Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vf6OgKugOwrtAhAypXlI6ZtQtjU.roa
File:                     vf6OgKugOwrtAhAypXlI6ZtQtjU.roa (raw, json)
Hash identifier:          +O7uVhzC2Ci2DsNb69ukTM4Rk+vDeQ6+DNQ9SKR+tpo=
Subject key identifier:   BD:FE:8E:80:AB:A0:3B:0A:ED:02:10:32:A5:79:48:E9:9B:50:B6:35
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0195B97F1CFE03E032CFC7AEE2D8CE43E6FA
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vf6OgKugOwrtAhAypXlI6ZtQtjU.roa
Signing time:             Fri 21 Mar 2025 16:17:50 +0000
ROA not before:           Fri 21 Mar 2025 16:17:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        163.5.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b9:7f:1c:fe:03:e0:32:cf:c7:ae:e2:d8:ce:43:e6:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 21 16:17:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdfe8e80aba03b0aed021032a57948e99b50b635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:63:b6:88:94:f3:bd:df:62:97:75:8b:c6:b6:
                    b3:e6:bc:00:17:fd:ef:35:79:4c:7d:77:d8:db:f9:
                    da:3b:f4:b0:18:dd:6e:42:87:51:c7:a3:a5:34:51:
                    88:0c:fa:af:87:cf:7f:51:e3:7c:59:c8:00:0c:90:
                    92:55:3d:5a:18:85:f9:14:6a:8c:b8:38:0b:9b:44:
                    4e:a1:c5:62:ac:4c:01:ed:41:26:82:4f:6b:30:d9:
                    e7:c1:2d:65:ab:98:d4:0a:7e:74:49:ed:ac:5b:31:
                    2b:71:84:87:78:45:1f:e3:33:c1:2a:45:71:ba:03:
                    ff:25:45:18:1e:52:28:ec:14:04:a4:ad:1a:17:c8:
                    29:f1:85:79:a6:cd:f2:37:17:e9:ba:8a:95:5e:94:
                    c3:c8:51:c0:32:e8:4a:cf:cf:56:99:3d:f6:08:85:
                    03:8c:48:a2:25:00:00:91:1a:18:9b:07:4f:83:74:
                    00:33:a4:7a:90:5c:37:b0:94:53:ae:9c:f2:f1:6f:
                    25:11:5f:0b:57:52:de:82:1b:bc:8d:56:67:3b:8d:
                    75:91:8a:e5:ae:c3:bd:7f:7b:44:38:3f:3b:22:2b:
                    b6:f2:5a:d9:66:3b:2c:1d:00:2e:78:97:53:87:99:
                    a2:a1:cd:06:a6:9f:09:7e:8e:37:58:d6:40:27:ea:
                    97:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:FE:8E:80:AB:A0:3B:0A:ED:02:10:32:A5:79:48:E9:9B:50:B6:35
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vf6OgKugOwrtAhAypXlI6ZtQtjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:11:9b:30:f1:8e:16:e1:3c:59:86:1a:21:17:ba:a4:ff:40:
         98:02:4a:02:86:53:95:e8:10:db:3c:ec:cd:11:e3:16:3e:ad:
         40:10:e3:ad:89:38:19:08:03:a4:ae:71:2e:7f:c8:30:46:df:
         ec:db:3c:53:39:fb:9a:54:5f:bd:d8:3e:07:c9:a8:1e:a6:23:
         ce:ae:6e:5d:09:6c:0e:dd:46:f7:26:fe:3f:12:a8:30:cf:7d:
         33:ac:85:c3:c9:23:e5:45:a6:70:94:4d:39:93:81:64:ce:00:
         55:80:22:61:2b:52:88:93:93:c8:dd:77:9b:03:e7:81:9e:1a:
         4a:b1:96:1f:11:72:e5:4f:6f:e4:5e:96:cc:b5:dd:fe:71:25:
         ae:9e:86:80:f8:fa:96:9f:34:1a:60:19:9f:27:78:e8:68:e2:
         0d:b7:1a:52:75:04:c2:3c:b3:fe:dc:f7:00:b3:11:0a:1b:e6:
         c2:4a:fd:ab:b5:58:00:11:44:9c:29:7f:90:f6:d0:da:3a:7c:
         1f:47:2c:a5:6b:63:e1:05:33:4c:db:27:7d:08:f8:5c:bd:d1:
         a6:93:fd:b6:4c:de:9e:be:42:34:20:df:0a:2b:50:e5:53:54:
         53:fd:e2:bd:4e:fe:a2:25:cd:44:9e:23:34:95:2b:54:6b:70:
         a8:9f:44:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW5fxz+A+Ayz8eu4tjOQ+b6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMzIxMTYxNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGZlOGU4MGFiYTAzYjBhZWQwMjEwMzJhNTc5NDhlOTliNTBiNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWO2iJTzvd9il3WLxraz5rwAF/3v
NXlMfXfY2/naO/SwGN1uQodRx6OlNFGIDPqvh89/UeN8WcgADJCSVT1aGIX5FGqM
uDgLm0ROocVirEwB7UEmgk9rMNnnwS1lq5jUCn50Se2sWzErcYSHeEUf4zPBKkVx
ugP/JUUYHlIo7BQEpK0aF8gp8YV5ps3yNxfpuoqVXpTDyFHAMuhKz89WmT32CIUD
jEiiJQAAkRoYmwdPg3QAM6R6kFw3sJRTrpzy8W8lEV8LV1Leghu8jVZnO411kYrl
rsO9f3tEOD87Iiu28lrZZjssHQAueJdTh5mioc0Gpp8Jfo43WNZAJ+qX9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3+joCroDsK7QIQMqV5SOmbULY1MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdmY2T2dLdWdPd3J0QWhBeXBYbEk2WnRRdGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXlMA0G
CSqGSIb3DQEBCwUAA4IBAQCEEZsw8Y4W4TxZhhohF7qk/0CYAkoChlOV6BDbPOzN
EeMWPq1AEOOtiTgZCAOkrnEuf8gwRt/s2zxTOfuaVF+92D4HyagepiPOrm5dCWwO
3Ub3Jv4/Eqgwz30zrIXDySPlRaZwlE05k4FkzgBVgCJhK1KIk5PI3XebA+eBnhpK
sZYfEXLlT2/kXpbMtd3+cSWunoaA+PqWnzQaYBmfJ3joaOINtxpSdQTCPLP+3PcA
sxEKG+bCSv2rtVgAEUScKX+Q9tDaOnwfRyyla2PhBTNM2yd9CPhcvdGmk/22TN6e
vkI0IN8KK1DlU1RT/eK9Tv6iJc1EniM0lStUa3Con0SH
-----END CERTIFICATE-----