Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/sxXzCHmD4CxDgty1OLpDx0DtMMI.roa
File:                     sxXzCHmD4CxDgty1OLpDx0DtMMI.roa (raw, json)
Hash identifier:          /ld9Wsyv6zrLHEXivfqQOk2cQ1fruSCWz5YkqZ+WXCE=
Subject key identifier:   B3:15:F3:08:79:83:E0:2C:43:82:DC:B5:38:BA:43:C7:40:ED:30:C2
Certificate issuer:       /CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
Certificate serial:       0194282357F8F679E4761F5E13D496390B0F
Authority key identifier: E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/sxXzCHmD4CxDgty1OLpDx0DtMMI.roa
Signing time:             Thu 02 Jan 2025 17:49:52 +0000
ROA not before:           Thu 02 Jan 2025 17:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214798
IP address blocks:        185.164.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:57:f8:f6:79:e4:76:1f:5e:13:d4:96:39:0b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
        Validity
            Not Before: Jan  2 17:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b315f3087983e02c4382dcb538ba43c740ed30c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c5:70:53:3a:39:36:07:62:ae:23:ef:eb:e8:
                    27:bb:97:12:5e:13:b3:3a:e6:06:31:42:a8:c3:3a:
                    7f:52:63:74:6c:13:eb:a3:03:ad:7d:25:03:40:5c:
                    91:c5:36:40:5e:1c:75:d7:33:1f:91:ed:cf:9a:8d:
                    b8:03:70:28:ab:03:fb:ff:8d:2f:99:e3:68:e7:8d:
                    3a:63:ed:e2:f6:d1:d8:6f:f8:6b:0e:b0:38:80:f7:
                    5f:f1:45:10:e3:f2:d0:14:57:d8:37:da:98:de:0f:
                    51:af:e8:89:83:1b:4f:61:a6:5e:be:41:2f:bc:47:
                    01:51:2b:bc:d3:f4:e0:0a:c9:72:d9:e5:8f:01:20:
                    cb:ee:30:be:00:f9:10:77:52:6b:94:93:33:47:e0:
                    6e:ab:a4:32:dc:d7:16:d1:3b:b2:0f:3e:df:8d:df:
                    10:a4:51:45:46:09:82:fb:61:1e:92:e4:bf:68:1e:
                    88:90:ce:da:54:70:7a:51:d5:93:81:67:52:60:8e:
                    8c:1c:d2:ac:53:f3:8b:9b:f1:27:63:15:9f:b8:01:
                    a7:94:cc:c7:d7:64:a4:4c:c2:11:eb:44:c1:da:aa:
                    9e:4c:93:af:e7:4b:23:e5:f9:24:15:43:22:3d:42:
                    19:d6:31:3f:f2:3f:b6:99:d5:b5:74:e8:cc:44:fb:
                    ee:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:15:F3:08:79:83:E0:2C:43:82:DC:B5:38:BA:43:C7:40:ED:30:C2
            X509v3 Authority Key Identifier:
                keyid:E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/sxXzCHmD4CxDgty1OLpDx0DtMMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:33:12:88:3d:d3:e1:21:73:2a:d5:8e:0d:2c:ac:4c:e6:ad:
         50:0d:58:58:55:a5:44:26:10:f1:c9:48:59:10:2b:20:04:99:
         42:5c:27:5b:b9:d9:27:8d:aa:23:ff:cb:ea:d4:0c:b4:1d:f0:
         21:56:5c:f4:c5:74:1f:c6:ee:3a:29:da:0f:08:7f:85:78:f6:
         85:1a:52:5c:a1:b6:f2:47:19:d3:c0:78:7a:26:31:d6:bb:05:
         18:95:d6:92:8f:95:a9:b4:7c:46:7a:73:a6:ae:6a:d4:e2:31:
         3b:08:07:e2:21:21:42:55:b6:1e:68:a2:5a:dd:07:a7:a2:47:
         94:cd:32:bd:28:4e:b5:0f:3b:e2:d6:6e:da:02:25:7c:28:68:
         e1:cc:36:96:d8:c8:53:14:cd:5d:32:4c:03:9d:d3:90:60:d1:
         7b:76:de:b0:60:54:fd:5a:9b:83:ca:b9:a6:5b:b7:20:de:10:
         01:50:52:cd:7c:62:e5:0f:5b:95:96:52:3f:5a:8a:3e:e5:1f:
         05:82:d4:1e:75:24:22:4c:9e:15:7a:f1:3e:13:09:96:0b:49:
         24:1d:6e:39:10:73:38:bc:b0:b5:0d:86:49:56:33:b1:92:17:
         06:63:0a:06:65:1c:7a:2d:ea:ff:ec:47:f4:a1:36:0a:c7:85:
         61:aa:ae:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI1f49nnkdh9eE9SWOQsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Yzc4ZmExOTkzZDQ1MTJmZTI0MzZiOGNlZGE4YmZjOTI5
ZDY1N2QwHhcNMjUwMTAyMTc0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE1ZjMwODc5ODNlMDJjNDM4MmRjYjUzOGJhNDNjNzQwZWQzMGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MVwUzo5NgdiriPv6+gnu5cSXhOz
OuYGMUKowzp/UmN0bBProwOtfSUDQFyRxTZAXhx11zMfke3Pmo24A3AoqwP7/40v
meNo5406Y+3i9tHYb/hrDrA4gPdf8UUQ4/LQFFfYN9qY3g9Rr+iJgxtPYaZevkEv
vEcBUSu80/TgCsly2eWPASDL7jC+APkQd1JrlJMzR+Buq6Qy3NcW0TuyDz7fjd8Q
pFFFRgmC+2EekuS/aB6IkM7aVHB6UdWTgWdSYI6MHNKsU/OLm/EnYxWfuAGnlMzH
12SkTMIR60TB2qqeTJOv50sj5fkkFUMiPUIZ1jE/8j+2mdW1dOjMRPvu1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMV8wh5g+AsQ4LctTi6Q8dA7TDCMB8GA1UdIwQY
MBaAFOXHj6GZPUUS/iQ2uM7ai/ySnWV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEt
MGM5YWE2Njk2YjQ5LzEvc3hYekNIbUQ0Q3hEZ3R5MU9McER4MER0TU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEtMGM5YWE2Njk2YjQ5
LzEvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaSjMA0G
CSqGSIb3DQEBCwUAA4IBAQCwMxKIPdPhIXMq1Y4NLKxM5q1QDVhYVaVEJhDxyUhZ
ECsgBJlCXCdbudknjaoj/8vq1Ay0HfAhVlz0xXQfxu46KdoPCH+FePaFGlJcobby
RxnTwHh6JjHWuwUYldaSj5WptHxGenOmrmrU4jE7CAfiISFCVbYeaKJa3QenokeU
zTK9KE61Dzvi1m7aAiV8KGjhzDaW2MhTFM1dMkwDndOQYNF7dt6wYFT9WpuDyrmm
W7cg3hABUFLNfGLlD1uVllI/Woo+5R8FgtQedSQiTJ4VevE+EwmWC0kkHW45EHM4
vLC1DYZJVjOxkhcGYwoGZRx6Ler/7Ef0oTYKx4Vhqq7M
-----END CERTIFICATE-----