Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ucTJ2iV3KNLqBzSOQtJ9kV8g9xY.roa
File:                     ucTJ2iV3KNLqBzSOQtJ9kV8g9xY.roa (raw, json)
Hash identifier:          CeyGJVri/QEs+XeT9qQb2bhZKmC6AK+mGSNhawaX0fA=
Subject key identifier:   B9:C4:C9:DA:25:77:28:D2:EA:07:34:8E:42:D2:7D:91:5F:20:F7:16
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0193122A4C6541011086F00342061ACE3408
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ucTJ2iV3KNLqBzSOQtJ9kV8g9xY.roa
Signing time:             Sat 09 Nov 2024 18:23:02 +0000
ROA not before:           Sat 09 Nov 2024 18:23:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204372
IP address blocks:        163.5.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:12:2a:4c:65:41:01:10:86:f0:03:42:06:1a:ce:34:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov  9 18:23:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9c4c9da257728d2ea07348e42d27d915f20f716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:41:8e:09:95:55:a7:82:68:6a:b7:e9:5e:77:
                    f7:7e:83:37:af:6b:ae:2f:5a:b9:59:89:54:bb:51:
                    19:f0:b3:b3:61:22:a8:c9:92:e8:ad:52:19:05:4f:
                    19:82:e9:5c:46:9d:19:80:dc:9f:b4:f6:d3:05:89:
                    b9:0b:1a:a9:d9:3e:5e:f6:2f:6e:4c:43:01:ff:10:
                    1a:83:1b:db:cb:70:08:55:ee:5b:cc:c2:ab:0b:ad:
                    a1:29:55:68:a1:0e:b8:07:23:84:87:17:90:99:4e:
                    98:37:30:90:d9:72:e9:fc:09:1f:ae:06:df:d3:9a:
                    dc:de:87:04:cd:32:99:2b:84:15:65:2a:02:32:9a:
                    d4:c4:44:3c:1f:66:52:bb:fb:14:89:0d:53:ec:f5:
                    b1:55:16:09:ab:b4:96:f8:d7:29:31:d5:0a:5d:4f:
                    da:f7:90:6e:18:ed:c9:e8:41:d9:7e:f0:1f:73:67:
                    c2:2a:0b:2f:6f:e3:07:46:ce:52:ec:08:6d:af:7f:
                    ae:e2:98:7a:94:38:25:82:c0:53:3a:92:e4:93:ba:
                    f5:a4:20:5e:74:f6:7f:45:1d:e2:be:9d:d6:d6:bf:
                    9e:ca:3e:bb:c7:27:69:ae:58:b1:bb:b6:54:17:d8:
                    0f:c0:b8:21:fa:2b:2b:c1:d9:b6:22:85:44:e0:f2:
                    63:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:C4:C9:DA:25:77:28:D2:EA:07:34:8E:42:D2:7D:91:5F:20:F7:16
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ucTJ2iV3KNLqBzSOQtJ9kV8g9xY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:10:07:e8:02:d8:bc:cb:0d:71:4a:76:b9:b8:d7:3c:fa:7c:
         55:91:99:82:90:b0:be:3f:57:e1:a3:5a:f7:83:6b:8a:53:b9:
         e2:b9:f3:e8:f1:c6:e5:d1:3d:e8:58:ff:3f:39:d2:b3:b2:64:
         52:2d:d2:2a:05:c0:f8:ba:08:ab:a5:77:5d:56:10:d5:dc:cc:
         0b:dd:a4:82:15:17:ab:4c:a4:3f:c1:5d:1c:20:fe:36:74:e3:
         f4:ce:28:95:1f:0d:06:90:4a:61:9e:7e:d8:78:5a:5f:47:2a:
         e5:e1:e6:fd:bb:f9:91:82:e7:28:d0:35:23:88:c7:86:da:dd:
         22:10:1b:0e:5a:8f:0d:6e:10:4b:4a:19:7c:4e:6a:e0:7a:13:
         f5:a0:d7:21:1e:30:7b:47:8e:e8:7c:c9:dd:51:69:d7:38:18:
         ba:01:0f:ae:ec:9c:c1:ee:cf:cc:76:4c:40:fc:1b:80:c0:57:
         9f:1b:b1:9f:88:79:a9:71:c0:f7:f8:0f:ca:a2:a5:2a:83:d6:
         78:e3:6d:56:26:a6:35:13:be:70:af:c5:c8:9e:7b:03:9d:09:
         8c:93:67:f3:c1:b5:1a:bf:ff:cd:cc:1c:d0:8d:48:08:6d:41:
         18:a3:89:e3:0d:60:81:cc:f8:9a:77:15:30:91:02:58:4d:6a:
         84:19:b2:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMSKkxlQQEQhvADQgYazjQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMTA5MTgyMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWM0YzlkYTI1NzcyOGQyZWEwNzM0OGU0MmQyN2Q5MTVmMjBmNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskGOCZVVp4JoarfpXnf3foM3r2uu
L1q5WYlUu1EZ8LOzYSKoyZLorVIZBU8ZgulcRp0ZgNyftPbTBYm5Cxqp2T5e9i9u
TEMB/xAagxvby3AIVe5bzMKrC62hKVVooQ64ByOEhxeQmU6YNzCQ2XLp/Akfrgbf
05rc3ocEzTKZK4QVZSoCMprUxEQ8H2ZSu/sUiQ1T7PWxVRYJq7SW+NcpMdUKXU/a
95BuGO3J6EHZfvAfc2fCKgsvb+MHRs5S7Ahtr3+u4ph6lDglgsBTOpLkk7r1pCBe
dPZ/RR3ivp3W1r+eyj67xydprlixu7ZUF9gPwLgh+isrwdm2IoVE4PJjyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLnEydoldyjS6gc0jkLSfZFfIPcWMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdWNUSjJpVjNLTkxxQnpTT1F0SjlrVjhnOXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVjMA0G
CSqGSIb3DQEBCwUAA4IBAQCPEAfoAti8yw1xSna5uNc8+nxVkZmCkLC+P1fho1r3
g2uKU7niufPo8cbl0T3oWP8/OdKzsmRSLdIqBcD4ugirpXddVhDV3MwL3aSCFRer
TKQ/wV0cIP42dOP0ziiVHw0GkEphnn7YeFpfRyrl4eb9u/mRguco0DUjiMeG2t0i
EBsOWo8NbhBLShl8TmrgehP1oNchHjB7R47ofMndUWnXOBi6AQ+u7JzB7s/MdkxA
/BuAwFefG7GfiHmpccD3+A/KoqUqg9Z4421WJqY1E75wr8XInnsDnQmMk2fzwbUa
v//NzBzQjUgIbUEYo4njDWCBzPiadxUwkQJYTWqEGbLf
-----END CERTIFICATE-----