Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Iq1ResFLtWSKJH9tbMxPsVOhg9Q.roa
File:                     Iq1ResFLtWSKJH9tbMxPsVOhg9Q.roa (raw, json)
Hash identifier:          GkL71Xs8j6J4wSQHkxrjc3LVuTqYsvn/awXcvk2XM38=
Subject key identifier:   22:AD:51:7A:C1:4B:B5:64:8A:24:7F:6D:6C:CC:4F:B1:53:A1:83:D4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01975B067083887720FA4C49BDE5A439805E
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Iq1ResFLtWSKJH9tbMxPsVOhg9Q.roa
Signing time:             Tue 10 Jun 2025 18:07:17 +0000
ROA not before:           Tue 10 Jun 2025 18:07:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136557
IP address blocks:        163.5.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5b:06:70:83:88:77:20:fa:4c:49:bd:e5:a4:39:80:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 10 18:07:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22ad517ac14bb5648a247f6d6ccc4fb153a183d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d6:13:80:46:54:cd:45:d4:09:fb:03:34:bd:
                    6b:f1:ac:a1:d0:80:b2:e6:49:a6:7c:3b:8d:1b:23:
                    62:b0:aa:82:22:75:11:9c:bd:44:eb:78:ef:bc:5c:
                    ee:23:55:37:6e:93:ff:82:db:43:8b:df:bc:37:8a:
                    ad:ef:14:9b:ba:0c:02:88:ec:ed:9d:45:c3:17:17:
                    e4:69:14:e2:a9:99:06:e8:c9:67:c1:1e:22:e8:5b:
                    97:39:7f:ea:ad:2b:cc:40:f3:8a:7d:db:77:65:fc:
                    32:61:fd:de:be:f1:fa:0b:06:c6:42:3f:30:97:b7:
                    e0:6a:2a:b0:99:32:d2:cb:91:be:f5:ab:95:28:4f:
                    bd:14:33:02:3f:fa:56:a9:db:1d:d1:ea:8c:ee:43:
                    d8:4e:ed:b5:55:c9:f2:5c:db:54:81:23:37:47:1d:
                    af:89:9d:a3:80:47:83:0f:12:a3:36:14:a8:7a:69:
                    0e:a3:f4:83:55:08:12:7f:84:29:18:03:0c:e6:05:
                    ba:bb:77:bd:2e:b3:ab:3d:f1:b2:1e:af:97:63:4f:
                    77:88:60:07:3a:2e:a5:c7:f3:b1:b3:1e:10:01:77:
                    ca:96:48:42:3a:b6:eb:db:63:0b:43:5a:5e:00:da:
                    50:95:39:82:d5:98:08:18:23:f8:7b:65:40:64:bf:
                    4b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AD:51:7A:C1:4B:B5:64:8A:24:7F:6D:6C:CC:4F:B1:53:A1:83:D4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Iq1ResFLtWSKJH9tbMxPsVOhg9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:c9:5f:36:ce:4d:32:da:7c:87:cf:a3:25:6c:96:7f:bb:d1:
         fa:66:f3:c0:fa:d2:d7:05:28:da:2f:56:b1:1e:0c:44:94:6d:
         6b:c7:a6:f0:fc:55:ef:d3:c0:ef:cf:2b:12:4d:c1:00:6f:e6:
         c6:f5:71:02:05:97:69:e6:d5:f8:30:05:a4:a1:d6:30:eb:33:
         73:4a:eb:97:16:3c:ee:22:b9:a1:d8:16:68:c4:60:84:88:2f:
         88:9d:07:6a:62:45:d3:9d:70:c9:61:7c:51:e4:5e:0b:66:11:
         5a:3c:b5:14:be:4a:9f:69:ca:75:ef:10:ae:9c:98:f4:dd:d0:
         f2:1f:34:3e:2f:da:ee:2a:38:f2:ac:14:db:81:30:4f:fb:64:
         19:7f:da:67:a3:31:87:8e:bd:e8:a1:3d:8a:46:79:b3:58:3c:
         c7:a8:75:11:dc:57:76:b9:01:03:ef:5f:3e:d2:0b:ab:90:21:
         df:2e:36:d0:e2:77:e1:aa:6c:81:07:ac:33:a6:7b:3d:a0:bc:
         97:08:41:b6:d8:0b:7c:da:ac:6f:a6:43:3d:66:c1:18:cd:44:
         5a:71:c6:16:d2:39:ea:b2:ac:36:cf:fc:4a:42:d4:ea:bf:69:
         22:83:32:bf:fe:c6:fa:25:72:33:37:45:c8:db:45:0c:18:f7:
         77:39:5e:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdbBnCDiHcg+kxJveWkOYBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjEwMTgwNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFkNTE3YWMxNGJiNTY0OGEyNDdmNmQ2Y2NjNGZiMTUzYTE4M2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39YTgEZUzUXUCfsDNL1r8ayh0ICy
5kmmfDuNGyNisKqCInURnL1E63jvvFzuI1U3bpP/gttDi9+8N4qt7xSbugwCiOzt
nUXDFxfkaRTiqZkG6MlnwR4i6FuXOX/qrSvMQPOKfdt3ZfwyYf3evvH6CwbGQj8w
l7fgaiqwmTLSy5G+9auVKE+9FDMCP/pWqdsd0eqM7kPYTu21VcnyXNtUgSM3Rx2v
iZ2jgEeDDxKjNhSoemkOo/SDVQgSf4QpGAMM5gW6u3e9LrOrPfGyHq+XY093iGAH
Oi6lx/Oxsx4QAXfKlkhCOrbr22MLQ1peANpQlTmC1ZgIGCP4e2VAZL9LVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKtUXrBS7VkiiR/bWzMT7FToYPUMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSXExUmVzRkx0V1NLSkg5dGJNeFBzVk9oZzlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowU4MA0G
CSqGSIb3DQEBCwUAA4IBAQCdyV82zk0y2nyHz6MlbJZ/u9H6ZvPA+tLXBSjaL1ax
HgxElG1rx6bw/FXv08DvzysSTcEAb+bG9XECBZdp5tX4MAWkodYw6zNzSuuXFjzu
Irmh2BZoxGCEiC+InQdqYkXTnXDJYXxR5F4LZhFaPLUUvkqfacp17xCunJj03dDy
HzQ+L9ruKjjyrBTbgTBP+2QZf9pnozGHjr3ooT2KRnmzWDzHqHUR3Fd2uQED718+
0gurkCHfLjbQ4nfhqmyBB6wzpns9oLyXCEG22At82qxvpkM9ZsEYzURaccYW0jnq
sqw2z/xKQtTqv2kigzK//sb6JXIzN0XI20UMGPd3OV53
-----END CERTIFICATE-----