Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t5ReQ8rHGPO-bPlgX4Tyzb8Jwuc.roa
File:                     t5ReQ8rHGPO-bPlgX4Tyzb8Jwuc.roa (raw, json)
Hash identifier:          oMj1DY07sxFK2x55AJuut7QyKT4eOsObWoe+cXiVXbs=
Subject key identifier:   B7:94:5E:43:CA:C7:18:F3:BE:6C:F9:60:5F:84:F2:CD:BF:09:C2:E7
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A29BE2333B95BAE99973BD223D214
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t5ReQ8rHGPO-bPlgX4Tyzb8Jwuc.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25160
IP address blocks:        163.5.18.0/24 maxlen: 24
                          163.5.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:29:be:23:33:b9:5b:ae:99:97:3b:d2:23:d2:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7945e43cac718f3be6cf9605f84f2cdbf09c2e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:62:e4:7c:c9:9c:7f:53:8e:34:50:f3:a2:ef:
                    72:a9:b1:b7:97:ab:98:3b:43:31:76:58:de:04:1e:
                    ab:9f:85:f4:70:d6:42:1a:ca:a2:74:99:f7:eb:4b:
                    7e:77:eb:1b:01:b3:4b:d1:54:d9:7e:4c:1a:8e:79:
                    09:49:a6:fa:22:3a:09:88:12:e6:30:78:b4:07:21:
                    d5:54:fd:a5:f4:7b:90:71:14:cc:a3:c0:b6:bd:17:
                    cf:d9:40:15:78:cb:1e:9d:e3:c1:59:84:94:95:3d:
                    51:aa:62:a8:08:96:d4:18:9b:7b:11:7c:e1:83:66:
                    e0:31:2a:5f:0f:34:a4:8c:82:58:05:77:b7:fe:a3:
                    cf:3b:ba:a3:df:ed:d8:fd:35:66:21:4b:37:e1:89:
                    45:cb:43:3f:c9:b7:aa:ab:77:98:50:f1:a0:65:b4:
                    81:e7:2b:cc:5b:49:92:f7:a9:c1:17:05:fd:85:5f:
                    cc:40:d7:08:96:64:ad:7c:5f:e7:00:d3:91:4d:74:
                    38:21:81:b1:71:34:96:12:e3:10:17:33:fd:62:9f:
                    52:20:61:93:d6:1b:a3:fa:81:96:db:8e:0d:3e:4b:
                    4c:ab:c4:46:4a:86:7d:7c:e9:4a:9e:8d:85:2c:0a:
                    57:a2:99:af:a5:ca:bb:a6:09:ad:dd:5c:55:82:98:
                    84:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:94:5E:43:CA:C7:18:F3:BE:6C:F9:60:5F:84:F2:CD:BF:09:C2:E7
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t5ReQ8rHGPO-bPlgX4Tyzb8Jwuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:7e:81:a0:f4:1e:35:85:6c:fa:1a:c4:d8:5d:f0:1c:fd:ba:
         da:7b:b4:f4:05:19:16:5f:0d:81:5d:36:90:bc:2a:ea:d8:55:
         8c:d3:d7:18:41:48:81:89:d1:8d:5c:e9:8b:60:52:cb:d7:8f:
         57:88:d4:18:03:c5:b7:21:14:c6:e4:5b:b6:4a:34:af:43:06:
         2c:74:3f:88:f2:73:86:f1:c7:31:96:26:7b:70:05:65:e6:18:
         0c:69:f0:08:a1:2b:5a:81:f1:56:67:0e:0c:6a:30:c4:53:6e:
         4b:d0:b8:e3:e3:c9:bc:90:1d:ab:e0:f6:61:26:ed:b2:59:c2:
         d7:eb:37:1c:83:39:df:c5:db:87:72:e7:f3:31:37:5c:bd:e4:
         b7:e4:75:83:43:99:c5:0f:01:95:28:60:f3:9b:71:91:fa:30:
         da:66:5f:e9:e2:78:fb:14:d2:bc:04:80:f2:f2:2b:e5:ee:31:
         6b:7b:c6:fa:64:9f:ac:f6:b8:e8:53:e4:ec:48:2d:0c:c3:a2:
         3b:e7:b6:6c:99:ac:48:d9:ab:1c:f3:e7:17:29:93:12:4b:ec:
         10:57:99:5a:61:c8:fa:b3:59:6f:b8:b1:76:75:2d:ef:8b:cf:
         91:20:57:12:3b:04:75:17:29:de:34:fa:8e:c4:65:73:ff:49:
         7e:f7:40:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaim+IzO5W66ZlzvSI9IUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzk0NWU0M2NhYzcxOGYzYmU2Y2Y5NjA1Zjg0ZjJjZGJmMDljMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGLkfMmcf1OONFDzou9yqbG3l6uY
O0MxdljeBB6rn4X0cNZCGsqidJn360t+d+sbAbNL0VTZfkwajnkJSab6IjoJiBLm
MHi0ByHVVP2l9HuQcRTMo8C2vRfP2UAVeMsenePBWYSUlT1RqmKoCJbUGJt7EXzh
g2bgMSpfDzSkjIJYBXe3/qPPO7qj3+3Y/TVmIUs34YlFy0M/ybeqq3eYUPGgZbSB
5yvMW0mS96nBFwX9hV/MQNcIlmStfF/nANORTXQ4IYGxcTSWEuMQFzP9Yp9SIGGT
1huj+oGW244NPktMq8RGSoZ9fOlKno2FLApXopmvpcq7pgmt3VxVgpiELwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeUXkPKxxjzvmz5YF+E8s2/CcLnMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdDVSZVE4ckhHUE8tYlBsZ1g0VHl6YjhKd3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBowUSMA0G
CSqGSIb3DQEBCwUAA4IBAQBffoGg9B41hWz6GsTYXfAc/brae7T0BRkWXw2BXTaQ
vCrq2FWM09cYQUiBidGNXOmLYFLL149XiNQYA8W3IRTG5Fu2SjSvQwYsdD+I8nOG
8ccxliZ7cAVl5hgMafAIoStagfFWZw4MajDEU25L0Ljj48m8kB2r4PZhJu2yWcLX
6zccgznfxduHcufzMTdcveS35HWDQ5nFDwGVKGDzm3GR+jDaZl/p4nj7FNK8BIDy
8ivl7jFre8b6ZJ+s9rjoU+TsSC0Mw6I757ZsmaxI2asc8+cXKZMSS+wQV5laYcj6
s1lvuLF2dS3vi8+RIFcSOwR1FyneNPqOxGVz/0l+90Az
-----END CERTIFICATE-----