Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q8cFKOfFhY6lFX8cEra8HekHNhY.roa
File:                     Q8cFKOfFhY6lFX8cEra8HekHNhY.roa (raw, json)
Hash identifier:          ubx+XJEA99789lGFrzieY0kJpl4yvXdIQ1MfYsGBKEs=
Subject key identifier:   43:C7:05:28:E7:C5:85:8E:A5:15:7F:1C:12:B6:BC:1D:E9:07:36:16
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019671753C86080063CC4A06A79025D2C255
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q8cFKOfFhY6lFX8cEra8HekHNhY.roa
Signing time:             Sat 26 Apr 2025 09:37:10 +0000
ROA not before:           Sat 26 Apr 2025 09:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        163.5.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:71:75:3c:86:08:00:63:cc:4a:06:a7:90:25:d2:c2:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 26 09:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43c70528e7c5858ea5157f1c12b6bc1de9073616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1f:fb:73:b0:12:2a:31:03:7b:b4:9e:54:73:
                    b0:d4:dd:bf:36:36:7e:af:0c:ee:27:e7:7a:c6:a0:
                    92:35:7e:52:ed:29:51:62:f5:80:69:56:17:f5:c2:
                    bd:f9:40:83:cf:aa:cb:0f:17:d8:8c:e8:d1:61:20:
                    2e:cb:42:60:c4:0e:d6:e9:68:ac:1b:36:a9:c0:ff:
                    3d:e8:74:a2:64:fb:aa:16:e5:6e:b8:61:be:a6:e4:
                    13:2d:09:4f:18:cc:30:1f:ab:ee:78:cf:e4:ae:08:
                    fa:ce:98:cc:17:23:c5:ed:09:4e:54:98:b4:cf:7b:
                    21:51:53:f1:dd:68:c6:1e:ef:86:b0:fd:1c:fa:19:
                    13:5d:3d:bf:06:7a:b7:9c:74:72:92:d4:58:25:63:
                    79:30:c6:1a:cc:dd:55:b1:ed:fa:b0:a5:26:3e:2a:
                    04:a8:a1:bd:18:82:9a:a7:1b:95:af:3b:2f:8f:c5:
                    ae:0e:74:32:6f:a4:75:40:95:a0:ba:93:9c:23:53:
                    0b:cb:17:a9:c3:ad:cc:40:cf:8c:77:98:97:ee:91:
                    a1:5d:6a:a9:00:10:32:82:b9:61:86:3f:e1:b7:08:
                    26:32:bc:ea:8b:f6:cb:3f:2a:78:2d:69:c4:59:87:
                    6d:d6:79:d8:8a:fd:52:97:d0:96:8c:f5:f9:cc:66:
                    95:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C7:05:28:E7:C5:85:8E:A5:15:7F:1C:12:B6:BC:1D:E9:07:36:16
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Q8cFKOfFhY6lFX8cEra8HekHNhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:e6:92:f7:a3:43:d8:d2:05:82:35:3a:c2:09:a3:bd:1a:73:
         c3:de:4c:38:fe:91:82:ad:15:30:38:bc:a1:29:c0:27:7d:dd:
         de:59:fc:0e:0e:50:f2:8d:85:5e:23:dc:c4:6b:3c:4e:13:72:
         2f:e2:4a:70:cb:8e:19:bd:50:7b:55:09:65:77:e0:f4:e1:e5:
         cd:ae:e8:69:c3:c7:98:17:c5:0a:90:c7:de:49:ec:b1:1a:2d:
         3d:4a:f9:05:07:3d:cf:a4:fa:db:00:2e:5b:a9:e3:e7:c5:50:
         4c:8f:c7:ad:e0:31:7f:9a:59:7c:a2:a7:3c:6b:94:78:ec:b1:
         34:dc:ce:05:63:12:34:38:28:8e:e6:b5:71:cc:ab:e8:31:20:
         50:0d:f6:ef:aa:87:d2:b7:2e:63:1b:7d:86:34:ed:9d:ad:fe:
         53:ee:e2:99:4c:64:73:91:09:9c:6b:b5:57:1f:fd:ba:47:ba:
         6f:19:35:5d:09:be:c5:6c:4d:4b:43:14:d1:8c:33:93:6a:d0:
         aa:19:d4:84:d6:26:f2:b0:b9:d4:48:73:d7:f3:2d:65:8d:06:
         5d:93:2b:d3:fa:70:ba:99:76:be:7d:e2:94:a4:f1:b7:e0:42:
         64:cd:60:1a:56:e8:3e:cf:e7:54:a6:60:97:10:33:18:76:c7:
         6b:4a:f4:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZxdTyGCABjzEoGp5Al0sJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNDI2MDkzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2M3MDUyOGU3YzU4NThlYTUxNTdmMWMxMmI2YmMxZGU5MDczNjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB/7c7ASKjEDe7SeVHOw1N2/NjZ+
rwzuJ+d6xqCSNX5S7SlRYvWAaVYX9cK9+UCDz6rLDxfYjOjRYSAuy0JgxA7W6Wis
GzapwP896HSiZPuqFuVuuGG+puQTLQlPGMwwH6vueM/krgj6zpjMFyPF7QlOVJi0
z3shUVPx3WjGHu+GsP0c+hkTXT2/Bnq3nHRyktRYJWN5MMYazN1Vse36sKUmPioE
qKG9GIKapxuVrzsvj8WuDnQyb6R1QJWgupOcI1MLyxepw63MQM+Md5iX7pGhXWqp
ABAygrlhhj/htwgmMrzqi/bLPyp4LWnEWYdt1nnYiv1Sl9CWjPX5zGaVnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPHBSjnxYWOpRV/HBK2vB3pBzYWMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUThjRktPZkZoWTZsRlg4Y0VyYThIZWtITmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWyMA0G
CSqGSIb3DQEBCwUAA4IBAQBy5pL3o0PY0gWCNTrCCaO9GnPD3kw4/pGCrRUwOLyh
KcAnfd3eWfwODlDyjYVeI9zEazxOE3Iv4kpwy44ZvVB7VQlld+D04eXNruhpw8eY
F8UKkMfeSeyxGi09SvkFBz3PpPrbAC5bqePnxVBMj8et4DF/mll8oqc8a5R47LE0
3M4FYxI0OCiO5rVxzKvoMSBQDfbvqofSty5jG32GNO2drf5T7uKZTGRzkQmca7VX
H/26R7pvGTVdCb7FbE1LQxTRjDOTatCqGdSE1ibysLnUSHPX8y1ljQZdkyvT+nC6
mXa+feKUpPG34EJkzWAaVug+z+dUpmCXEDMYdsdrSvRQ
-----END CERTIFICATE-----