Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vfxByqMomJrDx7yXN7lopiIpJ20.roa
File:                     vfxByqMomJrDx7yXN7lopiIpJ20.roa (raw, json)
Hash identifier:          iE3wLPpqfFb6gItk8VF9G3vx3XPK9+W6t0kGjqEKEa8=
Subject key identifier:   BD:FC:41:CA:A3:28:98:9A:C3:C7:BC:97:37:B9:68:A6:22:29:27:6D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A25EF3232A589B30F2959D0B1157A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vfxByqMomJrDx7yXN7lopiIpJ20.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        163.5.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:25:ef:32:32:a5:89:b3:0f:29:59:d0:b1:15:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdfc41caa328989ac3c7bc9737b968a62229276d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3c:ba:cc:6d:23:89:59:3d:2a:4c:40:b4:9d:
                    32:65:94:14:11:78:4c:1b:03:fd:00:24:a4:96:a8:
                    1d:d1:62:ae:c9:5f:9d:64:2e:28:d7:f4:b2:cb:3f:
                    f0:f9:9a:9e:75:24:d7:cd:6b:24:b8:00:80:48:4f:
                    ac:e3:f8:59:eb:08:d4:4c:e8:19:76:ba:99:00:59:
                    90:dd:17:de:96:f0:21:8a:cd:d1:d7:d9:63:b3:c0:
                    6c:c7:df:ec:7b:5b:c5:8a:b7:31:22:1f:8c:f3:2a:
                    bd:e0:e8:de:fb:01:e1:52:bb:09:ac:d2:4c:ef:fe:
                    83:11:91:14:1f:36:c6:49:4d:ea:2f:7f:ee:64:3e:
                    20:3b:3a:51:21:4f:68:db:21:2f:c3:0d:72:64:9e:
                    b8:74:5e:bd:5e:e3:7f:76:23:30:29:df:a9:77:f3:
                    ff:fe:5c:98:7e:0a:75:d3:78:25:e2:44:d9:43:df:
                    19:62:dc:f6:ae:16:75:71:9b:73:d9:65:7a:3a:4d:
                    56:97:ec:d9:3f:29:e2:ad:68:10:39:8c:fa:b7:30:
                    e9:5d:25:ed:98:5d:e4:20:bd:12:75:2b:39:25:94:
                    23:a1:f3:e9:77:1f:46:fd:20:9d:ff:32:a7:d0:3c:
                    73:7b:af:91:16:ad:b0:6b:72:c5:d8:eb:ad:38:5c:
                    f5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:FC:41:CA:A3:28:98:9A:C3:C7:BC:97:37:B9:68:A6:22:29:27:6D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vfxByqMomJrDx7yXN7lopiIpJ20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:24:42:11:08:4e:f3:84:ab:dd:1b:2d:26:59:66:5e:41:ad:
         82:29:bc:90:7d:83:9f:a9:82:6d:37:a4:a3:05:f0:cf:9f:aa:
         05:aa:d0:bc:d8:25:f8:c4:89:81:06:93:0a:78:b8:91:2a:ef:
         6a:20:0b:b6:4b:4b:24:e8:fc:4a:c5:ea:0f:18:2e:d3:dd:8e:
         87:61:d4:19:9f:8a:d9:78:c0:56:cd:e1:78:18:5f:7f:df:9a:
         ff:f4:80:d7:88:d3:e6:c4:98:20:0e:e4:ef:d8:72:39:d8:46:
         7c:ef:31:2e:12:3c:0a:03:21:a0:5e:b2:cc:40:d5:97:b3:6c:
         90:69:c0:fe:96:97:c5:54:74:36:26:9d:d0:5f:d4:84:42:a3:
         86:c7:ff:48:4b:d5:dd:55:c3:e5:4a:8b:45:09:86:de:38:dd:
         f6:17:41:1c:f1:e8:0b:a1:9f:c7:b3:62:ad:2e:ba:3d:66:a1:
         53:59:2e:f9:43:8f:da:fa:d0:e1:52:6c:fc:82:03:ec:81:db:
         73:d5:56:62:aa:ae:0b:db:78:28:5a:aa:20:63:5d:8c:f6:01:
         fe:51:2f:53:b3:2b:54:7e:0e:45:bc:fa:cb:c3:d7:08:ed:20:
         32:89:74:36:89:ae:9a:ef:3a:cc:3d:42:2d:19:ac:fa:5a:e5:
         9e:99:7e:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiXvMjKlibMPKVnQsRV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGZjNDFjYWEzMjg5ODlhYzNjN2JjOTczN2I5NjhhNjIyMjkyNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDy6zG0jiVk9KkxAtJ0yZZQUEXhM
GwP9ACSklqgd0WKuyV+dZC4o1/Syyz/w+ZqedSTXzWskuACASE+s4/hZ6wjUTOgZ
drqZAFmQ3RfelvAhis3R19ljs8Bsx9/se1vFircxIh+M8yq94Oje+wHhUrsJrNJM
7/6DEZEUHzbGSU3qL3/uZD4gOzpRIU9o2yEvww1yZJ64dF69XuN/diMwKd+pd/P/
/lyYfgp103gl4kTZQ98ZYtz2rhZ1cZtz2WV6Ok1Wl+zZPynirWgQOYz6tzDpXSXt
mF3kIL0SdSs5JZQjofPpdx9G/SCd/zKn0Dxze6+RFq2wa3LF2OutOFz1nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL38QcqjKJiaw8e8lze5aKYiKSdtMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdmZ4QnlxTW9tSnJEeDd5WE43bG9waUlwSjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW+MA0G
CSqGSIb3DQEBCwUAA4IBAQCtJEIRCE7zhKvdGy0mWWZeQa2CKbyQfYOfqYJtN6Sj
BfDPn6oFqtC82CX4xImBBpMKeLiRKu9qIAu2S0sk6PxKxeoPGC7T3Y6HYdQZn4rZ
eMBWzeF4GF9/35r/9IDXiNPmxJggDuTv2HI52EZ87zEuEjwKAyGgXrLMQNWXs2yQ
acD+lpfFVHQ2Jp3QX9SEQqOGx/9IS9XdVcPlSotFCYbeON32F0Ec8egLoZ/Hs2Kt
Lro9ZqFTWS75Q4/a+tDhUmz8ggPsgdtz1VZiqq4L23goWqogY12M9gH+US9TsytU
fg5FvPrLw9cI7SAyiXQ2ia6a7zrMPUItGaz6WuWemX6a
-----END CERTIFICATE-----