Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t8Ubb4G6p1r0BHJtMm-77H5vOio.roa
File:                     t8Ubb4G6p1r0BHJtMm-77H5vOio.roa (raw, json)
Hash identifier:          NyALtlxT/etf10zf6IhF0++u/dMgUJ6RPmkx76FxY8U=
Subject key identifier:   B7:C5:1B:6F:81:BA:A7:5A:F4:04:72:6D:32:6F:BB:EC:7E:6F:3A:2A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018EE86E99F82756AD598432DEFF8CE7C364
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t8Ubb4G6p1r0BHJtMm-77H5vOio.roa
Signing time:             Tue 16 Apr 2024 19:42:26 +0000
ROA not before:           Tue 16 Apr 2024 19:42:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        163.5.86.0/24 maxlen: 24
                          163.5.97.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e8:6e:99:f8:27:56:ad:59:84:32:de:ff:8c:e7:c3:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 16 19:42:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7c51b6f81baa75af404726d326fbbec7e6f3a2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fc:47:9e:3b:c8:6c:8d:04:cb:54:2d:27:f4:
                    6e:0d:0d:9a:43:e1:19:51:0f:33:a2:c8:af:02:e0:
                    97:7b:33:1e:51:ab:71:87:9f:ff:5a:1d:ae:70:0a:
                    0a:68:b8:42:b6:b9:2c:e6:cc:87:87:8c:fd:fe:c0:
                    96:3c:e4:bd:8d:61:c1:68:a3:95:f6:21:36:3a:64:
                    8f:89:5e:c8:d5:38:00:e3:0f:36:5a:21:71:18:78:
                    bd:14:52:80:ff:f4:1f:ea:81:9d:23:e5:b2:c5:e0:
                    cb:ea:e8:12:6e:56:72:c3:61:45:35:c8:95:3a:2e:
                    4c:62:20:c7:06:a0:c6:7b:dd:d9:35:c9:d0:6f:e5:
                    a6:98:24:b8:57:5f:2d:59:32:2e:44:c3:29:9d:77:
                    d7:1d:1e:40:ef:94:c6:ab:e3:9a:a0:9b:b3:a9:4c:
                    7c:b5:e6:27:98:8e:b3:24:cb:76:7c:39:f7:c9:ee:
                    d0:b9:c8:f2:ee:63:85:af:96:ca:b0:19:09:8f:f8:
                    e7:c3:c8:5e:54:5d:21:2b:82:fe:f5:ed:9d:52:e5:
                    6a:d2:22:6b:fe:a0:a0:d1:18:d2:dc:b5:9f:b7:0a:
                    cd:da:54:ac:38:4a:7b:3d:a6:70:bb:37:df:17:6d:
                    6c:35:0c:c2:fe:7e:8f:ea:7a:fe:df:17:62:e2:b6:
                    6d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C5:1B:6F:81:BA:A7:5A:F4:04:72:6D:32:6F:BB:EC:7E:6F:3A:2A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t8Ubb4G6p1r0BHJtMm-77H5vOio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.86.0/24
                  163.5.97.0/24
                  163.5.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:0a:fd:e7:4a:3e:6a:2c:85:88:28:87:f8:80:31:86:bd:5e:
         64:e2:06:fa:6a:b8:b3:cf:a3:0c:0f:ac:e8:e7:fc:8a:cf:63:
         fb:d8:c8:bc:77:78:90:3a:a1:da:9a:21:49:75:44:9c:18:9c:
         e4:cb:c7:2e:97:b8:c0:fb:10:f5:99:73:a4:b1:60:6f:9a:62:
         7a:e8:91:22:53:7b:f5:56:39:4b:42:24:2c:83:82:db:cb:15:
         95:9d:a7:3c:39:d7:b0:fb:b2:91:78:a7:d0:fb:4f:74:5d:9d:
         b5:fe:79:79:89:08:8f:21:f3:cb:79:70:21:3e:07:8f:66:a9:
         b5:4d:ff:69:b7:9c:4f:03:7b:da:ed:7d:76:66:61:23:08:c9:
         19:bf:6a:46:f6:a7:d8:27:63:d6:51:50:37:e0:2d:16:62:39:
         83:db:24:39:10:81:a5:85:07:7c:7f:a0:54:86:cc:f1:22:5a:
         a1:8c:a3:37:9a:da:24:0f:3b:4e:bb:86:3e:96:80:0f:bf:fd:
         70:f7:af:a6:51:2a:18:35:15:8e:c4:3e:8c:35:f4:25:21:3a:
         81:79:b7:47:d3:b2:1e:3f:5d:e5:e1:4f:e3:ee:97:6a:ee:2b:
         4f:48:84:d5:7b:df:b6:7b:98:9a:9c:33:97:dd:77:fa:83:8c:
         2c:9a:12:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7obpn4J1atWYQy3v+M58NkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNDE2MTk0MjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2M1MWI2ZjgxYmFhNzVhZjQwNDcyNmQzMjZmYmJlYzdlNmYzYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvxHnjvIbI0Ey1QtJ/RuDQ2aQ+EZ
UQ8zosivAuCXezMeUatxh5//Wh2ucAoKaLhCtrks5syHh4z9/sCWPOS9jWHBaKOV
9iE2OmSPiV7I1TgA4w82WiFxGHi9FFKA//Qf6oGdI+WyxeDL6ugSblZyw2FFNciV
Oi5MYiDHBqDGe93ZNcnQb+WmmCS4V18tWTIuRMMpnXfXHR5A75TGq+OaoJuzqUx8
teYnmI6zJMt2fDn3ye7Qucjy7mOFr5bKsBkJj/jnw8heVF0hK4L+9e2dUuVq0iJr
/qCg0RjS3LWftwrN2lSsOEp7PaZwuzffF21sNQzC/n6P6nr+3xdi4rZtzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLfFG2+Buqda9ARybTJvu+x+bzoqMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdDhVYmI0RzZwMXIwQkhKdE1tLTc3SDV2T2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVWAwQA
owVhAwQAowV2MA0GCSqGSIb3DQEBCwUAA4IBAQCJCv3nSj5qLIWIKIf4gDGGvV5k
4gb6arizz6MMD6zo5/yKz2P72Mi8d3iQOqHamiFJdUScGJzky8cul7jA+xD1mXOk
sWBvmmJ66JEiU3v1VjlLQiQsg4LbyxWVnac8Odew+7KReKfQ+090XZ21/nl5iQiP
IfPLeXAhPgePZqm1Tf9pt5xPA3va7X12ZmEjCMkZv2pG9qfYJ2PWUVA34C0WYjmD
2yQ5EIGlhQd8f6BUhszxIlqhjKM3mtokDztOu4Y+loAPv/1w96+mUSoYNRWOxD6M
NfQlITqBebdH07IeP13l4U/j7pdq7itPSITVe9+2e5ianDOX3Xf6g4wsmhLj
-----END CERTIFICATE-----