Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t_sl1sd5lxcDSS3oxcSgr-QTmfM.roa
File:                     t_sl1sd5lxcDSS3oxcSgr-QTmfM.roa (raw, json)
Hash identifier:          Dsz+bpVJVbOdiJLstgd2wVO5EVzHUS2qv97AltraGGE=
Subject key identifier:   B7:FB:25:D6:C7:79:97:17:03:49:2D:E8:C5:C4:A0:AF:E4:13:99:F3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0192E2CDF72A533D2CC1CADF481F9C319603
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t_sl1sd5lxcDSS3oxcSgr-QTmfM.roa
Signing time:             Thu 31 Oct 2024 13:40:01 +0000
ROA not before:           Thu 31 Oct 2024 13:40:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395793
IP address blocks:        163.5.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:cd:f7:2a:53:3d:2c:c1:ca:df:48:1f:9c:31:96:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct 31 13:40:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7fb25d6c779971703492de8c5c4a0afe41399f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d4:0a:4c:18:83:df:10:87:1a:76:dc:f3:13:
                    05:e0:d1:a1:74:9f:c5:2d:c7:50:ce:41:82:f1:1e:
                    32:51:b7:44:fc:09:5d:33:78:bd:93:64:33:02:fd:
                    4f:6a:94:3a:19:50:e2:85:88:f4:e3:96:a1:9f:82:
                    6d:23:04:64:d3:5f:e8:ad:6e:5a:d2:f6:19:5d:5e:
                    b2:83:f7:10:44:71:70:4b:60:31:23:34:6b:72:e9:
                    d1:f9:81:f1:32:8f:7c:b8:d1:2d:0a:42:86:47:e5:
                    71:79:27:8f:7a:ff:84:6d:a0:a2:0e:f7:72:87:f0:
                    53:32:3e:ec:26:9e:2f:2a:d2:d1:db:4e:14:6a:ea:
                    95:a1:62:de:7b:09:c5:34:12:b1:e0:c8:f1:2c:a5:
                    3e:27:05:09:e3:bd:b0:8a:25:7b:21:86:c3:13:23:
                    c3:f2:64:b3:fc:ec:0d:ec:79:38:f3:76:40:b8:a3:
                    20:6f:86:3a:26:ce:09:70:e1:6c:8b:a9:0a:5a:68:
                    be:fb:9d:dc:2d:91:6b:2f:01:42:ce:3b:57:0e:0a:
                    83:35:4a:f3:33:12:5e:67:7e:95:82:ec:37:47:43:
                    4f:fe:cb:84:d1:db:2d:75:9a:55:bc:da:d3:49:05:
                    8f:d5:42:59:0e:b5:57:1d:55:27:11:7b:83:dc:7b:
                    5b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:FB:25:D6:C7:79:97:17:03:49:2D:E8:C5:C4:A0:AF:E4:13:99:F3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t_sl1sd5lxcDSS3oxcSgr-QTmfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:b9:ee:80:c1:19:7e:1a:f3:6f:b3:df:38:5e:64:c2:b4:15:
         f1:d5:32:8e:cb:22:c4:6b:41:0f:a6:2f:da:bc:c9:e8:c5:d6:
         3b:c5:62:aa:66:06:47:08:95:16:ed:dc:28:2f:66:5a:7b:79:
         d9:a4:bb:ba:93:5b:42:1f:fb:d1:06:c2:a0:d9:63:17:ab:8b:
         85:0c:f7:3c:85:4a:b9:4a:ff:2d:6c:30:18:49:b6:a7:4a:54:
         66:d7:03:f5:fb:55:34:db:f3:ce:27:b8:18:10:09:2e:b1:a8:
         43:7f:d9:a5:07:05:79:57:f8:35:e2:7b:76:60:70:ae:9d:ba:
         6c:e2:7e:66:b8:e0:73:11:cd:9d:59:dc:89:3f:c2:b7:dd:69:
         a4:cb:c2:7f:1d:04:d7:ac:a9:12:b1:b9:bd:5d:79:fc:90:60:
         2d:bc:90:d4:4e:ad:7a:21:3f:69:db:9e:fa:f5:fa:c6:ab:df:
         24:4c:0c:7f:dd:b0:84:5e:40:1b:7b:a6:a2:e6:f6:81:c1:4e:
         81:fd:ae:9d:37:58:0b:21:3a:f1:45:20:49:82:35:73:ce:8c:
         94:4e:17:46:8d:31:79:fd:42:59:65:ee:f6:17:83:f4:f6:64:
         43:57:fb:1b:05:28:7a:ca:36:d8:80:9e:a4:7b:2a:61:4e:b0:
         86:3f:0c:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLizfcqUz0swcrfSB+cMZYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMDMxMTM0MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2ZiMjVkNmM3Nzk5NzE3MDM0OTJkZThjNWM0YTBhZmU0MTM5OWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9QKTBiD3xCHGnbc8xMF4NGhdJ/F
LcdQzkGC8R4yUbdE/AldM3i9k2QzAv1PapQ6GVDihYj045ahn4JtIwRk01/orW5a
0vYZXV6yg/cQRHFwS2AxIzRrcunR+YHxMo98uNEtCkKGR+VxeSePev+EbaCiDvdy
h/BTMj7sJp4vKtLR204UauqVoWLeewnFNBKx4MjxLKU+JwUJ472wiiV7IYbDEyPD
8mSz/OwN7Hk483ZAuKMgb4Y6Js4JcOFsi6kKWmi++53cLZFrLwFCzjtXDgqDNUrz
MxJeZ36Vguw3R0NP/suE0dstdZpVvNrTSQWP1UJZDrVXHVUnEXuD3HtbJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLf7JdbHeZcXA0kt6MXEoK/kE5nzMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdF9zbDFzZDVseGNEU1Mzb3hjU2dyLVFUbWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUsMA0G
CSqGSIb3DQEBCwUAA4IBAQCQue6AwRl+GvNvs984XmTCtBXx1TKOyyLEa0EPpi/a
vMnoxdY7xWKqZgZHCJUW7dwoL2Zae3nZpLu6k1tCH/vRBsKg2WMXq4uFDPc8hUq5
Sv8tbDAYSbanSlRm1wP1+1U02/POJ7gYEAkusahDf9mlBwV5V/g14nt2YHCunbps
4n5muOBzEc2dWdyJP8K33Wmky8J/HQTXrKkSsbm9XXn8kGAtvJDUTq16IT9p2576
9frGq98kTAx/3bCEXkAbe6ai5vaBwU6B/a6dN1gLITrxRSBJgjVzzoyUThdGjTF5
/UJZZe72F4P09mRDV/sbBSh6yjbYgJ6keyphTrCGPwxk
-----END CERTIFICATE-----