Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TQuI6b9z4Y3-sX8KROpKc9029Ms.roa
File:                     TQuI6b9z4Y3-sX8KROpKc9029Ms.roa (raw, json)
Hash identifier:          ijOByRjN3iqnNJK+kaKgHeGLCRw/Xtr6U6V7fdWlkCs=
Subject key identifier:   4D:0B:88:E9:BF:73:E1:8D:FE:B1:7F:0A:44:EA:4A:73:DD:36:F4:CB
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0196717BA5C931373490F7D336323E3AAC1F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TQuI6b9z4Y3-sX8KROpKc9029Ms.roa
Signing time:             Sat 26 Apr 2025 09:44:10 +0000
ROA not before:           Sat 26 Apr 2025 09:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        163.5.124.0/24 maxlen: 24
                          163.5.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:71:7b:a5:c9:31:37:34:90:f7:d3:36:32:3e:3a:ac:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 26 09:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d0b88e9bf73e18dfeb17f0a44ea4a73dd36f4cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1a:dd:52:61:61:f6:d9:69:c7:0e:be:3f:db:
                    b1:28:a3:ca:92:07:bb:4f:69:94:92:70:e5:f2:b9:
                    4c:6d:8c:ea:19:74:e9:89:9c:c9:3c:36:a3:2b:9b:
                    bd:0f:9e:cd:9c:f8:dd:bb:29:76:3e:ab:96:fd:3e:
                    52:24:7b:d2:60:1a:03:47:66:fe:d8:f1:af:4e:fd:
                    e7:f8:06:b8:cf:2a:11:d6:d7:65:fb:d8:36:1e:e0:
                    93:5c:d2:b4:5f:36:3d:e0:d0:3e:79:be:11:b6:53:
                    d4:2a:a6:fb:b4:e3:c8:a3:bd:6e:05:18:84:10:fb:
                    99:76:de:06:45:79:81:68:1c:fd:04:5f:f8:1a:73:
                    37:e6:83:d7:e8:a7:4d:2d:2e:01:34:be:64:28:d0:
                    f0:86:2a:40:a4:c4:d6:30:2d:09:79:07:e6:ed:cc:
                    1a:01:7c:c6:fd:0c:3d:41:39:a6:69:05:ee:97:6d:
                    58:8e:3c:1a:6e:8c:6e:f4:1c:4e:b0:f3:2b:2a:12:
                    71:26:c2:fd:ce:1a:2f:69:e4:c4:c9:91:7d:7b:29:
                    96:1b:7d:ef:69:59:84:ba:1a:a7:29:61:a9:23:b4:
                    c8:91:75:32:bb:78:e4:0f:9e:e9:95:d0:4b:46:bf:
                    ff:f4:7d:5d:d4:e8:6b:03:3c:5c:9d:f6:e1:b4:bf:
                    69:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:0B:88:E9:BF:73:E1:8D:FE:B1:7F:0A:44:EA:4A:73:DD:36:F4:CB
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TQuI6b9z4Y3-sX8KROpKc9029Ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.124.0/24
                  163.5.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:c9:3c:b6:a6:1a:e9:57:02:df:69:63:9b:e2:33:03:74:6c:
         13:bf:ba:77:94:a2:f7:fa:e9:85:88:2d:c4:52:de:04:bb:c9:
         31:94:db:2d:52:32:32:7c:0e:3d:64:e2:c8:a1:97:fb:ea:c4:
         d4:90:f8:16:eb:78:39:5c:aa:80:a2:7e:62:49:3e:34:bc:78:
         42:fa:a6:95:2a:16:2a:a6:de:9d:db:80:c5:dd:6a:dc:02:7f:
         37:bd:92:db:8c:65:53:7c:82:db:43:65:07:06:3d:5f:46:16:
         e1:fa:8d:42:77:cf:ec:df:03:a7:1a:c1:d9:99:ef:35:8d:16:
         63:4e:42:a2:14:76:2d:b9:49:9b:e2:5d:63:9b:d6:9d:a9:a7:
         89:a6:bc:26:91:41:46:67:2b:23:1d:0f:cd:a9:f5:7b:f3:d5:
         2f:a8:c0:85:a0:29:49:1f:eb:fa:d8:da:83:0d:c6:90:72:ec:
         b7:ce:bd:3d:ed:2d:10:d2:3c:5b:ac:66:88:22:ef:e5:03:19:
         49:6c:f8:f2:07:fa:83:89:4e:13:39:ec:66:dc:3a:7a:5c:16:
         21:fa:d1:e5:1e:e2:ce:a7:f8:79:70:5c:72:d7:07:61:e4:a1:
         f9:7c:16:0d:7f:e0:78:0b:ba:b4:fc:24:bd:40:51:9f:a8:b8:
         8c:91:83:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZxe6XJMTc0kPfTNjI+OqwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNDI2MDk0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDBiODhlOWJmNzNlMThkZmViMTdmMGE0NGVhNGE3M2RkMzZmNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBrdUmFh9tlpxw6+P9uxKKPKkge7
T2mUknDl8rlMbYzqGXTpiZzJPDajK5u9D57NnPjduyl2PquW/T5SJHvSYBoDR2b+
2PGvTv3n+Aa4zyoR1tdl+9g2HuCTXNK0XzY94NA+eb4RtlPUKqb7tOPIo71uBRiE
EPuZdt4GRXmBaBz9BF/4GnM35oPX6KdNLS4BNL5kKNDwhipApMTWMC0JeQfm7cwa
AXzG/Qw9QTmmaQXul21Yjjwaboxu9BxOsPMrKhJxJsL9zhovaeTEyZF9eymWG33v
aVmEuhqnKWGpI7TIkXUyu3jkD57pldBLRr//9H1d1OhrAzxcnfbhtL9pQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE0LiOm/c+GN/rF/CkTqSnPdNvTLMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVFF1STZiOXo0WTMtc1g4S1JPcEtjOTAyOU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowV8AwQA
owWzMA0GCSqGSIb3DQEBCwUAA4IBAQCryTy2phrpVwLfaWOb4jMDdGwTv7p3lKL3
+umFiC3EUt4Eu8kxlNstUjIyfA49ZOLIoZf76sTUkPgW63g5XKqAon5iST40vHhC
+qaVKhYqpt6d24DF3WrcAn83vZLbjGVTfILbQ2UHBj1fRhbh+o1Cd8/s3wOnGsHZ
me81jRZjTkKiFHYtuUmb4l1jm9adqaeJprwmkUFGZysjHQ/NqfV789UvqMCFoClJ
H+v62NqDDcaQcuy3zr097S0Q0jxbrGaIIu/lAxlJbPjyB/qDiU4TOexm3Dp6XBYh
+tHlHuLOp/h5cFxy1wdh5KH5fBYNf+B4C7q0/CS9QFGfqLiMkYMW
-----END CERTIFICATE-----