Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rW64lOyxBRMkDqwtPguDuePMMAs.roa
File:                     rW64lOyxBRMkDqwtPguDuePMMAs.roa (raw, json)
Hash identifier:          H7kwNF+UQeiVcuWUAbQmSftjuc7IBJdg62GNvO/DDIY=
Subject key identifier:   AD:6E:B8:94:EC:B1:05:13:24:0E:AC:2D:3E:0B:83:B9:E3:CC:30:0B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018F169549900ACE589EF5C490D7EFC06386
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rW64lOyxBRMkDqwtPguDuePMMAs.roa
Signing time:             Thu 25 Apr 2024 18:47:13 +0000
ROA not before:           Thu 25 Apr 2024 18:47:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198831
IP address blocks:        163.5.59.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:16:95:49:90:0a:ce:58:9e:f5:c4:90:d7:ef:c0:63:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 25 18:47:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad6eb894ecb10513240eac2d3e0b83b9e3cc300b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0c:e5:de:9f:4e:37:8b:9d:9b:81:73:71:61:
                    3e:1d:9d:ef:ee:5a:9c:7e:e8:51:b6:28:c8:68:18:
                    25:46:4b:59:6e:d0:e7:e8:30:71:d9:7b:70:8d:cc:
                    b4:7b:18:28:90:e8:6d:37:71:a7:c1:5f:2f:62:f7:
                    f9:bb:3e:a2:8a:08:2d:3c:1b:a7:87:c1:e2:37:a7:
                    59:16:9f:56:a5:34:39:8f:c8:09:c9:30:b4:45:11:
                    2c:2b:4f:79:b9:45:54:23:c8:61:cc:4c:4a:30:37:
                    4d:77:ab:b6:ec:6b:91:6d:af:d9:80:27:85:b6:47:
                    67:ad:12:dd:ed:aa:fc:46:15:3a:f6:82:1b:fb:e8:
                    5a:02:58:2a:4f:2c:8b:f7:88:ff:22:a4:ad:b6:e3:
                    2d:e4:ff:e7:a9:26:0d:af:3c:b8:1c:94:34:8a:fd:
                    73:63:59:7f:2c:71:61:27:ce:9b:3a:51:d9:31:a8:
                    63:96:a7:5e:ca:a2:3e:78:1e:ec:14:ec:5a:98:6b:
                    5f:4e:b7:37:f6:bc:d9:88:fe:27:60:7d:7a:80:d6:
                    29:09:de:0a:87:89:64:22:bc:ba:64:83:62:b9:d3:
                    d4:8e:27:36:57:48:95:72:87:61:c4:44:76:56:bd:
                    f9:df:37:de:b8:6f:2e:cd:57:43:6a:40:30:ab:d1:
                    26:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:6E:B8:94:EC:B1:05:13:24:0E:AC:2D:3E:0B:83:B9:E3:CC:30:0B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rW64lOyxBRMkDqwtPguDuePMMAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:94:59:70:55:f2:cd:f6:e3:e9:33:34:59:3a:0d:db:dc:d9:
         22:64:b2:30:a7:de:f2:36:09:d1:82:1c:b2:1e:99:54:ad:af:
         01:89:63:e2:dd:42:c9:85:51:97:2d:68:b3:d0:22:6d:cf:95:
         4a:97:a8:a4:b2:7a:51:a5:ea:4e:c9:a4:b9:fc:a1:99:ba:11:
         9e:94:44:e9:80:ca:89:5e:16:29:a3:d7:1b:36:bd:1f:a7:98:
         1a:9a:27:e2:8a:bc:16:b7:8a:d3:1f:0c:82:b3:76:8a:14:62:
         96:86:f1:c0:50:08:e9:30:bc:47:7d:9a:06:f1:b4:4f:a3:b2:
         80:8b:91:17:fa:4d:9e:ff:23:95:45:1f:d5:d6:bb:27:0e:5a:
         56:27:a4:12:05:cf:f8:7d:e0:e4:9b:bf:8b:22:a2:98:d7:65:
         d6:a5:84:95:88:5b:9f:52:e3:df:06:84:a1:ee:c9:9f:a7:2d:
         fc:73:00:d7:b6:e4:15:e5:6a:8c:40:7e:08:4d:75:7c:9f:d2:
         3a:e2:6f:26:c0:f6:a8:26:cc:1c:b9:af:40:42:ce:f8:e6:20:
         e8:49:29:12:f6:b1:67:e6:1b:d1:81:0e:64:43:16:4d:71:d6:
         07:c8:79:05:13:80:88:b4:4c:5a:ff:a9:1b:25:69:32:78:e3:
         48:0c:1f:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8WlUmQCs5YnvXEkNfvwGOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNDI1MTg0NzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDZlYjg5NGVjYjEwNTEzMjQwZWFjMmQzZTBiODNiOWUzY2MzMDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwzl3p9ON4udm4FzcWE+HZ3v7lqc
fuhRtijIaBglRktZbtDn6DBx2Xtwjcy0exgokOhtN3GnwV8vYvf5uz6iiggtPBun
h8HiN6dZFp9WpTQ5j8gJyTC0RREsK095uUVUI8hhzExKMDdNd6u27GuRba/ZgCeF
tkdnrRLd7ar8RhU69oIb++haAlgqTyyL94j/IqSttuMt5P/nqSYNrzy4HJQ0iv1z
Y1l/LHFhJ86bOlHZMahjlqdeyqI+eB7sFOxamGtfTrc39rzZiP4nYH16gNYpCd4K
h4lkIry6ZINiudPUjic2V0iVcodhxER2Vr353zfeuG8uzVdDakAwq9EmHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK1uuJTssQUTJA6sLT4Lg7njzDALMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvclc2NGxPeXhCUk1rRHF3dFBndUR1ZVBNTUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowU7AwQA
uf02MA0GCSqGSIb3DQEBCwUAA4IBAQCglFlwVfLN9uPpMzRZOg3b3NkiZLIwp97y
NgnRghyyHplUra8BiWPi3ULJhVGXLWiz0CJtz5VKl6iksnpRpepOyaS5/KGZuhGe
lETpgMqJXhYpo9cbNr0fp5gamifiirwWt4rTHwyCs3aKFGKWhvHAUAjpMLxHfZoG
8bRPo7KAi5EX+k2e/yOVRR/V1rsnDlpWJ6QSBc/4feDkm7+LIqKY12XWpYSViFuf
UuPfBoSh7smfpy38cwDXtuQV5WqMQH4ITXV8n9I64m8mwPaoJswcua9AQs745iDo
SSkS9rFn5hvRgQ5kQxZNcdYHyHkFE4CItExa/6kbJWkyeONIDB/b
-----END CERTIFICATE-----