Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qkCpRHKT5QseGDI0huMZWMvpc8o.roa
File:                     qkCpRHKT5QseGDI0huMZWMvpc8o.roa (raw, json)
Hash identifier:          1mtylx641jHIhY+fLH+OdCKWUN0ftzZpHc5WIrkPRZA=
Subject key identifier:   AA:40:A9:44:72:93:E5:0B:1E:18:32:34:86:E3:19:58:CB:E9:73:CA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A454CD2D3900F8FC72778C56F52B2
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qkCpRHKT5QseGDI0huMZWMvpc8o.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209181
IP address blocks:        163.5.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:45:4c:d2:d3:90:0f:8f:c7:27:78:c5:6f:52:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa40a9447293e50b1e18323486e31958cbe973ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:59:f9:e1:d6:f0:eb:e0:dc:ca:dd:48:16:28:
                    6b:60:fe:ca:30:46:40:d2:4d:03:82:f6:07:77:5c:
                    d2:a9:59:ec:f7:ad:f0:79:b1:6e:89:41:05:e8:5e:
                    69:d2:c8:d3:83:f3:7e:8b:b1:17:88:89:87:d8:79:
                    28:37:f9:85:60:b4:ee:2a:b4:59:7f:cf:f6:d4:c8:
                    81:46:49:f0:43:2d:79:d8:6b:22:c9:07:c5:10:63:
                    0c:4f:c9:9c:9f:3e:6b:7d:ec:e0:0d:ad:d9:b6:0d:
                    8a:bf:6f:42:09:22:54:ae:c0:94:26:d9:e1:0b:48:
                    d7:8b:e7:e1:b9:98:7d:b7:b7:ea:64:7d:ec:aa:9d:
                    62:d4:49:dd:1e:a4:c6:81:33:cf:52:72:e6:f0:8c:
                    32:f1:09:96:53:c7:5c:c7:1e:67:84:ed:a7:83:e1:
                    fa:62:30:4e:d3:5c:87:23:18:27:54:ec:2d:41:46:
                    3e:17:c1:da:4b:dc:ac:6d:9b:1d:53:43:9d:e7:3c:
                    c6:1d:de:06:f9:d5:66:6f:d5:f8:45:a5:a5:d3:21:
                    e1:b9:6b:10:c2:e1:85:9f:a5:e1:e7:a1:7e:c3:22:
                    6b:79:ba:4c:81:41:e0:b8:d6:ba:b9:dd:5e:4d:ef:
                    59:f1:af:54:93:c1:9b:0f:fa:2e:1f:e2:35:ba:ac:
                    60:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:40:A9:44:72:93:E5:0B:1E:18:32:34:86:E3:19:58:CB:E9:73:CA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qkCpRHKT5QseGDI0huMZWMvpc8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:52:80:5c:79:8f:d6:c8:42:f5:80:eb:1d:7f:ba:e7:ce:9f:
         03:96:fc:7f:88:61:8e:ae:37:49:f7:46:32:a7:0a:74:fd:e8:
         4f:97:17:65:8c:e6:2b:86:05:ea:89:ce:0b:d0:64:d2:e8:fb:
         16:b5:d0:a1:fe:44:de:88:14:77:ca:1f:44:0b:60:7e:b4:eb:
         e5:b9:c7:af:ef:a3:97:a9:64:0c:bc:d9:e1:ed:0e:02:fe:b5:
         6e:76:5e:4d:ac:12:49:ea:4a:4e:9e:6a:21:e5:f8:58:72:98:
         8d:f7:f2:60:ea:d9:7b:f2:b5:bd:af:ba:d0:b9:31:9b:5c:9b:
         bc:71:b4:bd:5d:d8:5a:64:3b:20:16:35:4c:55:f8:18:1f:16:
         69:63:8e:f8:88:98:24:89:d1:9a:8a:3c:35:18:6b:67:9a:77:
         aa:a8:c0:25:86:e4:af:7e:5b:4e:d8:1f:65:2f:42:52:5d:7e:
         8b:45:4b:a7:1f:9e:a5:b7:60:3c:ff:42:c6:d7:00:c8:86:77:
         1f:9e:75:71:3d:a8:b3:58:5b:6c:0c:6d:b2:47:90:4f:c1:79:
         63:b9:84:53:fa:ce:28:bd:2a:4e:75:bf:96:63:db:99:6a:29:
         22:0c:13:41:7c:24:c6:bf:57:55:0c:4a:76:d7:14:53:c2:c4:
         3f:6d:f4:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakVM0tOQD4/HJ3jFb1KyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQwYTk0NDcyOTNlNTBiMWUxODMyMzQ4NmUzMTk1OGNiZTk3M2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1n54dbw6+Dcyt1IFihrYP7KMEZA
0k0DgvYHd1zSqVns963webFuiUEF6F5p0sjTg/N+i7EXiImH2HkoN/mFYLTuKrRZ
f8/21MiBRknwQy152GsiyQfFEGMMT8mcnz5rfezgDa3Ztg2Kv29CCSJUrsCUJtnh
C0jXi+fhuZh9t7fqZH3sqp1i1EndHqTGgTPPUnLm8Iwy8QmWU8dcxx5nhO2ng+H6
YjBO01yHIxgnVOwtQUY+F8HaS9ysbZsdU0Od5zzGHd4G+dVmb9X4RaWl0yHhuWsQ
wuGFn6Xh56F+wyJrebpMgUHguNa6ud1eTe9Z8a9Uk8GbD/ouH+I1uqxgnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpAqURyk+ULHhgyNIbjGVjL6XPKMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcWtDcFJIS1Q1UXNlR0RJMGh1TVpXTXZwYzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXaMA0G
CSqGSIb3DQEBCwUAA4IBAQBaUoBceY/WyEL1gOsdf7rnzp8Dlvx/iGGOrjdJ90Yy
pwp0/ehPlxdljOYrhgXqic4L0GTS6PsWtdCh/kTeiBR3yh9EC2B+tOvlucev76OX
qWQMvNnh7Q4C/rVudl5NrBJJ6kpOnmoh5fhYcpiN9/Jg6tl78rW9r7rQuTGbXJu8
cbS9XdhaZDsgFjVMVfgYHxZpY474iJgkidGaijw1GGtnmneqqMAlhuSvfltO2B9l
L0JSXX6LRUunH56lt2A8/0LG1wDIhncfnnVxPaizWFtsDG2yR5BPwXljuYRT+s4o
vSpOdb+WY9uZaikiDBNBfCTGv1dVDEp21xRTwsQ/bfTX
-----END CERTIFICATE-----