Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/xi6w832wAoBg9_kHeFNsECag3wY.roa
File:                     xi6w832wAoBg9_kHeFNsECag3wY.roa (raw, json)
Hash identifier:          Jfg5BhW3NkwM656G6KocOJgQCIbYSS+b8rOV63LwH4Y=
Subject key identifier:   C6:2E:B0:F3:7D:B0:02:80:60:F7:F9:07:78:53:6C:10:26:A0:DF:06
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0192BD336F205F8D47FA78ADA3FA22C7B76B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/xi6w832wAoBg9_kHeFNsECag3wY.roa
Signing time:             Thu 24 Oct 2024 06:25:17 +0000
ROA not before:           Thu 24 Oct 2024 06:25:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        163.5.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bd:33:6f:20:5f:8d:47:fa:78:ad:a3:fa:22:c7:b7:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct 24 06:25:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c62eb0f37db0028060f7f90778536c1026a0df06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:8a:db:0c:85:14:05:f3:32:97:14:5f:97:15:
                    2d:42:a3:51:66:0b:96:49:3b:98:cf:fb:04:4a:2f:
                    4f:93:02:20:26:cf:fa:8e:b8:7c:b3:7f:e3:bb:5a:
                    12:22:04:70:5e:a4:b0:26:a9:8e:33:34:78:3d:2c:
                    4b:31:14:dd:f7:ff:ea:53:e6:d8:e7:16:1e:c4:85:
                    56:32:8d:0a:70:83:7c:4b:00:1b:a5:b0:09:d0:96:
                    d2:b6:a2:20:ba:65:46:67:57:90:86:a7:80:2d:f3:
                    8a:64:da:7c:bf:d8:ff:7b:95:83:7d:a5:32:0b:ae:
                    0b:de:51:ef:2c:94:c7:b9:50:07:f2:5d:a5:af:81:
                    2f:bd:54:f7:c4:e4:9c:f4:1e:2b:f1:cb:95:bb:f3:
                    81:15:c0:b1:04:a9:65:e2:e9:a8:49:53:8a:e2:18:
                    34:cd:49:ca:3e:8b:85:b5:75:02:df:cc:7e:82:a1:
                    15:c2:df:e9:06:63:a4:3b:e0:82:6d:39:7c:d9:13:
                    e1:92:0d:7f:a7:84:e0:a5:84:5a:e1:3e:ec:20:cb:
                    d3:8a:b9:4b:0d:a5:e9:3f:53:8e:dd:3c:af:81:8f:
                    d7:cd:76:1b:e1:38:61:bf:3f:db:77:54:7c:40:9d:
                    87:8e:9b:5e:7c:08:b5:9a:3c:8c:99:d7:c9:75:d1:
                    d7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:2E:B0:F3:7D:B0:02:80:60:F7:F9:07:78:53:6C:10:26:A0:DF:06
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/xi6w832wAoBg9_kHeFNsECag3wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:eb:5b:b2:08:c4:1d:56:45:05:03:53:9d:cf:52:c4:d6:a5:
         3c:91:7b:41:20:39:cd:c6:79:d3:d7:66:59:8c:6e:3f:22:18:
         8f:be:39:a5:60:1d:09:0d:be:01:bb:89:40:78:0b:a8:53:a2:
         36:3b:3c:cb:dd:24:2c:f1:5d:7f:99:44:3f:7b:ab:1c:39:c4:
         ab:5d:81:3b:0d:74:67:c4:59:50:a9:a8:a5:75:c2:92:55:7f:
         16:59:c7:bc:08:4c:4a:52:7b:c8:e2:d3:08:a2:9a:90:fa:4c:
         c1:7a:c4:cb:ae:fe:36:1a:a9:4d:c1:7f:8a:87:74:c4:fd:62:
         5d:c0:87:f3:9d:5a:42:ea:cc:10:2b:a4:25:aa:a9:a4:91:74:
         f8:e3:2d:8c:0c:45:ca:25:0d:32:aa:2d:43:7d:f1:af:ca:07:
         37:98:1f:fc:a0:b3:55:cc:3d:58:de:bc:d5:2b:60:7a:7a:85:
         d0:99:77:b4:0b:f0:c0:0d:13:09:14:fe:e3:d9:5f:01:48:df:
         fe:bf:57:24:fd:1d:16:1f:a1:26:2c:64:1d:ab:b4:9d:6a:c8:
         37:77:61:78:91:4b:46:dc:1b:15:c3:b7:eb:e3:f4:a0:48:95:
         aa:df:3e:ed:4a:81:4d:70:15:62:73:5f:b0:c5:11:67:c7:1a:
         39:5f:93:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK9M28gX41H+nito/oix7drMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMDI0MDYyNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjJlYjBmMzdkYjAwMjgwNjBmN2Y5MDc3ODUzNmMxMDI2YTBkZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IrbDIUUBfMylxRflxUtQqNRZguW
STuYz/sESi9PkwIgJs/6jrh8s3/ju1oSIgRwXqSwJqmOMzR4PSxLMRTd9//qU+bY
5xYexIVWMo0KcIN8SwAbpbAJ0JbStqIgumVGZ1eQhqeALfOKZNp8v9j/e5WDfaUy
C64L3lHvLJTHuVAH8l2lr4EvvVT3xOSc9B4r8cuVu/OBFcCxBKll4umoSVOK4hg0
zUnKPouFtXUC38x+gqEVwt/pBmOkO+CCbTl82RPhkg1/p4TgpYRa4T7sIMvTirlL
DaXpP1OO3TyvgY/XzXYb4Thhvz/bd1R8QJ2HjptefAi1mjyMmdfJddHX6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYusPN9sAKAYPf5B3hTbBAmoN8GMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEveGk2dzgzMndBb0JnOV9rSGVGTnNFQ2FnM3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXRMA0G
CSqGSIb3DQEBCwUAA4IBAQBi61uyCMQdVkUFA1Odz1LE1qU8kXtBIDnNxnnT12ZZ
jG4/IhiPvjmlYB0JDb4Bu4lAeAuoU6I2OzzL3SQs8V1/mUQ/e6scOcSrXYE7DXRn
xFlQqaildcKSVX8WWce8CExKUnvI4tMIopqQ+kzBesTLrv42GqlNwX+Kh3TE/WJd
wIfznVpC6swQK6QlqqmkkXT44y2MDEXKJQ0yqi1DffGvygc3mB/8oLNVzD1Y3rzV
K2B6eoXQmXe0C/DADRMJFP7j2V8BSN/+v1ck/R0WH6EmLGQdq7Sdasg3d2F4kUtG
3BsVw7fr4/SgSJWq3z7tSoFNcBVic1+wxRFnxxo5X5NC
-----END CERTIFICATE-----