Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/tt9WBo7tPbe5rTBscfQ1es--N-s.roa
File:                     tt9WBo7tPbe5rTBscfQ1es--N-s.roa (raw, json)
Hash identifier:          gOx2tH2K4eLIgXkbVKifVrNueWyecGb4AGnirgGYodo=
Subject key identifier:   B6:DF:56:06:8E:ED:3D:B7:B9:AD:30:6C:71:F4:35:7A:CF:BE:37:EB
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0196F7BD735FE5A0441EE33D4BB2ACE24138
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/tt9WBo7tPbe5rTBscfQ1es--N-s.roa
Signing time:             Thu 22 May 2025 11:25:10 +0000
ROA not before:           Thu 22 May 2025 11:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        163.5.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:bd:73:5f:e5:a0:44:1e:e3:3d:4b:b2:ac:e2:41:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 22 11:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6df56068eed3db7b9ad306c71f4357acfbe37eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:68:fd:03:2a:66:9a:6e:24:57:ce:f8:9f:8c:
                    b8:b8:bd:a2:63:ac:cb:58:29:f4:36:cd:a3:c5:6a:
                    aa:70:1b:9d:1c:d4:07:8f:2e:d3:57:7a:e1:0b:fe:
                    78:25:72:93:2d:d1:c0:9b:3d:20:78:41:9e:77:b9:
                    c0:bd:fb:b4:b9:5c:47:76:07:13:d6:1c:95:ef:e4:
                    93:ec:c2:14:ca:a3:ad:2d:ef:9c:2a:0a:4d:5c:0a:
                    2a:22:fd:78:ad:99:0d:ff:69:cb:64:79:71:e6:8d:
                    ab:04:33:fd:e5:7e:06:7a:cf:60:30:f6:50:53:39:
                    9d:1e:90:5d:aa:03:00:70:8a:36:14:cb:7b:b5:18:
                    f1:3e:37:83:6c:51:06:8e:a3:42:9e:3d:58:b2:79:
                    aa:18:c6:c2:f0:f5:4d:6f:1b:78:c6:d8:f6:88:0d:
                    24:54:db:fa:83:f2:8f:de:9b:c9:67:07:43:dd:0c:
                    a4:bf:6d:ab:9e:58:3b:25:d5:6a:20:6c:20:be:37:
                    d7:4a:01:58:d7:aa:a0:fa:1f:2a:08:92:15:c5:c2:
                    cf:8f:36:70:85:ba:38:bb:09:e6:b0:19:ba:91:63:
                    2e:4b:13:72:2f:eb:ef:3b:77:69:53:a1:59:20:e1:
                    46:7d:fd:b5:50:28:3d:fa:16:de:79:5f:50:4f:96:
                    b9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:DF:56:06:8E:ED:3D:B7:B9:AD:30:6C:71:F4:35:7A:CF:BE:37:EB
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/tt9WBo7tPbe5rTBscfQ1es--N-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:e9:bb:8b:1e:9a:4f:59:55:89:84:0c:66:4f:c6:ca:b8:35:
         39:a3:ed:bf:e4:31:1e:89:93:84:b7:c2:36:ca:8a:8e:a6:10:
         97:f9:c8:a7:d1:80:13:b3:9f:86:dc:4f:df:34:b1:21:10:ec:
         97:06:dc:6a:09:5f:01:17:00:cd:25:c6:e5:9e:70:d1:22:74:
         ab:d8:37:26:ab:53:91:53:90:49:11:18:0a:49:0a:76:4a:71:
         4b:94:2f:a6:97:0b:04:a6:98:10:34:0f:77:70:a7:f0:82:da:
         89:e9:56:97:30:c2:aa:0b:0c:ae:0e:c5:1d:5d:3c:ad:3d:6c:
         98:4d:d8:91:b4:46:c0:aa:87:e4:d7:58:e2:49:37:71:dd:1f:
         f1:62:65:c1:70:99:c8:b2:23:80:f8:34:66:a1:b3:ef:18:94:
         ca:f4:09:3b:04:e3:d6:b6:a8:17:8c:5d:64:5e:30:ef:1b:84:
         16:0c:a5:94:40:44:39:21:cb:2e:36:e1:e0:ac:5e:90:7e:0f:
         1e:42:0b:c4:6a:b1:a8:09:4f:cf:09:03:85:cd:a1:92:0e:d0:
         0e:d1:2c:0d:8a:50:2e:c2:3a:4c:f9:c9:17:c9:0c:56:c0:93:
         51:dc:8c:84:16:99:c7:26:bc:8b:d2:0f:fa:d4:13:74:a8:b4:
         7e:cd:ad:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb3vXNf5aBEHuM9S7Ks4kE4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNTIyMTEyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmRmNTYwNjhlZWQzZGI3YjlhZDMwNmM3MWY0MzU3YWNmYmUzN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmj9Aypmmm4kV874n4y4uL2iY6zL
WCn0Ns2jxWqqcBudHNQHjy7TV3rhC/54JXKTLdHAmz0geEGed7nAvfu0uVxHdgcT
1hyV7+ST7MIUyqOtLe+cKgpNXAoqIv14rZkN/2nLZHlx5o2rBDP95X4Ges9gMPZQ
UzmdHpBdqgMAcIo2FMt7tRjxPjeDbFEGjqNCnj1YsnmqGMbC8PVNbxt4xtj2iA0k
VNv6g/KP3pvJZwdD3Qykv22rnlg7JdVqIGwgvjfXSgFY16qg+h8qCJIVxcLPjzZw
hbo4uwnmsBm6kWMuSxNyL+vvO3dpU6FZIOFGff21UCg9+hbeeV9QT5a5RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbfVgaO7T23ua0wbHH0NXrPvjfrMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdHQ5V0JvN3RQYmU1clRCc2NmUTFlcy0tTi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXpMA0G
CSqGSIb3DQEBCwUAA4IBAQCn6buLHppPWVWJhAxmT8bKuDU5o+2/5DEeiZOEt8I2
yoqOphCX+cin0YATs5+G3E/fNLEhEOyXBtxqCV8BFwDNJcblnnDRInSr2Dcmq1OR
U5BJERgKSQp2SnFLlC+mlwsEppgQNA93cKfwgtqJ6VaXMMKqCwyuDsUdXTytPWyY
TdiRtEbAqofk11jiSTdx3R/xYmXBcJnIsiOA+DRmobPvGJTK9Ak7BOPWtqgXjF1k
XjDvG4QWDKWUQEQ5IcsuNuHgrF6Qfg8eQgvEarGoCU/PCQOFzaGSDtAO0SwNilAu
wjpM+ckXyQxWwJNR3IyEFpnHJryL0g/61BN0qLR+za3s
-----END CERTIFICATE-----