Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/D_nS5JaIk6l4YXDwQezmlQPZyfY.roa
File:                     D_nS5JaIk6l4YXDwQezmlQPZyfY.roa (raw, json)
Hash identifier:          se1GbPWP5kWbJHQd/srLNR9TXjakRKKeHfa2/Ngxw0w=
Subject key identifier:   0F:F9:D2:E4:96:88:93:A9:78:61:70:F0:41:EC:E6:95:03:D9:C9:F6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0195140985D574EFE5758E0E35AA31F6DD40
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/D_nS5JaIk6l4YXDwQezmlQPZyfY.roa
Signing time:             Mon 17 Feb 2025 13:12:03 +0000
ROA not before:           Mon 17 Feb 2025 13:12:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        193.163.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:14:09:85:d5:74:ef:e5:75:8e:0e:35:aa:31:f6:dd:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 17 13:12:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ff9d2e4968893a9786170f041ece69503d9c9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:60:11:58:3d:31:71:e4:fb:9f:57:6a:86:4c:
                    f7:e6:33:73:19:22:10:d4:75:33:e8:7e:e2:65:de:
                    37:de:5f:5e:91:5d:fe:69:45:a5:34:82:f6:9c:31:
                    83:5e:b5:0b:4a:ec:0a:0d:6f:bb:d7:d3:99:07:98:
                    00:4d:78:8a:db:f9:a8:bc:2f:81:f5:9a:df:17:c1:
                    2d:54:22:a3:9f:2a:26:a6:a6:db:96:e4:ed:ea:16:
                    d2:eb:67:2a:3c:0d:4f:f0:75:8c:ec:0c:56:6e:af:
                    b3:33:9c:9e:99:73:07:c3:d4:db:f3:b7:be:5a:0f:
                    3a:12:b8:42:69:e4:dc:49:e4:41:f6:a3:a4:c2:16:
                    b1:51:f4:09:d4:cf:b7:c4:39:59:a8:15:18:8c:fa:
                    38:51:15:1d:3c:ee:31:e7:52:53:7a:bc:71:02:e1:
                    eb:4d:fd:20:61:fd:2a:37:a7:e2:19:73:c6:71:b1:
                    d7:62:fc:8d:ee:64:c6:b3:cc:d4:84:4e:a5:c5:d4:
                    ac:49:31:c6:2d:02:a7:ac:7a:72:47:8d:9e:fe:68:
                    2c:0b:46:c4:c0:5b:11:2d:b0:cf:d6:c9:f7:fd:d3:
                    cb:23:81:48:6b:ff:ea:bc:97:02:e5:1c:3f:94:9e:
                    de:94:86:e2:0d:2b:6e:84:d7:ca:49:95:cf:62:4a:
                    0e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F9:D2:E4:96:88:93:A9:78:61:70:F0:41:EC:E6:95:03:D9:C9:F6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/D_nS5JaIk6l4YXDwQezmlQPZyfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:6e:39:12:e6:13:0a:22:3a:4c:bb:6b:33:c6:8c:01:27:e6:
         12:e5:f7:31:6b:58:7c:23:7a:e4:2f:91:74:c2:61:10:cb:ac:
         89:c8:eb:ca:af:7c:3d:d6:4a:7d:12:55:4b:59:9a:6e:04:99:
         d6:ad:03:b5:5e:1a:62:14:fb:d2:37:b3:47:99:61:3d:b1:7b:
         c4:59:7b:9a:64:7d:e0:3b:1c:8e:a5:68:8e:8f:5b:26:aa:57:
         44:a5:8e:3f:c7:26:46:6a:ec:c0:2a:9d:5e:11:27:f6:36:2e:
         ef:d2:aa:17:77:97:3c:e6:75:e6:d5:a9:6d:79:18:a7:be:25:
         4a:03:a8:e1:8f:e4:49:06:18:5d:d9:a4:d6:0c:e1:31:9b:15:
         f3:5e:3b:60:96:3c:26:1c:b9:19:52:80:11:bb:39:27:fd:bb:
         a1:4c:d2:82:25:99:35:d7:7e:e5:26:73:ee:a1:6b:9a:6d:b0:
         28:ea:5e:07:74:68:b7:85:41:7d:dc:1e:3c:26:9f:94:43:42:
         ef:bb:64:9f:58:f1:cf:e8:ff:12:84:f7:ce:11:e6:60:f4:ce:
         ec:a2:e5:04:c2:97:a0:65:df:85:dd:d7:f8:b8:84:79:b5:1a:
         a3:b7:43:c0:1d:dd:58:11:6f:2a:ad:37:0e:2b:d2:a4:fc:70:
         32:4b:4a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUUCYXVdO/ldY4ONaox9t1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMjE3MTMxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY5ZDJlNDk2ODg5M2E5Nzg2MTcwZjA0MWVjZTY5NTAzZDljOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmARWD0xceT7n1dqhkz35jNzGSIQ
1HUz6H7iZd433l9ekV3+aUWlNIL2nDGDXrULSuwKDW+719OZB5gATXiK2/movC+B
9ZrfF8EtVCKjnyompqbbluTt6hbS62cqPA1P8HWM7AxWbq+zM5yemXMHw9Tb87e+
Wg86ErhCaeTcSeRB9qOkwhaxUfQJ1M+3xDlZqBUYjPo4URUdPO4x51JTerxxAuHr
Tf0gYf0qN6fiGXPGcbHXYvyN7mTGs8zUhE6lxdSsSTHGLQKnrHpyR42e/mgsC0bE
wFsRLbDP1sn3/dPLI4FIa//qvJcC5Rw/lJ7elIbiDStuhNfKSZXPYkoO/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/50uSWiJOpeGFw8EHs5pUD2cn2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRF9uUzVKYUlrNmw0WVhEd1Flem1sUVBaeWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaNVMA0G
CSqGSIb3DQEBCwUAA4IBAQAnbjkS5hMKIjpMu2szxowBJ+YS5fcxa1h8I3rkL5F0
wmEQy6yJyOvKr3w91kp9ElVLWZpuBJnWrQO1XhpiFPvSN7NHmWE9sXvEWXuaZH3g
OxyOpWiOj1smqldEpY4/xyZGauzAKp1eESf2Ni7v0qoXd5c85nXm1alteRinviVK
A6jhj+RJBhhd2aTWDOExmxXzXjtgljwmHLkZUoARuzkn/buhTNKCJZk1137lJnPu
oWuabbAo6l4HdGi3hUF93B48Jp+UQ0Lvu2SfWPHP6P8ShPfOEeZg9M7souUEwpeg
Zd+F3df4uIR5tRqjt0PAHd1YEW8qrTcOK9Kk/HAyS0qx
-----END CERTIFICATE-----