Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/z5118WYhciqg0eQU7Dd4TuzkQDM.roa
File:                     z5118WYhciqg0eQU7Dd4TuzkQDM.roa (raw, json)
Hash identifier:          mX0+oxuBB6eoVJypiko9ibwH/UzBwwBZc7hLvpP57qY=
Subject key identifier:   CF:9D:75:F1:66:21:72:2A:A0:D1:E4:14:EC:37:78:4E:EC:E4:40:33
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018E7205C80A782170C0289CF5D628B8440F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/z5118WYhciqg0eQU7Dd4TuzkQDM.roa
Signing time:             Sun 24 Mar 2024 19:52:45 +0000
ROA not before:           Sun 24 Mar 2024 19:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16125
IP address blocks:        163.5.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:72:05:c8:0a:78:21:70:c0:28:9c:f5:d6:28:b8:44:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 24 19:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf9d75f16621722aa0d1e414ec37784eece44033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c4:fd:98:f3:47:0f:91:e7:1b:bf:fa:fc:b0:
                    48:a4:09:47:bf:e6:9c:08:b4:ee:29:c1:01:7f:fe:
                    6d:2b:3b:03:1f:cd:cc:99:00:89:29:de:dd:a6:d3:
                    ac:83:46:b3:86:b2:8a:a2:2c:9f:9d:9e:6f:e4:34:
                    97:32:c3:0b:8b:1e:54:0e:50:67:28:ac:65:f6:ac:
                    04:65:43:0a:1a:8d:35:51:48:e2:61:65:f0:bb:d0:
                    60:0a:a1:ff:36:a8:7f:b6:5a:e7:aa:a4:d2:ed:d0:
                    1a:5d:72:da:ce:88:eb:2d:8c:90:6d:e7:24:d7:2f:
                    dc:ed:03:16:af:f2:06:67:5c:a2:dc:78:89:88:20:
                    d5:81:0c:65:c9:af:71:17:e4:37:bb:61:a6:53:cc:
                    df:15:57:11:7d:bb:52:91:17:fe:fb:9e:52:e3:78:
                    51:e5:7a:60:32:29:8d:56:68:46:ca:7a:72:62:a2:
                    00:ae:95:63:2a:c6:67:7b:ef:bc:37:68:52:8d:04:
                    f4:f9:04:c0:95:9f:8e:f5:2d:6c:c7:da:60:83:e8:
                    8e:84:e8:04:fc:54:a5:55:99:5a:de:a0:f7:43:46:
                    97:7c:ee:c4:77:f6:d8:be:55:7e:6b:24:3f:5d:ea:
                    53:fe:cb:76:72:90:a9:b8:23:0a:04:92:80:8d:d7:
                    99:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:9D:75:F1:66:21:72:2A:A0:D1:E4:14:EC:37:78:4E:EC:E4:40:33
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/z5118WYhciqg0eQU7Dd4TuzkQDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ef:1d:03:68:a2:b1:de:4f:07:ac:9d:85:4f:89:78:dd:b9:
         32:3e:41:dd:98:dd:13:02:ce:ff:97:be:9b:b1:38:5d:34:e0:
         83:e9:2a:67:cf:6c:52:49:6b:30:a6:e0:7e:56:44:e7:fa:d7:
         53:2a:55:a6:f7:ff:73:44:a2:03:88:a3:8d:8f:f3:a5:7c:cb:
         ce:e0:8e:53:6d:d1:27:ce:3e:7a:0d:77:d4:6e:c2:32:7f:ff:
         f9:6d:2d:a6:d8:a7:e0:3c:b8:40:43:27:7b:cb:05:7b:4b:d8:
         1a:16:b3:c1:40:ba:dd:ae:1c:36:cd:d5:bd:91:37:86:41:b0:
         45:ab:e8:a3:0d:c7:42:52:24:31:a7:67:19:bb:27:d1:69:6d:
         42:f0:8b:37:37:8b:bb:d5:5f:3a:1f:1f:5b:8b:60:06:65:33:
         23:b7:60:69:c4:a7:03:28:1c:3b:4c:a8:2b:01:71:0c:f2:36:
         c0:2b:a7:69:b9:ba:30:27:d1:ea:6a:4f:ba:b6:97:f0:9c:7e:
         e9:7f:7d:05:9d:95:25:38:84:c4:2a:52:44:5a:29:e7:94:fb:
         68:f7:ef:44:86:1b:24:03:e2:28:11:16:c9:45:04:5f:95:4f:
         f2:47:d1:84:63:42:5c:f1:8b:6b:e9:38:77:e6:b8:3f:26:5d:
         37:4d:2a:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5yBcgKeCFwwCic9dYouEQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMzI0MTk1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjlkNzVmMTY2MjE3MjJhYTBkMWU0MTRlYzM3Nzg0ZWVjZTQ0MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMT9mPNHD5HnG7/6/LBIpAlHv+ac
CLTuKcEBf/5tKzsDH83MmQCJKd7dptOsg0azhrKKoiyfnZ5v5DSXMsMLix5UDlBn
KKxl9qwEZUMKGo01UUjiYWXwu9BgCqH/Nqh/tlrnqqTS7dAaXXLazojrLYyQbeck
1y/c7QMWr/IGZ1yi3HiJiCDVgQxlya9xF+Q3u2GmU8zfFVcRfbtSkRf++55S43hR
5XpgMimNVmhGynpyYqIArpVjKsZne++8N2hSjQT0+QTAlZ+O9S1sx9pgg+iOhOgE
/FSlVZla3qD3Q0aXfO7Ed/bYvlV+ayQ/XepT/st2cpCpuCMKBJKAjdeZvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+ddfFmIXIqoNHkFOw3eE7s5EAzMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvejUxMThXWWhjaXFnMGVRVTdEZDRUdXprUURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWwMA0G
CSqGSIb3DQEBCwUAA4IBAQCl7x0DaKKx3k8HrJ2FT4l43bkyPkHdmN0TAs7/l76b
sThdNOCD6Spnz2xSSWswpuB+VkTn+tdTKlWm9/9zRKIDiKONj/OlfMvO4I5TbdEn
zj56DXfUbsIyf//5bS2m2KfgPLhAQyd7ywV7S9gaFrPBQLrdrhw2zdW9kTeGQbBF
q+ijDcdCUiQxp2cZuyfRaW1C8Is3N4u71V86Hx9bi2AGZTMjt2BpxKcDKBw7TKgr
AXEM8jbAK6dpubowJ9Hqak+6tpfwnH7pf30FnZUlOITEKlJEWinnlPto9+9Ehhsk
A+IoERbJRQRflU/yR9GEY0Jc8Ytr6Th35rg/Jl03TSo6
-----END CERTIFICATE-----