Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mCTbIot2CR3HcLowJl_H2HHsBj0.roa
File:                     mCTbIot2CR3HcLowJl_H2HHsBj0.roa (raw, json)
Hash identifier:          sJx0I1VtcSyce8iLJRQed99rMv28Z8qcHy9Q1UjuKLo=
Subject key identifier:   98:24:DB:22:8B:76:09:1D:C7:70:BA:30:26:5F:C7:D8:71:EC:06:3D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01978DFB9358C5BC2AFFFFF2D93355856B14
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mCTbIot2CR3HcLowJl_H2HHsBj0.roa
Signing time:             Fri 20 Jun 2025 15:36:03 +0000
ROA not before:           Fri 20 Jun 2025 15:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        163.5.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 16:48:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8d:fb:93:58:c5:bc:2a:ff:ff:f2:d9:33:55:85:6b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 20 15:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9824db228b76091dc770ba30265fc7d871ec063d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:12:df:f8:7b:d7:23:f7:0a:db:a4:5a:56:e1:
                    44:e2:05:8c:93:2a:75:e9:a7:60:89:e2:44:0c:1f:
                    ed:41:c0:9e:61:60:f6:5f:41:ef:fd:4c:4c:83:a9:
                    3c:8d:7f:30:b3:ee:4b:b2:d2:07:a7:e3:24:12:cf:
                    e7:b3:7d:83:91:33:3e:26:09:6b:42:a4:e4:a5:3b:
                    de:d1:1e:70:98:da:6f:53:ab:10:c2:18:89:05:2b:
                    56:3d:e4:15:d4:1f:19:af:8b:51:15:fc:d7:c5:d4:
                    d9:85:5b:2f:52:89:c9:cc:31:d9:e7:31:51:69:d5:
                    2b:2f:3d:dc:8d:92:66:af:5b:17:44:15:09:75:81:
                    fe:71:4f:f6:52:1c:76:06:82:2b:e5:0f:f8:a4:ed:
                    52:ba:29:de:2b:5b:ef:84:8e:0a:53:1a:f4:f0:ab:
                    1f:24:14:6d:7c:37:f4:cc:fe:c2:c5:61:a3:0c:c0:
                    45:75:98:0b:22:eb:42:f9:18:d5:1e:b2:92:4a:cf:
                    59:cb:fb:c3:25:d3:a5:53:67:d3:40:05:2a:fd:60:
                    f8:67:01:0d:b4:a1:4b:b3:69:aa:6f:a4:e7:de:10:
                    da:7e:5d:a3:a7:7c:81:d8:ae:0b:c5:16:9c:2a:1a:
                    69:96:9f:cc:7b:c4:5d:0a:5a:0a:da:ea:b4:ef:29:
                    39:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:24:DB:22:8B:76:09:1D:C7:70:BA:30:26:5F:C7:D8:71:EC:06:3D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mCTbIot2CR3HcLowJl_H2HHsBj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:1e:95:ca:79:93:96:6c:ea:35:9e:31:4c:1f:4e:9d:dd:54:
         c0:c0:d3:48:d3:7b:38:8b:08:e2:da:af:c8:8f:b1:29:c3:8c:
         64:ee:0a:d9:3d:0c:90:b8:31:ad:91:58:8d:06:3e:d4:eb:28:
         86:1e:86:c1:86:a5:6c:95:57:1e:26:7a:24:65:43:89:16:5d:
         ad:ed:86:62:fc:9d:ba:23:65:5c:fa:25:50:1d:b8:4d:a0:96:
         4b:98:ae:9e:7a:bd:c0:48:ff:e7:84:53:41:98:fe:2f:af:5b:
         38:40:32:d1:12:42:40:72:ed:65:89:06:ad:a4:c7:85:22:10:
         05:9f:e5:d3:d9:70:ef:97:45:22:da:a4:87:8b:48:b1:9a:3c:
         84:3f:06:4b:9d:4b:4b:78:d6:a3:b3:9f:fb:cb:83:8f:32:db:
         55:b4:1f:af:e9:73:91:e5:cb:5b:37:3b:00:15:5a:68:6f:7d:
         ab:c5:ce:d9:0b:89:8b:5f:82:4f:c4:66:9a:a1:79:36:f4:c5:
         f9:da:ce:c3:b0:60:bf:93:69:95:fb:f2:76:7f:74:83:bc:cc:
         b9:6b:55:44:52:84:69:86:fe:38:c4:b0:7d:1e:ca:cb:19:a3:
         9f:c2:f7:eb:36:1c:8d:a8:d7:01:71:df:44:fc:0a:24:f8:62:
         77:43:4a:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeN+5NYxbwq///y2TNVhWsUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjIwMTUzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODI0ZGIyMjhiNzYwOTFkYzc3MGJhMzAyNjVmYzdkODcxZWMwNjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhLf+HvXI/cK26RaVuFE4gWMkyp1
6adgieJEDB/tQcCeYWD2X0Hv/UxMg6k8jX8ws+5LstIHp+MkEs/ns32DkTM+Jglr
QqTkpTve0R5wmNpvU6sQwhiJBStWPeQV1B8Zr4tRFfzXxdTZhVsvUonJzDHZ5zFR
adUrLz3cjZJmr1sXRBUJdYH+cU/2Uhx2BoIr5Q/4pO1SuineK1vvhI4KUxr08Ksf
JBRtfDf0zP7CxWGjDMBFdZgLIutC+RjVHrKSSs9Zy/vDJdOlU2fTQAUq/WD4ZwEN
tKFLs2mqb6Tn3hDafl2jp3yB2K4LxRacKhpplp/Me8RdCloK2uq07yk5QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgk2yKLdgkdx3C6MCZfx9hx7AY9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbUNUYklvdDJDUjNIY0xvd0psX0gySEhzQmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXfMA0G
CSqGSIb3DQEBCwUAA4IBAQANHpXKeZOWbOo1njFMH06d3VTAwNNI03s4iwji2q/I
j7Epw4xk7grZPQyQuDGtkViNBj7U6yiGHobBhqVslVceJnokZUOJFl2t7YZi/J26
I2Vc+iVQHbhNoJZLmK6eer3ASP/nhFNBmP4vr1s4QDLREkJAcu1liQatpMeFIhAF
n+XT2XDvl0Ui2qSHi0ixmjyEPwZLnUtLeNajs5/7y4OPMttVtB+v6XOR5ctbNzsA
FVpob32rxc7ZC4mLX4JPxGaaoXk29MX52s7DsGC/k2mV+/J2f3SDvMy5a1VEUoRp
hv44xLB9HsrLGaOfwvfrNhyNqNcBcd9E/Aok+GJ3Q0rM
-----END CERTIFICATE-----