Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Xq73TwVYf8vNyyKM_Cjn24PqLr0.roa
File:                     Xq73TwVYf8vNyyKM_Cjn24PqLr0.roa (raw, json)
Hash identifier:          6QKdt9BJLMApByrCL88xNhQC8UnB+XfYJah/JDM2czQ=
Subject key identifier:   5E:AE:F7:4F:05:58:7F:CB:CD:CB:22:8C:FC:28:E7:DB:83:EA:2E:BD
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0196B3A310AC6673ADD4E51FC0601550E267
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Xq73TwVYf8vNyyKM_Cjn24PqLr0.roa
Signing time:             Fri 09 May 2025 06:02:10 +0000
ROA not before:           Fri 09 May 2025 06:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9291
IP address blocks:        163.5.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 14:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b3:a3:10:ac:66:73:ad:d4:e5:1f:c0:60:15:50:e2:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May  9 06:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5eaef74f05587fcbcdcb228cfc28e7db83ea2ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:66:8e:3c:28:a8:93:a3:c6:ea:c5:20:53:84:
                    23:4a:95:ec:1c:d9:14:82:87:f3:8a:09:b1:9c:2b:
                    bd:3a:1e:4e:12:aa:b6:8c:9b:ff:57:d4:e3:e6:f1:
                    84:d3:dc:39:c9:9d:8d:9d:2b:3d:08:f0:87:60:1a:
                    aa:01:8c:ef:ab:35:33:45:0a:bb:c5:28:a0:21:de:
                    c9:23:c4:39:52:ae:48:3f:fb:0e:3e:ac:1d:db:e1:
                    c2:15:97:64:0b:3d:0a:17:32:1c:bc:01:9c:98:da:
                    a7:aa:b6:2f:6d:6c:c6:6e:45:3a:a3:61:d9:bf:9a:
                    ce:c4:9b:3b:6e:7d:4f:32:51:93:cc:3b:ad:54:2c:
                    aa:09:40:a4:24:73:ed:cd:87:22:61:36:18:d1:78:
                    62:b4:4e:ab:3f:28:57:e5:de:e3:27:24:f4:d6:6d:
                    4b:23:58:c2:fd:a4:ea:7f:ab:92:ca:35:18:1b:e6:
                    40:10:49:48:97:02:c9:76:e4:4e:63:8e:5b:6e:48:
                    d0:63:71:fe:d2:76:68:7d:9e:b1:10:36:4a:45:3d:
                    0d:66:7a:cb:79:97:fc:f9:1b:71:fe:03:91:a7:4f:
                    28:21:3d:42:17:b4:92:32:ae:ed:8a:06:d8:40:8f:
                    58:34:a8:2c:ff:b1:12:2c:9a:fe:d3:bd:87:27:62:
                    c7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:AE:F7:4F:05:58:7F:CB:CD:CB:22:8C:FC:28:E7:DB:83:EA:2E:BD
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Xq73TwVYf8vNyyKM_Cjn24PqLr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ac:ca:08:05:26:7c:d1:f4:6f:9d:6f:32:c4:61:00:da:0d:
         15:e7:13:82:6b:45:b0:9c:dc:5c:f1:b2:9d:3c:9e:84:c6:22:
         29:2c:47:4f:8a:e8:50:c9:e8:ea:0e:2d:b1:7c:d2:f9:b8:5f:
         33:d2:54:67:c3:d7:ed:ef:c9:dc:32:66:ab:a6:d4:6a:17:2f:
         61:a4:4c:76:2e:20:99:8f:bd:87:70:00:0c:a7:6e:2b:d7:e0:
         9c:a0:2e:ae:fd:6c:3c:95:d8:86:e1:f2:3c:da:c9:ec:87:6c:
         c8:76:bf:ef:e2:43:5c:e3:ff:4c:cd:41:7b:8b:93:22:b2:45:
         0a:e5:78:4c:06:01:18:53:70:a6:71:a7:c1:18:22:31:bd:7c:
         b8:ca:24:2d:6d:f3:04:29:cc:99:79:1b:92:f0:92:7d:a9:d2:
         44:ac:9b:d8:cd:c0:5a:51:a8:52:98:49:a5:06:90:5b:56:9d:
         1e:ab:42:5e:3d:d4:8b:53:80:3d:27:fb:ef:3a:93:2f:c7:53:
         8f:d4:94:b1:73:78:bd:e5:86:a4:1b:51:d4:c4:77:01:25:0a:
         e8:c6:50:f5:ea:31:7d:97:3b:30:df:d9:da:0f:dd:be:f8:96:
         f8:03:70:f1:4a:76:a1:09:c5:b3:cb:a3:71:ae:bc:58:05:ad:
         d3:a6:66:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZazoxCsZnOt1OUfwGAVUOJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNTA5MDYwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWFlZjc0ZjA1NTg3ZmNiY2RjYjIyOGNmYzI4ZTdkYjgzZWEyZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA82aOPCiok6PG6sUgU4QjSpXsHNkU
gofzigmxnCu9Oh5OEqq2jJv/V9Tj5vGE09w5yZ2NnSs9CPCHYBqqAYzvqzUzRQq7
xSigId7JI8Q5Uq5IP/sOPqwd2+HCFZdkCz0KFzIcvAGcmNqnqrYvbWzGbkU6o2HZ
v5rOxJs7bn1PMlGTzDutVCyqCUCkJHPtzYciYTYY0XhitE6rPyhX5d7jJyT01m1L
I1jC/aTqf6uSyjUYG+ZAEElIlwLJduROY45bbkjQY3H+0nZofZ6xEDZKRT0NZnrL
eZf8+Rtx/gORp08oIT1CF7SSMq7tigbYQI9YNKgs/7ESLJr+072HJ2LHnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6u908FWH/LzcsijPwo59uD6i69MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWHE3M1R3VllmOHZOeXlLTV9Dam4yNFBxTHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW4MA0G
CSqGSIb3DQEBCwUAA4IBAQBcrMoIBSZ80fRvnW8yxGEA2g0V5xOCa0WwnNxc8bKd
PJ6ExiIpLEdPiuhQyejqDi2xfNL5uF8z0lRnw9ft78ncMmarptRqFy9hpEx2LiCZ
j72HcAAMp24r1+CcoC6u/Ww8ldiG4fI82snsh2zIdr/v4kNc4/9MzUF7i5MiskUK
5XhMBgEYU3CmcafBGCIxvXy4yiQtbfMEKcyZeRuS8JJ9qdJErJvYzcBaUahSmEml
BpBbVp0eq0JePdSLU4A9J/vvOpMvx1OP1JSxc3i95YakG1HUxHcBJQroxlD16jF9
lzsw39naD92++Jb4A3DxSnahCcWzy6NxrrxYBa3TpmYO
-----END CERTIFICATE-----