Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/srYShoWze-aykiZHn7CYPMiPftw.roa
File:                     srYShoWze-aykiZHn7CYPMiPftw.roa (raw, json)
Hash identifier:          JlekbTYvxu7ZA0frCgAaNBsyE7OStyZNSAUsktOmdZQ=
Subject key identifier:   B2:B6:12:86:85:B3:7B:E6:B2:92:26:47:9F:B0:98:3C:C8:8F:7E:DC
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A4CA1536FCA73C0E5CC2AB8BFCD82
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/srYShoWze-aykiZHn7CYPMiPftw.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215672
IP address blocks:        163.5.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4c:a1:53:6f:ca:73:c0:e5:cc:2a:b8:bf:cd:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2b6128685b37be6b29226479fb0983cc88f7edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d3:ae:df:f0:a0:85:0d:4c:3d:67:a7:1d:35:
                    c4:3e:43:18:56:2f:8a:3d:b2:3c:1c:fe:82:2d:a9:
                    c1:72:3a:90:00:b2:62:b3:6a:e0:e0:11:f4:2a:3d:
                    ee:db:a1:2b:ad:9f:77:e8:7d:81:06:98:e2:d9:ab:
                    dd:08:59:d0:8a:47:97:30:a4:c6:b1:fa:ef:d4:80:
                    e8:b1:79:14:a4:1a:d3:91:05:80:cd:a6:75:5e:ba:
                    77:0f:61:8d:4d:85:88:28:7b:df:c8:9e:a4:5a:eb:
                    3a:35:b8:d8:50:22:c9:a6:35:52:35:92:3c:4e:83:
                    9b:51:2a:e6:52:cf:d1:e5:15:4d:71:9e:7a:73:26:
                    3a:6e:c9:49:c2:d1:2e:a7:7b:5e:1b:d7:74:0c:65:
                    e6:86:de:5e:65:ee:3d:14:83:ee:6d:d2:a6:64:2f:
                    8d:00:ab:18:98:3b:68:cf:e9:6f:66:f2:5d:3e:a6:
                    04:30:09:75:19:16:ac:96:2c:94:fa:6c:30:6c:e8:
                    2b:12:f3:b8:1f:14:09:f6:cb:73:6d:f0:18:08:ef:
                    19:55:9a:84:10:4f:1e:5e:10:da:5d:a2:e1:58:3c:
                    0f:d0:96:23:1f:44:cc:eb:5d:eb:f3:b0:4c:44:9b:
                    ea:15:ec:ed:71:d6:b3:66:e0:f8:8f:db:ff:47:5b:
                    d1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:B6:12:86:85:B3:7B:E6:B2:92:26:47:9F:B0:98:3C:C8:8F:7E:DC
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/srYShoWze-aykiZHn7CYPMiPftw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:89:2d:e4:83:ab:d7:59:73:2b:1d:4d:a5:08:1b:d5:99:27:
         30:be:48:a2:28:21:a8:ea:05:0b:34:97:af:13:e5:96:06:53:
         5b:10:3b:ad:c6:84:29:09:6d:80:da:37:3b:7d:19:93:06:e0:
         cf:62:3e:dd:fb:63:d6:84:5d:ad:7e:ba:06:46:7a:71:7d:38:
         5c:10:a6:f4:cc:98:c6:8c:16:88:74:3a:4a:6c:79:77:12:79:
         1c:fe:e3:17:ad:7f:36:d4:ff:0b:ad:83:95:49:14:f6:c1:0c:
         de:c3:17:0e:e3:00:35:f3:18:fc:c4:a3:b1:af:83:50:82:e9:
         61:0c:1e:04:59:be:e0:d6:1c:8e:b0:71:44:9c:cc:02:b8:7b:
         f0:66:06:b6:72:a3:57:ba:d1:9c:13:68:f9:a7:30:85:14:56:
         fd:90:1a:f3:f6:30:7a:5a:fd:79:f8:b8:77:37:34:7c:04:cc:
         4b:b1:de:94:d2:d7:9d:cf:a9:11:a3:45:44:ce:e6:03:a7:fd:
         39:db:b4:12:81:26:40:0a:bf:55:91:99:4d:0e:c7:d5:1f:0f:
         5c:d7:1f:a7:b9:7c:8c:22:29:5d:ce:01:26:ea:1b:48:71:31:
         80:15:a9:a6:43:bf:b1:4b:42:79:1a:ae:c1:87:0b:d9:6f:a4:
         2d:f7:7c:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakyhU2/Kc8DlzCq4v82CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmI2MTI4Njg1YjM3YmU2YjI5MjI2NDc5ZmIwOTgzY2M4OGY3ZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntOu3/CghQ1MPWenHTXEPkMYVi+K
PbI8HP6CLanBcjqQALJis2rg4BH0Kj3u26ErrZ936H2BBpji2avdCFnQikeXMKTG
sfrv1IDosXkUpBrTkQWAzaZ1Xrp3D2GNTYWIKHvfyJ6kWus6NbjYUCLJpjVSNZI8
ToObUSrmUs/R5RVNcZ56cyY6bslJwtEup3teG9d0DGXmht5eZe49FIPubdKmZC+N
AKsYmDtoz+lvZvJdPqYEMAl1GRasliyU+mwwbOgrEvO4HxQJ9stzbfAYCO8ZVZqE
EE8eXhDaXaLhWDwP0JYjH0TM613r87BMRJvqFeztcdazZuD4j9v/R1vR+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLK2EoaFs3vmspImR5+wmDzIj37cMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvc3JZU2hvV3plLWF5a2laSG43Q1lQTWlQZnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWUMA0G
CSqGSIb3DQEBCwUAA4IBAQBqiS3kg6vXWXMrHU2lCBvVmScwvkiiKCGo6gULNJev
E+WWBlNbEDutxoQpCW2A2jc7fRmTBuDPYj7d+2PWhF2tfroGRnpxfThcEKb0zJjG
jBaIdDpKbHl3Enkc/uMXrX821P8LrYOVSRT2wQzewxcO4wA18xj8xKOxr4NQgulh
DB4EWb7g1hyOsHFEnMwCuHvwZga2cqNXutGcE2j5pzCFFFb9kBrz9jB6Wv15+Lh3
NzR8BMxLsd6U0tedz6kRo0VEzuYDp/0527QSgSZACr9VkZlNDsfVHw9c1x+nuXyM
IildzgEm6htIcTGAFammQ7+xS0J5Gq7BhwvZb6Qt93xe
-----END CERTIFICATE-----