Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/yP-iu2hFDjbFvHdRKghKZlfCeUI.roa
File:                     yP-iu2hFDjbFvHdRKghKZlfCeUI.roa (raw, json)
Hash identifier:          jO1SZGTH0xmqNQiABHSIdiP1G9BRmJIkmoJB9L1j0Qg=
Subject key identifier:   C8:FF:A2:BB:68:45:0E:36:C5:BC:77:51:2A:08:4A:66:57:C2:79:42
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A43CDDE632FC0C0ABE759779587EE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/yP-iu2hFDjbFvHdRKghKZlfCeUI.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207992
IP address blocks:        163.5.121.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:43:cd:de:63:2f:c0:c0:ab:e7:59:77:95:87:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8ffa2bb68450e36c5bc77512a084a6657c27942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:35:18:b5:5b:6c:9e:62:ca:59:e3:e9:98:df:
                    b1:2d:aa:df:2d:20:32:65:ae:07:18:1f:32:b1:15:
                    ae:0e:ae:19:51:a6:7b:19:6c:4f:a3:b8:22:ff:b0:
                    f2:ae:62:8e:d3:24:ab:a0:78:6e:f0:95:dd:8d:d8:
                    d0:cd:93:9a:8c:d1:68:21:2f:37:1d:37:cb:e7:05:
                    1a:48:1f:a0:b7:78:67:97:0f:3c:2d:d7:6c:bf:45:
                    3d:3e:6c:46:aa:39:e9:52:77:91:10:18:b1:9b:e5:
                    60:9b:84:23:98:ec:cf:7c:ba:ff:64:1f:e2:93:23:
                    1f:cb:87:62:7c:96:7c:19:66:44:4e:eb:5a:a7:95:
                    fb:2b:ce:d5:ca:44:30:46:63:fd:4e:1a:b8:b3:20:
                    cf:3c:84:9f:51:08:04:ab:fa:6a:b5:80:11:e2:ce:
                    60:34:8e:3b:69:fe:bf:37:ab:ed:8f:b8:4f:ae:14:
                    5d:b0:01:fa:d2:91:58:28:05:c5:2e:f3:10:ad:00:
                    4d:97:22:9f:51:a6:b5:2b:7e:ab:81:e1:45:80:a7:
                    30:5a:1b:ce:b8:d9:1c:46:c8:07:87:05:51:7b:40:
                    38:01:db:68:31:37:d7:b0:3a:13:3d:d9:1a:b4:20:
                    57:7a:97:ce:27:3e:fb:2f:55:da:aa:b1:51:f1:1a:
                    86:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:FF:A2:BB:68:45:0E:36:C5:BC:77:51:2A:08:4A:66:57:C2:79:42
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/yP-iu2hFDjbFvHdRKghKZlfCeUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.121.0/24
                  163.5.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:bf:4a:75:35:fe:01:ba:9d:75:89:b2:f4:0e:6e:82:34:c6:
         4e:a2:60:7a:5d:56:7d:07:65:0d:5f:31:c3:73:35:bb:66:e4:
         0a:80:32:6c:0a:fe:64:87:da:5e:25:a1:3a:f6:98:9c:ac:38:
         9c:f9:26:13:59:4d:3a:c0:a0:70:9d:4a:0b:98:28:a1:1f:71:
         67:04:d2:cb:dc:11:a5:28:08:ef:3f:8c:d3:1f:52:4a:f7:3b:
         0e:56:b4:f2:7b:d9:06:04:c4:82:ca:5e:70:da:d9:e5:93:54:
         cb:30:26:b3:e3:54:15:f7:22:ad:d2:59:00:7a:2c:ed:84:93:
         8e:d1:2c:d9:c1:fd:bf:e2:c9:d6:53:10:cd:c0:c6:e8:a0:eb:
         80:f4:26:62:38:50:c6:1b:87:de:ef:14:c4:e2:0b:a9:2d:8a:
         f6:26:f1:13:11:01:17:ac:18:29:44:c0:d4:8f:fd:7e:92:bd:
         69:e8:df:ba:23:94:52:6b:43:84:81:4d:d7:63:28:d2:a9:b6:
         6f:fd:b5:8b:0e:14:8f:5d:fd:92:ea:50:ac:18:d5:02:35:f4:
         06:ad:c1:d0:c3:1d:28:67:2c:30:9e:82:8d:93:e7:34:bc:6f:
         bc:2a:d0:46:d1:59:38:7f:7f:b4:25:25:be:7c:19:65:e4:39:
         a7:d9:d2:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjakPN3mMvwMCr51l3lYfuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGZmYTJiYjY4NDUwZTM2YzViYzc3NTEyYTA4NGE2NjU3YzI3OTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljUYtVtsnmLKWePpmN+xLarfLSAy
Za4HGB8ysRWuDq4ZUaZ7GWxPo7gi/7DyrmKO0ySroHhu8JXdjdjQzZOajNFoIS83
HTfL5wUaSB+gt3hnlw88Lddsv0U9PmxGqjnpUneREBixm+Vgm4QjmOzPfLr/ZB/i
kyMfy4difJZ8GWZETutap5X7K87VykQwRmP9Thq4syDPPISfUQgEq/pqtYAR4s5g
NI47af6/N6vtj7hPrhRdsAH60pFYKAXFLvMQrQBNlyKfUaa1K36rgeFFgKcwWhvO
uNkcRsgHhwVRe0A4AdtoMTfXsDoTPdkatCBXepfOJz77L1XaqrFR8RqGNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMj/ortoRQ42xbx3USoISmZXwnlCMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEveVAtaXUyaEZEamJGdkhkUktnaEtabGZDZVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowV5AwQA
owWfMA0GCSqGSIb3DQEBCwUAA4IBAQACv0p1Nf4Bup11ibL0Dm6CNMZOomB6XVZ9
B2UNXzHDczW7ZuQKgDJsCv5kh9peJaE69picrDic+SYTWU06wKBwnUoLmCihH3Fn
BNLL3BGlKAjvP4zTH1JK9zsOVrTye9kGBMSCyl5w2tnlk1TLMCaz41QV9yKt0lkA
eizthJOO0SzZwf2/4snWUxDNwMbooOuA9CZiOFDGG4fe7xTE4gupLYr2JvETEQEX
rBgpRMDUj/1+kr1p6N+6I5RSa0OEgU3XYyjSqbZv/bWLDhSPXf2S6lCsGNUCNfQG
rcHQwx0oZywwnoKNk+c0vG+8KtBG0Vk4f3+0JSW+fBll5Dmn2dKu
-----END CERTIFICATE-----