf7anrcJMn
EF15f7fUQeFIhVEVvjpSb7G4btHfQLN2V6+APQYGVfkU80K0KCmWWli6N6emTYNt
Jgss7H319uUJGPWNN22dTiV37aT2a1xymbNFrx2soPcHZQ9w/RlXxIXuoTAQvgem
viFmhlIozq/X95hnpwiwqeDiExYaLH4tSmH/HdNku6APTV5HUufCWhIPR/+Rv0V3
p+ZTKjQ1VHolU/vLTDA5ui/tj8PibM2gdt6chbh6dTzY
-----END CERTIFICATE-----