Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/oNzr7e9N0_nB7NG8uVVH1YFW8SA.roa
File:                     oNzr7e9N0_nB7NG8uVVH1YFW8SA.roa (raw, json)
Hash identifier:          E5UVvjB7YIozDhZ03PLtgPckm/pTCCT/ml1aJ8kENsM=
Subject key identifier:   A0:DC:EB:ED:EF:4D:D3:F9:C1:EC:D1:BC:B9:55:47:D5:81:56:F1:20
Certificate issuer:       /CN=e371ce2086805f912f8512b79c5e66a9c9f4d4d2
Certificate serial:       0194258EED95204DE94E90A57038FEC64AEC
Authority key identifier: E3:71:CE:20:86:80:5F:91:2F:85:12:B7:9C:5E:66:A9:C9:F4:D4:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/43HOIIaAX5EvhRK3nF5mqcn01NI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/oNzr7e9N0_nB7NG8uVVH1YFW8SA.roa
Signing time:             Thu 02 Jan 2025 05:48:31 +0000
ROA not before:           Thu 02 Jan 2025 05:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201121
IP address blocks:        5.63.16.0/24 maxlen: 24
                          2a13:4440::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/43HOIIaAX5EvhRK3nF5mqcn01NI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/43HOIIaAX5EvhRK3nF5mqcn01NI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/43HOIIaAX5EvhRK3nF5mqcn01NI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ed:95:20:4d:e9:4e:90:a5:70:38:fe:c6:4a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e371ce2086805f912f8512b79c5e66a9c9f4d4d2
        Validity
            Not Before: Jan  2 05:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0dcebedef4dd3f9c1ecd1bcb95547d58156f120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:c7:02:bd:9a:0b:28:24:8a:d8:bb:1a:2f:
                    7b:9a:3d:2f:f1:ad:fd:91:68:2e:7a:46:3f:c7:49:
                    37:9c:34:00:4d:f7:82:b9:fa:48:84:b1:63:80:ec:
                    61:22:cd:e6:ed:be:4b:fa:01:b4:5d:af:e0:6f:0f:
                    ec:8a:71:d1:e6:d9:66:3b:a1:b0:b7:63:f1:04:16:
                    2c:b4:8f:f6:b1:30:ce:53:ec:a1:9b:71:7c:40:f7:
                    e6:e4:68:07:4e:d7:e6:56:46:76:96:e4:fc:a7:56:
                    14:3f:eb:ca:58:94:c1:4b:99:66:ef:84:ac:a0:9a:
                    95:31:16:6b:80:5d:4e:32:d9:9e:ea:c1:5f:ef:e8:
                    f6:11:6f:c0:75:29:4e:88:6c:ec:a9:45:e2:59:39:
                    90:59:2a:a3:db:ea:84:ec:1a:ce:7d:af:43:c3:04:
                    64:bc:81:3d:2a:19:c0:c8:86:c5:90:5c:f5:90:b3:
                    5b:f9:a9:1c:c2:da:19:f5:65:9d:ea:11:6c:0b:7d:
                    43:1e:48:e5:11:ce:f8:e7:8a:48:bd:8c:1d:f8:63:
                    91:40:2e:01:89:80:6f:a3:67:03:60:a1:fa:ec:c7:
                    d0:a1:7b:65:95:fe:3b:b2:fb:4d:71:cc:f8:87:f3:
                    5d:54:f0:41:9b:b2:b1:70:58:40:65:4e:a8:0a:49:
                    17:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:DC:EB:ED:EF:4D:D3:F9:C1:EC:D1:BC:B9:55:47:D5:81:56:F1:20
            X509v3 Authority Key Identifier:
                keyid:E3:71:CE:20:86:80:5F:91:2F:85:12:B7:9C:5E:66:A9:C9:F4:D4:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/43HOIIaAX5EvhRK3nF5mqcn01NI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/oNzr7e9N0_nB7NG8uVVH1YFW8SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/43HOIIaAX5EvhRK3nF5mqcn01NI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.16.0/24
                IPv6:
                  2a13:4440::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:3b:cb:2c:45:7d:d8:45:e0:4a:20:ab:bd:46:bf:4b:c0:a1:
         f3:ca:83:30:51:35:b3:f5:76:88:dc:4b:77:4d:9a:ad:1a:1b:
         95:c0:b7:64:69:07:05:16:66:63:0a:2d:97:3d:c4:16:fa:02:
         9f:d0:d5:52:74:ac:4a:a4:41:62:a5:82:e9:92:de:90:c7:f4:
         9d:e6:8b:a4:67:4b:e3:2d:4d:37:07:7f:a2:38:01:82:fe:a3:
         e3:44:2c:66:be:63:43:32:b3:89:df:30:64:df:49:64:c4:69:
         dc:9d:1a:ca:69:5e:88:c4:07:ff:af:5b:ab:d3:42:04:cc:2c:
         cb:c4:a3:27:63:43:a0:81:cc:71:e9:d8:2e:64:39:7d:43:bd:
         03:e1:cd:aa:24:ce:61:93:b6:73:a9:11:23:22:5a:db:be:5b:
         a2:89:90:b2:f7:79:aa:cc:9e:7a:ed:79:8e:d4:bb:df:c7:84:
         63:80:b5:c4:ed:ab:31:8b:bd:5b:ac:eb:e6:d4:8a:65:48:cc:
         97:6e:18:03:8c:7e:c1:fc:34:3d:88:e1:b8:cb:a2:70:ad:72:
         15:42:8b:f7:ff:28:ac:5f:13:30:40:b1:0a:bc:74:2b:73:9e:
         de:25:d1:2a:54:f9:32:47:00:e8:ed:fa:0b:d0:82:c1:02:c2:
         16:68:0b:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlju2VIE3pTpClcDj+xkrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNzFjZTIwODY4MDVmOTEyZjg1MTJiNzljNWU2NmE5Yzlm
NGQ0ZDIwHhcNMjUwMTAyMDU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGRjZWJlZGVmNGRkM2Y5YzFlY2QxYmNiOTU1NDdkNTgxNTZmMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1jHAr2aCygkiti7Gi97mj0v8a39
kWguekY/x0k3nDQATfeCufpIhLFjgOxhIs3m7b5L+gG0Xa/gbw/sinHR5tlmO6Gw
t2PxBBYstI/2sTDOU+yhm3F8QPfm5GgHTtfmVkZ2luT8p1YUP+vKWJTBS5lm74Ss
oJqVMRZrgF1OMtme6sFf7+j2EW/AdSlOiGzsqUXiWTmQWSqj2+qE7BrOfa9DwwRk
vIE9KhnAyIbFkFz1kLNb+akcwtoZ9WWd6hFsC31DHkjlEc7454pIvYwd+GORQC4B
iYBvo2cDYKH67MfQoXtllf47svtNccz4h/NdVPBBm7KxcFhAZU6oCkkXvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKDc6+3vTdP5wezRvLlVR9WBVvEgMB8GA1UdIwQY
MBaAFONxziCGgF+RL4USt5xeZqnJ9NTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDNIT0lJYUFYNUV2aFJLM25GNW1xY24wMU5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82ZGJkYWYtNTQ5NS00Y2M1LWI3NzAt
NzM1OTBhYTI5MGYxLzEvb056cjdlOU4wX25CN05HOHVWVkgxWUZXOFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82ZGJkYWYtNTQ5NS00Y2M1LWI3NzAtNzM1OTBhYTI5MGYx
LzEvNDNIT0lJYUFYNUV2aFJLM25GNW1xY24wMU5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABT8QMA0E
AgACMAcDBQMqE0RAMA0GCSqGSIb3DQEBCwUAA4IBAQBIO8ssRX3YReBKIKu9Rr9L
wKHzyoMwUTWz9XaI3Et3TZqtGhuVwLdkaQcFFmZjCi2XPcQW+gKf0NVSdKxKpEFi
pYLpkt6Qx/Sd5oukZ0vjLU03B3+iOAGC/qPjRCxmvmNDMrOJ3zBk30lkxGncnRrK
aV6IxAf/r1ur00IEzCzLxKMnY0Oggcxx6dguZDl9Q70D4c2qJM5hk7ZzqREjIlrb
vluiiZCy93mqzJ567XmO1Lvfx4RjgLXE7asxi71brOvm1IplSMyXbhgDjH7B/DQ9
iOG4y6JwrXIVQov3/yisXxMwQLEKvHQrc57eJdEqVPkyRwDo7foL0ILBAsIWaAut
-----END CERTIFICATE-----