Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oVw7lerT-007FZVeSTAnp0VEpbY.roa
File:                     oVw7lerT-007FZVeSTAnp0VEpbY.roa (raw, json)
Hash identifier:          8ufHfE5GCTJ0cnReqp3CHuVCyM/RPjsrgTlWSOixHtk=
Subject key identifier:   A1:5C:3B:95:EA:D3:FB:4D:3B:15:95:5E:49:30:27:A7:45:44:A5:B6
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018F7BE5742A8D109FF9C2F25A7EB392C634
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oVw7lerT-007FZVeSTAnp0VEpbY.roa
Signing time:             Wed 15 May 2024 10:56:25 +0000
ROA not before:           Wed 15 May 2024 10:56:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29066
IP address blocks:        163.5.65.0/24 maxlen: 24
                          163.5.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:e5:74:2a:8d:10:9f:f9:c2:f2:5a:7e:b3:92:c6:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 15 10:56:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a15c3b95ead3fb4d3b15955e493027a74544a5b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a4:51:1e:1c:77:ed:46:4c:0a:1c:b9:6f:0e:
                    a0:68:d4:50:c0:32:7c:30:86:70:01:c7:6f:d3:f0:
                    a0:9a:80:bb:35:94:92:4a:78:8c:f6:97:6a:0c:60:
                    e2:11:cd:79:31:2c:04:1c:39:9e:0b:b2:48:fc:08:
                    ab:d7:a2:d9:d6:d5:82:68:fe:1d:db:e6:0f:46:fa:
                    b5:80:f2:6a:02:07:54:cd:6c:04:5b:27:39:9d:98:
                    6f:d8:b3:c6:20:c2:0b:3f:9a:f1:6e:67:08:56:42:
                    bd:9c:a1:66:92:c2:58:83:f3:01:c6:f4:65:e8:ee:
                    e5:c3:cf:85:90:19:fe:bb:26:b7:85:98:12:67:2a:
                    ac:e6:f3:0f:e9:ea:53:d7:5a:5a:fa:9e:60:20:5a:
                    70:cb:45:a7:d8:0f:ff:e8:7e:07:72:fe:25:a1:cf:
                    f1:b3:3a:b3:36:01:10:88:75:15:78:57:78:a2:a8:
                    ff:7c:22:33:b3:77:96:d2:34:70:59:ae:ae:9e:18:
                    9c:f7:37:55:de:12:09:03:76:a6:fd:ef:1a:07:f5:
                    ca:1f:89:6a:7a:72:ca:1b:61:dc:cf:72:f5:d2:6d:
                    cd:7a:7e:7c:1e:28:a0:e4:97:b9:06:76:e1:dc:02:
                    8f:73:81:7e:ab:d0:fa:1e:82:bc:ad:6f:19:fb:a8:
                    0a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:5C:3B:95:EA:D3:FB:4D:3B:15:95:5E:49:30:27:A7:45:44:A5:B6
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oVw7lerT-007FZVeSTAnp0VEpbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.65.0/24
                  163.5.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:cb:33:3c:ab:9a:1d:b1:44:0c:74:64:e2:0a:3b:72:90:c9:
         cf:66:72:05:75:90:ce:47:2b:02:b5:dd:50:d6:a8:80:c7:ee:
         7c:8e:49:ae:6d:30:b4:d9:55:c9:b8:d7:5e:78:a4:3a:a2:47:
         9b:8e:97:07:f2:27:7d:6d:a5:8c:dc:eb:c1:cb:5b:6c:2a:e0:
         bd:b9:1e:f9:c5:41:2a:d0:ff:3a:a5:e6:2c:71:95:59:6c:c1:
         b6:63:07:f0:ef:74:11:ec:19:9e:3c:be:bb:89:7e:ae:7e:39:
         fa:0a:a9:4d:c2:cd:1e:39:f0:58:91:9f:f1:c2:d9:d8:ae:80:
         df:bc:24:ca:8a:5e:cd:ac:ae:a3:56:c3:36:c8:56:f7:d8:f5:
         b0:8f:df:b4:71:20:3e:78:c9:4e:81:55:d4:a4:f5:2b:48:64:
         3c:1a:d0:08:6c:9b:6c:17:e7:37:e4:65:96:71:bb:33:65:9c:
         5b:3e:3f:bc:6e:cf:00:f8:1e:d5:bb:4c:a6:41:f8:89:29:d0:
         6a:3e:c6:21:83:f8:1d:d1:fc:77:21:41:fa:cb:cd:ea:6b:1c:
         ca:24:45:21:3f:45:35:65:4a:14:13:58:d4:58:84:aa:1e:d0:
         e7:90:11:f8:e9:1f:2f:fb:5d:fd:3e:1e:98:7e:17:eb:e1:4f:
         fc:9b:44:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY975XQqjRCf+cLyWn6zksY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNTE1MTA1NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTVjM2I5NWVhZDNmYjRkM2IxNTk1NWU0OTMwMjdhNzQ1NDRhNWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKRRHhx37UZMChy5bw6gaNRQwDJ8
MIZwAcdv0/CgmoC7NZSSSniM9pdqDGDiEc15MSwEHDmeC7JI/Air16LZ1tWCaP4d
2+YPRvq1gPJqAgdUzWwEWyc5nZhv2LPGIMILP5rxbmcIVkK9nKFmksJYg/MBxvRl
6O7lw8+FkBn+uya3hZgSZyqs5vMP6epT11pa+p5gIFpwy0Wn2A//6H4Hcv4loc/x
szqzNgEQiHUVeFd4oqj/fCIzs3eW0jRwWa6unhic9zdV3hIJA3am/e8aB/XKH4lq
enLKG2Hcz3L10m3Nen58Hiig5Je5Bnbh3AKPc4F+q9D6HoK8rW8Z+6gK8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKFcO5Xq0/tNOxWVXkkwJ6dFRKW2MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvb1Z3N2xlclQtMDA3RlpWZVNUQW5wMFZFcGJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowVBAwQA
owXTMA0GCSqGSIb3DQEBCwUAA4IBAQBnyzM8q5odsUQMdGTiCjtykMnPZnIFdZDO
RysCtd1Q1qiAx+58jkmubTC02VXJuNdeeKQ6okebjpcH8id9baWM3OvBy1tsKuC9
uR75xUEq0P86peYscZVZbMG2Ywfw73QR7BmePL67iX6ufjn6CqlNws0eOfBYkZ/x
wtnYroDfvCTKil7NrK6jVsM2yFb32PWwj9+0cSA+eMlOgVXUpPUrSGQ8GtAIbJts
F+c35GWWcbszZZxbPj+8bs8A+B7Vu0ymQfiJKdBqPsYhg/gd0fx3IUH6y83qaxzK
JEUhP0U1ZUoUE1jUWISqHtDnkBH46R8v+139Ph6Yfhfr4U/8m0S8
-----END CERTIFICATE-----