Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/sCoMzCi05UrDFtmTnulnnY6R09o.roa
File:                     sCoMzCi05UrDFtmTnulnnY6R09o.roa (raw, json)
Hash identifier:          ZM5RYx3VNWn9QHDFDvEBjHCFQTlKZaYcsLAypuanz3s=
Subject key identifier:   B0:2A:0C:CC:28:B4:E5:4A:C3:16:D9:93:9E:E9:67:9D:8E:91:D3:DA
Certificate issuer:       /CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
Certificate serial:       0194258FB4F9B35ECCA99202F2B4136D3485
Authority key identifier: B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/sCoMzCi05UrDFtmTnulnnY6R09o.roa
Signing time:             Thu 02 Jan 2025 05:49:22 +0000
ROA not before:           Thu 02 Jan 2025 05:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16292
IP address blocks:        5.63.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b4:f9:b3:5e:cc:a9:92:02:f2:b4:13:6d:34:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
        Validity
            Not Before: Jan  2 05:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b02a0ccc28b4e54ac316d9939ee9679d8e91d3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bf:00:35:c8:ff:89:d7:51:a7:d1:a7:b4:c5:
                    32:44:60:27:2b:20:ed:b6:69:f6:ab:cc:6a:59:29:
                    b0:0f:85:f9:b2:4f:35:b5:2e:e0:d2:04:74:22:be:
                    62:59:86:3c:09:11:dd:93:79:ad:07:bf:d0:ee:87:
                    ca:8b:c5:be:a6:7b:ff:f5:92:2a:f1:af:7f:72:93:
                    b5:d6:4e:77:6d:d3:96:f0:98:97:a6:19:82:ab:a3:
                    17:0e:20:f8:e6:d4:6c:9a:1b:5c:81:f2:e0:13:ae:
                    75:11:88:70:60:88:e7:66:e6:55:a5:c1:5e:36:98:
                    ec:08:ad:2e:e8:62:7f:0b:84:67:74:23:85:4a:5e:
                    01:5d:e6:46:b8:30:cc:05:0c:7d:97:3b:4c:e4:40:
                    aa:85:af:5c:23:6c:be:a4:df:3d:5f:9e:f2:34:f4:
                    86:d8:5b:a5:b4:01:7f:cf:d0:8e:3c:0e:dc:3e:4d:
                    03:26:bb:e9:cd:f2:0d:45:78:b9:ca:67:83:37:13:
                    c1:96:55:8d:f8:ad:9a:f9:4e:f5:79:bd:97:95:ca:
                    ba:5b:df:4f:d3:33:2b:ab:cd:e5:a3:68:4f:18:b6:
                    85:15:20:a4:b3:6b:03:16:9c:50:f8:fa:3f:f1:33:
                    c0:9a:1e:45:7c:2f:65:9f:7b:2b:d3:05:3f:e8:3f:
                    ac:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:2A:0C:CC:28:B4:E5:4A:C3:16:D9:93:9E:E9:67:9D:8E:91:D3:DA
            X509v3 Authority Key Identifier:
                keyid:B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/sCoMzCi05UrDFtmTnulnnY6R09o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:ad:38:f1:05:8d:7f:7a:1e:19:83:1f:46:9a:56:f6:29:ac:
         5c:61:e2:7d:a5:22:bc:67:c4:52:8c:0d:0e:a4:bf:be:8e:b2:
         91:3e:1b:73:39:2b:d0:8b:45:f0:47:ba:34:7b:2b:46:6c:7a:
         42:f4:8b:3e:67:fc:ff:76:3e:1f:7f:b2:2e:ba:6c:0f:8d:91:
         7b:03:ce:4a:43:f3:c7:b4:07:f1:bf:c2:30:fc:7b:8e:53:ec:
         58:63:5e:93:09:e9:78:d4:f6:5f:61:d2:8e:db:60:f6:ae:1a:
         50:a2:d1:74:a8:17:92:76:c1:6f:c1:d9:e9:96:7e:7a:c5:c7:
         d0:25:95:c3:52:06:e0:6d:f2:2d:41:a5:3b:9d:2a:45:ee:e8:
         6b:6c:fc:b9:78:89:b1:f7:89:fe:49:3b:31:c5:47:99:03:1b:
         67:3e:d5:20:27:f8:27:86:f7:ed:e7:56:a7:9a:69:50:59:93:
         2a:e0:f6:59:f2:75:1a:1a:27:e3:d1:80:90:4f:ee:6e:66:23:
         2e:2a:75:d1:e6:64:c1:22:f4:cd:ff:dc:b5:08:1e:fd:c3:38:
         cc:f6:d1:34:39:4f:ad:4c:23:5c:89:08:22:ac:ed:0a:f2:94:
         f0:70:38:0a:b3:32:50:40:fa:85:79:92:03:37:09:19:b2:ca:
         2b:1f:72:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7T5s17MqZIC8rQTbTSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YzE2N2RmYTk4ODJiMmFhOGY4NDU5NWY1OGE5N2MzMDVj
YTQzYzUwHhcNMjUwMTAyMDU0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDJhMGNjYzI4YjRlNTRhYzMxNmQ5OTM5ZWU5Njc5ZDhlOTFkM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL8ANcj/iddRp9GntMUyRGAnKyDt
tmn2q8xqWSmwD4X5sk81tS7g0gR0Ir5iWYY8CRHdk3mtB7/Q7ofKi8W+pnv/9ZIq
8a9/cpO11k53bdOW8JiXphmCq6MXDiD45tRsmhtcgfLgE651EYhwYIjnZuZVpcFe
NpjsCK0u6GJ/C4RndCOFSl4BXeZGuDDMBQx9lztM5ECqha9cI2y+pN89X57yNPSG
2FultAF/z9COPA7cPk0DJrvpzfINRXi5ymeDNxPBllWN+K2a+U71eb2Xlcq6W99P
0zMrq83lo2hPGLaFFSCks2sDFpxQ+Po/8TPAmh5FfC9ln3sr0wU/6D+sWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAqDMwotOVKwxbZk57pZ52OkdPaMB8GA1UdIwQY
MBaAFLbBZ9+piCsqqPhFlfWKl8MFykPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUt
YWNmYzNkMmMyNTIyLzEvc0NvTXpDaTA1VXJERnRtVG51bG5uWTZSMDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUtYWNmYzNkMmMyNTIy
LzEvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT8PMA0G
CSqGSIb3DQEBCwUAA4IBAQB9rTjxBY1/eh4Zgx9Gmlb2KaxcYeJ9pSK8Z8RSjA0O
pL++jrKRPhtzOSvQi0XwR7o0eytGbHpC9Is+Z/z/dj4ff7IuumwPjZF7A85KQ/PH
tAfxv8Iw/HuOU+xYY16TCel41PZfYdKO22D2rhpQotF0qBeSdsFvwdnpln56xcfQ
JZXDUgbgbfItQaU7nSpF7uhrbPy5eImx94n+STsxxUeZAxtnPtUgJ/gnhvft51an
mmlQWZMq4PZZ8nUaGifj0YCQT+5uZiMuKnXR5mTBIvTN/9y1CB79wzjM9tE0OU+t
TCNciQgirO0K8pTwcDgKszJQQPqFeZIDNwkZssorH3JD
-----END CERTIFICATE-----