Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qHuEPCt_Ke8d3RqRc5-KaHGjC6k.roa
File:                     qHuEPCt_Ke8d3RqRc5-KaHGjC6k.roa (raw, json)
Hash identifier:          w2NKtYS+nvsBlz2iHAO46NQToHZGdY/iU8ZheDLKf4g=
Subject key identifier:   A8:7B:84:3C:2B:7F:29:EF:1D:DD:1A:91:73:9F:8A:68:71:A3:0B:A9
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018F33AD54FCFDBC9D0E3FA425D14844AAB5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qHuEPCt_Ke8d3RqRc5-KaHGjC6k.roa
Signing time:             Wed 01 May 2024 10:22:28 +0000
ROA not before:           Wed 01 May 2024 10:22:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206505
IP address blocks:        163.5.164.0/24 maxlen: 24
                          163.5.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:56:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:ad:54:fc:fd:bc:9d:0e:3f:a4:25:d1:48:44:aa:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May  1 10:22:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a87b843c2b7f29ef1ddd1a91739f8a6871a30ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:bb:e4:51:eb:58:80:c2:30:93:24:74:a5:c0:
                    31:ef:a5:e9:01:5e:cf:8d:13:64:81:41:a5:e4:50:
                    a4:93:e5:5b:49:87:04:78:49:e0:cd:c0:fd:4e:41:
                    db:5a:be:aa:0e:84:8f:ae:90:c3:dd:6f:92:6c:b6:
                    cb:95:f1:49:0d:50:fe:1d:a7:d8:04:63:28:a9:a0:
                    df:ec:83:c2:61:c9:72:2d:9a:60:c4:ae:27:42:8a:
                    09:c3:5f:df:4b:7b:60:76:c0:97:b4:5a:f6:d6:51:
                    d5:f3:f9:67:47:8b:80:f8:6e:4b:aa:81:da:f6:a3:
                    0e:b6:8e:3e:db:fb:b7:c6:b7:23:9a:6e:28:f4:6d:
                    70:f6:48:f6:99:d8:95:ee:af:96:17:c1:c1:e0:9a:
                    da:1d:7f:71:c3:90:39:8f:34:08:5d:ef:a8:73:4b:
                    87:e4:1b:83:50:82:e8:63:84:60:e8:96:7b:37:ce:
                    6e:ef:48:08:e4:c6:08:42:4d:a8:64:48:14:08:3c:
                    09:8d:af:ff:69:c0:db:96:1f:7f:de:cb:7b:ba:1d:
                    28:ce:f9:13:96:1b:59:c8:9c:e4:d9:ca:d3:40:c4:
                    12:35:61:f9:52:54:8e:11:78:2c:2c:d9:49:ce:b6:
                    8a:ec:62:bc:da:c9:48:fa:4a:e4:89:ca:03:5e:8f:
                    bb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:7B:84:3C:2B:7F:29:EF:1D:DD:1A:91:73:9F:8A:68:71:A3:0B:A9
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qHuEPCt_Ke8d3RqRc5-KaHGjC6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.164.0/24
                  163.5.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:a9:ba:11:74:3c:cc:2d:78:7d:90:f8:b1:cb:e6:b7:fe:e4:
         76:83:7b:b9:af:36:0e:b9:38:eb:d8:e1:65:6c:b4:fe:17:c1:
         c1:cf:0b:a4:af:dc:b7:d5:f9:1c:f3:da:11:50:63:a1:9d:91:
         a9:4e:b4:77:3a:ed:37:87:41:02:b1:2a:42:1c:93:29:79:7d:
         b2:78:c8:f1:e7:8d:40:37:d1:17:45:11:37:86:dd:d6:f8:5e:
         cb:49:25:12:0a:b3:a0:72:f8:c9:03:52:a3:a1:1a:9a:2b:0d:
         8b:6e:ce:e5:30:80:eb:1d:73:2a:1d:c0:17:49:25:ba:ac:41:
         29:5b:32:d9:a1:94:45:45:31:52:3d:5f:fa:00:05:71:2c:93:
         19:98:b1:e4:e9:a1:89:a5:d9:32:6c:b4:28:8c:da:4a:b1:4d:
         73:1a:d1:6d:9e:c3:89:b6:c3:43:8c:e5:97:3e:59:ca:a6:65:
         09:8e:7e:31:3e:89:1b:e2:48:73:79:e3:e1:31:9a:9b:5a:74:
         7a:f4:fb:95:ed:26:3b:1a:fc:08:40:78:08:fe:26:5a:d2:9d:
         9d:c7:ac:1c:3a:61:17:c8:e0:81:2d:6c:96:6c:12:d8:23:6f:
         87:28:64:f7:0f:b5:9a:28:fd:47:40:23:3a:10:ed:79:98:0a:
         1e:a2:de:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8zrVT8/bydDj+kJdFIRKq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNTAxMTAyMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODdiODQzYzJiN2YyOWVmMWRkZDFhOTE3MzlmOGE2ODcxYTMwYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbvkUetYgMIwkyR0pcAx76XpAV7P
jRNkgUGl5FCkk+VbSYcEeEngzcD9TkHbWr6qDoSPrpDD3W+SbLbLlfFJDVD+HafY
BGMoqaDf7IPCYclyLZpgxK4nQooJw1/fS3tgdsCXtFr21lHV8/lnR4uA+G5LqoHa
9qMOto4+2/u3xrcjmm4o9G1w9kj2mdiV7q+WF8HB4JraHX9xw5A5jzQIXe+oc0uH
5BuDUILoY4Rg6JZ7N85u70gI5MYIQk2oZEgUCDwJja//acDblh9/3st7uh0ozvkT
lhtZyJzk2crTQMQSNWH5UlSOEXgsLNlJzraK7GK82slI+krkicoDXo+7KQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKh7hDwrfynvHd0akXOfimhxowupMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcUh1RVBDdF9LZThkM1JxUmM1LUthSEdqQzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowWkAwQA
owWmMA0GCSqGSIb3DQEBCwUAA4IBAQCfqboRdDzMLXh9kPixy+a3/uR2g3u5rzYO
uTjr2OFlbLT+F8HBzwukr9y31fkc89oRUGOhnZGpTrR3Ou03h0ECsSpCHJMpeX2y
eMjx541AN9EXRRE3ht3W+F7LSSUSCrOgcvjJA1KjoRqaKw2Lbs7lMIDrHXMqHcAX
SSW6rEEpWzLZoZRFRTFSPV/6AAVxLJMZmLHk6aGJpdkybLQojNpKsU1zGtFtnsOJ
tsNDjOWXPlnKpmUJjn4xPokb4khzeePhMZqbWnR69PuV7SY7GvwIQHgI/iZa0p2d
x6wcOmEXyOCBLWyWbBLYI2+HKGT3D7WaKP1HQCM6EO15mAoeot68
-----END CERTIFICATE-----