Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/sePLH7ZLh5zcsH542ZVbcK1Xksw.roa
File:                     sePLH7ZLh5zcsH542ZVbcK1Xksw.roa (raw, json)
Hash identifier:          +BWXB0b9j2GJkn8OLii0GexOBoUyqXgLwUYQa1d6n9E=
Subject key identifier:   B1:E3:CB:1F:B6:4B:87:9C:DC:B0:7E:78:D9:95:5B:70:AD:57:92:CC
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A2CD2DADAEF690E3F0956993C4D72
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/sePLH7ZLh5zcsH542ZVbcK1Xksw.roa
Signing time:             Wed 01 Jan 2025 19:49:08 +0000
ROA not before:           Wed 01 Jan 2025 19:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39120
IP address blocks:        163.5.201.0/24 maxlen: 24
                          163.5.203.0/24 maxlen: 24
                          163.5.204.0/24 maxlen: 24
                          163.5.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2c:d2:da:da:ef:69:0e:3f:09:56:99:3c:4d:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1e3cb1fb64b879cdcb07e78d9955b70ad5792cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2f:e3:a9:c9:93:4f:6a:54:70:be:1c:8e:76:
                    1f:ee:c2:14:1a:db:db:d0:f7:39:dd:f7:81:51:06:
                    b1:00:43:27:22:5f:ba:fd:64:98:f6:e3:07:69:b5:
                    16:4a:ed:cd:48:d2:3b:e1:55:59:4b:78:b9:f9:47:
                    7f:d0:5b:30:91:f7:86:48:1f:fd:1c:34:2e:51:a5:
                    62:0a:83:d3:1b:54:12:7b:63:e3:6a:9c:c0:c9:44:
                    b5:9f:24:78:ed:2a:8c:30:f0:d5:5e:bb:84:3b:61:
                    9d:fd:63:b5:32:c2:b8:c7:ba:f6:e4:93:d8:cf:f5:
                    8c:40:09:75:0c:13:12:8d:62:c8:76:16:1e:f0:d2:
                    ab:a7:cc:1e:17:0f:20:ab:cc:27:17:c9:99:aa:88:
                    60:18:f5:25:2d:94:b5:16:d0:fe:73:cf:d9:d7:41:
                    82:39:58:e3:1d:75:31:bd:67:13:e0:f4:33:21:96:
                    4a:7e:43:32:73:18:48:2a:05:b9:73:a6:b9:e6:86:
                    86:f9:f7:2e:4e:ae:4a:1e:06:b4:86:90:f8:60:85:
                    0f:31:c7:11:fe:1c:90:b8:39:67:98:08:87:ee:57:
                    dd:f0:aa:73:71:7b:4b:d9:58:ac:56:ce:6f:0d:f8:
                    04:76:64:a9:03:b9:c9:8b:10:cc:f5:25:34:aa:7d:
                    6d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E3:CB:1F:B6:4B:87:9C:DC:B0:7E:78:D9:95:5B:70:AD:57:92:CC
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/sePLH7ZLh5zcsH542ZVbcK1Xksw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.201.0/24
                  163.5.203.0-163.5.205.255

    Signature Algorithm: sha256WithRSAEncryption
         24:85:e4:9a:79:fe:d5:a3:aa:39:9a:3b:f8:91:bc:ea:be:ad:
         88:67:60:14:4e:4b:f8:e5:a4:a6:3d:fc:34:5e:8d:de:f9:4b:
         e6:ac:37:0f:25:9e:e5:ca:ca:bd:f7:a0:87:cb:89:f6:60:fc:
         e3:18:ce:86:3a:67:ef:39:1c:d2:41:f7:c4:7d:c5:15:4b:ae:
         58:21:4d:c1:28:29:91:0f:7b:3c:75:b3:6a:23:0c:7d:42:2f:
         67:93:1e:fc:00:a6:90:92:01:da:5d:5f:34:1e:6a:ec:a8:e9:
         21:72:74:cc:4d:a9:2f:ad:68:6e:7d:10:97:ff:00:aa:89:7a:
         57:01:ec:dc:f0:bd:c5:70:6b:b0:41:ee:34:f9:16:7e:98:d1:
         12:b1:1d:1e:4d:f3:46:16:b7:5b:8b:e0:bb:5f:77:8c:d6:e6:
         c1:45:61:18:8c:96:b3:6a:52:9d:44:48:b0:37:54:b6:6d:8c:
         08:aa:49:15:f2:8e:57:84:b8:29:b2:2a:14:5d:6e:05:6f:b5:
         71:1b:53:47:6d:47:36:f9:83:da:1d:1b:a2:df:0c:10:58:ce:
         b0:fb:96:27:15:34:e4:13:08:22:58:ae:26:cc:ae:01:e4:35:
         9e:bc:f4:37:1b:99:8a:6e:d2:47:f6:49:fa:57:97:16:3c:74:
         c1:37:11:3b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQjaizS2trvaQ4/CVaZPE1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWUzY2IxZmI2NGI4NzljZGNiMDdlNzhkOTk1NWI3MGFkNTc5MmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC/jqcmTT2pUcL4cjnYf7sIUGtvb
0Pc53feBUQaxAEMnIl+6/WSY9uMHabUWSu3NSNI74VVZS3i5+Ud/0FswkfeGSB/9
HDQuUaViCoPTG1QSe2PjapzAyUS1nyR47SqMMPDVXruEO2Gd/WO1MsK4x7r25JPY
z/WMQAl1DBMSjWLIdhYe8NKrp8weFw8gq8wnF8mZqohgGPUlLZS1FtD+c8/Z10GC
OVjjHXUxvWcT4PQzIZZKfkMycxhIKgW5c6a55oaG+fcuTq5KHga0hpD4YIUPMccR
/hyQuDlnmAiH7lfd8KpzcXtL2VisVs5vDfgEdmSpA7nJixDM9SU0qn1tnQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLHjyx+2S4ec3LB+eNmVW3CtV5LMMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvc2VQTEg3WkxoNXpjc0g1NDJaVmJjSzFYa3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAowXJMAwD
BACjBcsDBAGjBcwwDQYJKoZIhvcNAQELBQADggEBACSF5Jp5/tWjqjmaO/iRvOq+
rYhnYBROS/jlpKY9/DRejd75S+asNw8lnuXKyr33oIfLifZg/OMYzoY6Z+85HNJB
98R9xRVLrlghTcEoKZEPezx1s2ojDH1CL2eTHvwAppCSAdpdXzQeauyo6SFydMxN
qS+taG59EJf/AKqJelcB7NzwvcVwa7BB7jT5Fn6Y0RKxHR5N80YWt1uL4Ltfd4zW
5sFFYRiMlrNqUp1ESLA3VLZtjAiqSRXyjleEuCmyKhRdbgVvtXEbU0dtRzb5g9od
G6LfDBBYzrD7licVNOQTCCJYribMrgHkNZ689DcbmYpu0kf2SfpXlxY8dME3ETs=
-----END CERTIFICATE-----