Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/J5ugZowPsyeC96Pt4U_bTp-wjt0.roa
File:                     J5ugZowPsyeC96Pt4U_bTp-wjt0.roa (raw, json)
Hash identifier:          qICoWE57KoaD+h4zq7Kiddh3tj0ABnO1fFeK2E3G54U=
Subject key identifier:   27:9B:A0:66:8C:0F:B3:27:82:F7:A3:ED:E1:4F:DB:4E:9F:B0:8E:DD
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0196B3A310FD2E22E5667B9F31C7D7FC0F1D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/J5ugZowPsyeC96Pt4U_bTp-wjt0.roa
Signing time:             Fri 09 May 2025 06:02:10 +0000
ROA not before:           Fri 09 May 2025 06:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140627
IP address blocks:        163.5.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 17:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b3:a3:10:fd:2e:22:e5:66:7b:9f:31:c7:d7:fc:0f:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May  9 06:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=279ba0668c0fb32782f7a3ede14fdb4e9fb08edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0f:d2:e3:ef:0e:d7:30:3e:b4:3b:5c:7e:bb:
                    be:7f:fd:4f:31:f9:45:b9:8b:43:32:f3:01:a0:ab:
                    22:35:fa:27:1f:f9:dd:f3:88:b4:28:bc:96:8d:b1:
                    71:01:8f:07:71:df:c8:c1:07:2b:16:e8:e0:83:d6:
                    4a:32:38:07:d4:31:4e:64:82:bd:86:6a:c0:07:c1:
                    1d:eb:04:90:ee:db:b6:7d:9b:b3:bc:5a:87:cc:b9:
                    ef:1d:13:55:b8:16:94:05:66:25:07:56:c9:47:71:
                    27:24:9a:fa:41:95:6e:3a:bc:d8:dd:23:2b:01:cd:
                    4d:29:51:5c:cc:cb:65:c6:94:d8:4a:08:f3:68:35:
                    b5:3a:b3:03:08:3a:3f:a5:f5:23:fb:a7:e6:36:e4:
                    1c:22:fe:15:ab:93:b7:98:0e:77:b7:86:8d:6c:dc:
                    9c:cc:56:62:d5:68:c5:5c:01:7b:89:c5:30:f8:b6:
                    7b:2d:94:3e:b5:52:53:34:56:21:c5:cd:e3:32:ad:
                    35:f7:d4:69:82:71:28:25:b2:50:b4:e5:d7:69:6f:
                    a6:71:b2:3d:6f:a2:0e:1f:7f:22:7a:b3:b4:2a:3d:
                    a3:c5:1b:19:b9:16:7d:53:9b:ef:c0:f8:65:db:2e:
                    2f:84:8f:21:fd:8f:30:07:69:86:b5:56:cd:27:f3:
                    a3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:9B:A0:66:8C:0F:B3:27:82:F7:A3:ED:E1:4F:DB:4E:9F:B0:8E:DD
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/J5ugZowPsyeC96Pt4U_bTp-wjt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:e7:dc:ff:3d:34:60:b1:9c:20:d1:54:c8:e8:8f:76:7b:34:
         1d:4a:08:ea:9e:8e:9c:b0:14:fe:31:80:74:15:40:c3:c5:fc:
         ff:15:50:13:9b:f4:08:69:0d:e5:24:5d:ac:55:5a:f3:02:b8:
         35:42:a1:a4:02:1c:cc:e9:80:36:67:b5:37:bd:73:d6:93:a1:
         41:b3:42:a2:84:96:c9:f3:c2:df:11:09:9f:39:4b:e5:4f:7b:
         9a:ea:4d:0b:0b:c4:3d:ed:57:f5:ae:a3:f0:5b:45:73:86:20:
         92:ae:24:81:9d:1d:2e:9d:8e:c0:8f:ad:d5:40:4e:53:16:22:
         8c:7a:98:fe:e6:5c:41:64:00:01:63:75:26:36:97:5d:c3:c3:
         b7:c7:84:02:b9:90:d0:db:94:b5:54:74:6b:ff:09:a7:6a:16:
         ca:99:ef:bc:a0:a5:b9:c0:d2:bf:63:48:bf:b9:8f:8c:5f:d9:
         a0:e4:32:1d:33:44:32:3f:a3:c2:72:cd:43:34:69:e2:04:37:
         b0:66:fd:f2:1d:f9:39:31:f6:1b:5f:04:ad:1f:43:3b:7e:40:
         f6:cf:22:38:43:c4:16:9b:1b:03:eb:d3:81:8f:8e:40:97:49:
         12:97:7b:1a:75:e6:31:eb:b3:e8:a7:1f:cf:75:94:51:9c:cc:
         e1:b0:0f:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZazoxD9LiLlZnufMcfX/A8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNTA5MDYwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzliYTA2NjhjMGZiMzI3ODJmN2EzZWRlMTRmZGI0ZTlmYjA4ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzA/S4+8O1zA+tDtcfru+f/1PMflF
uYtDMvMBoKsiNfonH/nd84i0KLyWjbFxAY8Hcd/IwQcrFujgg9ZKMjgH1DFOZIK9
hmrAB8Ed6wSQ7tu2fZuzvFqHzLnvHRNVuBaUBWYlB1bJR3EnJJr6QZVuOrzY3SMr
Ac1NKVFczMtlxpTYSgjzaDW1OrMDCDo/pfUj+6fmNuQcIv4Vq5O3mA53t4aNbNyc
zFZi1WjFXAF7icUw+LZ7LZQ+tVJTNFYhxc3jMq0199RpgnEoJbJQtOXXaW+mcbI9
b6IOH38ierO0Kj2jxRsZuRZ9U5vvwPhl2y4vhI8h/Y8wB2mGtVbNJ/Oj7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeboGaMD7Mngvej7eFP206fsI7dMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSjV1Z1pvd1BzeWVDOTZQdDRVX2JUcC13anQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW4MA0G
CSqGSIb3DQEBCwUAA4IBAQC059z/PTRgsZwg0VTI6I92ezQdSgjqno6csBT+MYB0
FUDDxfz/FVATm/QIaQ3lJF2sVVrzArg1QqGkAhzM6YA2Z7U3vXPWk6FBs0KihJbJ
88LfEQmfOUvlT3ua6k0LC8Q97Vf1rqPwW0VzhiCSriSBnR0unY7Aj63VQE5TFiKM
epj+5lxBZAABY3UmNpddw8O3x4QCuZDQ25S1VHRr/wmnahbKme+8oKW5wNK/Y0i/
uY+MX9mg5DIdM0QyP6PCcs1DNGniBDewZv3yHfk5MfYbXwStH0M7fkD2zyI4Q8QW
mxsD69OBj45Al0kSl3sadeYx67Popx/PdZRRnMzhsA8R
-----END CERTIFICATE-----