Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2nokgesQDisjawg7EutHBjQOj4A.roa
File:                     2nokgesQDisjawg7EutHBjQOj4A.roa (raw, json)
Hash identifier:          pxSXRJ8VGYmFPLB3RA6Jdd+kQ1S/xbI6u/6HO7+nWOc=
Subject key identifier:   DA:7A:24:81:EB:10:0E:2B:23:6B:08:3B:12:EB:47:06:34:0E:8F:80
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019661333FE7F7A78CC25C0883F597202EB9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2nokgesQDisjawg7EutHBjQOj4A.roa
Signing time:             Wed 23 Apr 2025 05:51:10 +0000
ROA not before:           Wed 23 Apr 2025 05:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215703
IP address blocks:        163.5.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:61:33:3f:e7:f7:a7:8c:c2:5c:08:83:f5:97:20:2e:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 23 05:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da7a2481eb100e2b236b083b12eb4706340e8f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a0:a7:2f:fb:b4:f5:6b:a3:b2:e1:60:5b:01:
                    90:1b:e6:3b:67:f0:1b:14:ce:0c:8f:12:0b:15:5f:
                    00:90:f0:ac:54:07:cf:ae:e0:de:78:d9:7b:84:01:
                    4b:bc:83:f1:f4:5c:bf:7b:a8:a7:b4:7d:6b:ca:43:
                    91:24:52:f4:f6:c0:57:27:18:c1:4b:db:62:8c:ef:
                    70:b8:7c:d8:a0:c1:f5:68:12:c0:34:b0:31:b1:26:
                    68:68:bb:c0:6a:68:c9:f9:b3:e5:62:a3:95:af:e0:
                    3d:1d:2b:f4:62:71:d7:17:b1:a7:0d:e9:14:20:c4:
                    2b:12:df:29:45:06:19:97:85:4a:6d:69:b5:0c:55:
                    a7:eb:d8:08:59:ae:9f:d8:22:78:d0:7e:ed:cc:85:
                    e1:f2:db:db:9a:3f:2c:f7:fa:c2:df:09:8c:ea:fa:
                    ae:64:49:32:e7:bc:04:00:d3:8e:a3:18:eb:9c:1a:
                    fb:2c:a6:8c:c7:5d:62:73:ce:2d:05:8e:2d:2c:7f:
                    70:8b:ce:98:9b:fe:08:d8:ee:25:07:da:a9:c3:91:
                    2a:3a:a5:e6:52:f9:72:e7:73:b8:77:eb:2e:38:e2:
                    8d:c2:37:c0:29:f9:71:13:08:d9:db:b5:24:9a:3c:
                    c2:fe:5a:65:11:f0:9f:7f:7b:e3:ea:e7:1d:f5:1c:
                    71:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7A:24:81:EB:10:0E:2B:23:6B:08:3B:12:EB:47:06:34:0E:8F:80
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/2nokgesQDisjawg7EutHBjQOj4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:19:d9:05:a1:dc:8c:f7:2a:2f:09:7b:0c:3e:0b:a0:27:b1:
         3d:22:3f:fa:62:02:0c:76:55:08:d0:19:0d:e5:69:9c:80:15:
         58:51:57:54:3f:af:ee:b4:68:29:3e:64:e0:ba:2d:5c:57:a5:
         10:89:b6:e0:24:ae:02:df:07:e7:65:d1:c7:b4:6e:2d:42:82:
         7f:5d:52:38:8f:4a:4d:44:78:bd:66:d5:97:7b:4e:19:a1:62:
         24:1d:1a:d8:c9:53:4f:f2:84:1f:77:9c:ed:37:ff:32:bb:3b:
         19:d2:01:cd:e6:10:3b:52:e0:5f:c8:a1:96:d8:75:98:bf:43:
         b5:b4:51:87:e8:26:b8:c0:65:7c:43:83:b9:7f:73:b5:d3:3b:
         ba:1d:e1:95:e7:ba:36:cf:12:ec:02:88:39:b5:78:6d:61:bc:
         e6:e6:68:a8:74:71:ad:27:6a:3e:9e:02:f6:51:fd:d0:01:4c:
         39:12:ac:9c:4b:22:49:65:ce:7d:63:f4:1d:0a:8b:7d:24:5f:
         7a:6c:74:51:50:b3:ac:cc:19:52:97:7e:42:c1:e1:13:30:b8:
         65:6b:a0:a8:0a:09:6b:19:36:34:46:90:33:bd:8f:13:d3:4e:
         c3:57:30:e1:58:e5:b5:33:ca:37:82:96:4d:ca:4b:db:84:8f:
         05:22:67:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZhMz/n96eMwlwIg/WXIC65MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNDIzMDU1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdhMjQ4MWViMTAwZTJiMjM2YjA4M2IxMmViNDcwNjM0MGU4ZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6CnL/u09WujsuFgWwGQG+Y7Z/Ab
FM4MjxILFV8AkPCsVAfPruDeeNl7hAFLvIPx9Fy/e6intH1rykORJFL09sBXJxjB
S9tijO9wuHzYoMH1aBLANLAxsSZoaLvAamjJ+bPlYqOVr+A9HSv0YnHXF7GnDekU
IMQrEt8pRQYZl4VKbWm1DFWn69gIWa6f2CJ40H7tzIXh8tvbmj8s9/rC3wmM6vqu
ZEky57wEANOOoxjrnBr7LKaMx11ic84tBY4tLH9wi86Ym/4I2O4lB9qpw5EqOqXm
Uvly53O4d+suOOKNwjfAKflxEwjZ27UkmjzC/lplEfCff3vj6ucd9RxxAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp6JIHrEA4rI2sIOxLrRwY0Do+AMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMm5va2dlc1FEaXNqYXdnN0V1dEhCalFPajRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowU/MA0G
CSqGSIb3DQEBCwUAA4IBAQCHGdkFodyM9yovCXsMPgugJ7E9Ij/6YgIMdlUI0BkN
5WmcgBVYUVdUP6/utGgpPmTgui1cV6UQibbgJK4C3wfnZdHHtG4tQoJ/XVI4j0pN
RHi9ZtWXe04ZoWIkHRrYyVNP8oQfd5ztN/8yuzsZ0gHN5hA7UuBfyKGW2HWYv0O1
tFGH6Ca4wGV8Q4O5f3O10zu6HeGV57o2zxLsAog5tXhtYbzm5miodHGtJ2o+ngL2
Uf3QAUw5EqycSyJJZc59Y/QdCot9JF96bHRRULOszBlSl35CweETMLhla6CoCglr
GTY0RpAzvY8T007DVzDhWOW1M8o3gpZNykvbhI8FImd0
-----END CERTIFICATE-----