Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0OrkPMMkC9j26pU2F7vcdidCyFM.roa
File:                     0OrkPMMkC9j26pU2F7vcdidCyFM.roa (raw, json)
Hash identifier:          AbsaD5QAx+TYaVlaTZKVCpYV8mBiyBUGzk52vlem/DA=
Subject key identifier:   D0:EA:E4:3C:C3:24:0B:D8:F6:EA:95:36:17:BB:DC:76:27:42:C8:53
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0190EE83F9CE1E45703C0D84AE851E2C712B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0OrkPMMkC9j26pU2F7vcdidCyFM.roa
Signing time:             Fri 26 Jul 2024 10:09:04 +0000
ROA not before:           Fri 26 Jul 2024 10:09:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12189
IP address blocks:        163.5.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:83:f9:ce:1e:45:70:3c:0d:84:ae:85:1e:2c:71:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 26 10:09:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0eae43cc3240bd8f6ea953617bbdc762742c853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:31:1a:43:db:e4:c6:b4:04:8a:e0:60:8c:6c:
                    ff:dd:4c:4e:c7:e9:29:7a:a8:65:5a:50:29:a4:8e:
                    9a:1f:a4:89:2e:77:a9:3e:e9:b4:c6:8b:f1:e8:93:
                    10:52:ed:28:f5:7a:c5:c5:39:05:b2:e7:6e:0c:64:
                    83:29:74:e5:d3:28:84:92:a6:04:2c:95:59:69:ab:
                    a1:59:64:e3:5e:e5:74:c0:bb:8b:6d:2e:b5:c1:dc:
                    8b:71:8e:a1:0b:5d:cf:a6:bd:5b:26:9a:b5:e9:93:
                    c0:bb:dd:8e:6c:99:94:08:fd:bc:dc:2a:5a:dc:bf:
                    53:98:c3:91:ea:96:22:28:2d:82:b2:9c:66:71:d0:
                    49:9b:d2:21:2a:30:b3:f6:f2:fe:da:ef:66:7b:7a:
                    60:f3:d1:c4:f4:5d:e8:13:ec:99:32:3f:98:2c:d7:
                    aa:79:c1:1a:fd:43:e6:d9:bd:94:81:0d:86:16:b7:
                    90:21:b0:cb:f4:a1:5c:e7:e9:34:b0:fc:59:cf:4c:
                    74:3d:be:e5:55:08:d4:c1:b2:ac:44:7f:48:e8:e3:
                    bf:10:33:e8:b0:f5:6f:61:3c:05:d4:3f:b1:e2:98:
                    18:f9:a1:e5:d4:02:ac:26:5e:7d:e4:2a:07:6d:11:
                    16:8b:e3:cb:1d:3c:31:19:fc:be:8b:5d:5f:fb:66:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:EA:E4:3C:C3:24:0B:D8:F6:EA:95:36:17:BB:DC:76:27:42:C8:53
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/0OrkPMMkC9j26pU2F7vcdidCyFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:51:7e:bd:f7:4b:72:57:48:e9:d3:f1:cc:91:2d:44:7d:e0:
         e2:cb:09:54:cf:ed:a2:3b:99:39:a0:41:31:59:16:38:1d:1f:
         90:d1:d3:90:00:47:8f:64:f8:fa:4e:36:42:0f:01:47:eb:87:
         87:83:0c:e7:81:03:b8:67:06:21:62:ef:50:16:4b:de:10:38:
         a8:17:e4:21:42:3b:b7:a2:76:5b:ab:a0:cd:99:3c:20:73:13:
         9d:8c:b9:fe:0c:fe:1a:5e:20:e6:68:3f:ee:02:58:76:8c:13:
         22:d1:75:1b:40:dd:73:b2:4e:8a:f3:43:20:96:84:80:5f:ef:
         ce:2c:ed:d2:cc:b0:ed:b1:62:e0:5d:8e:50:13:bd:59:28:b1:
         80:a5:10:1b:ab:fc:ce:ec:42:65:39:42:12:7c:93:a1:f9:0d:
         1d:5c:f0:94:f9:80:04:43:62:f2:0c:06:8c:45:9e:7c:85:52:
         98:b6:0b:df:12:70:ca:89:d0:04:31:83:fc:1a:83:c7:4a:6c:
         97:5b:17:a5:0d:0a:e9:fb:4b:1d:03:16:05:81:f8:a9:8b:2b:
         f5:5d:e0:04:f9:1d:d8:3a:5a:df:a6:37:2d:a6:8f:36:14:37:
         ae:c0:42:14:58:e2:eb:2a:3a:09:cb:f7:30:03:d9:8a:47:c1:
         e2:90:22:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDug/nOHkVwPA2EroUeLHErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNzI2MTAwOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGVhZTQzY2MzMjQwYmQ4ZjZlYTk1MzYxN2JiZGM3NjI3NDJjODUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzEaQ9vkxrQEiuBgjGz/3UxOx+kp
eqhlWlAppI6aH6SJLnepPum0xovx6JMQUu0o9XrFxTkFsuduDGSDKXTl0yiEkqYE
LJVZaauhWWTjXuV0wLuLbS61wdyLcY6hC13Ppr1bJpq16ZPAu92ObJmUCP283Cpa
3L9TmMOR6pYiKC2CspxmcdBJm9IhKjCz9vL+2u9me3pg89HE9F3oE+yZMj+YLNeq
ecEa/UPm2b2UgQ2GFreQIbDL9KFc5+k0sPxZz0x0Pb7lVQjUwbKsRH9I6OO/EDPo
sPVvYTwF1D+x4pgY+aHl1AKsJl595CoHbREWi+PLHTwxGfy+i11f+2b5WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDq5DzDJAvY9uqVNhe73HYnQshTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvME9ya1BNTWtDOWoyNnBVMkY3dmNkaWRDeUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXCMA0G
CSqGSIb3DQEBCwUAA4IBAQC0UX6990tyV0jp0/HMkS1EfeDiywlUz+2iO5k5oEEx
WRY4HR+Q0dOQAEePZPj6TjZCDwFH64eHgwzngQO4ZwYhYu9QFkveEDioF+QhQju3
onZbq6DNmTwgcxOdjLn+DP4aXiDmaD/uAlh2jBMi0XUbQN1zsk6K80MgloSAX+/O
LO3SzLDtsWLgXY5QE71ZKLGApRAbq/zO7EJlOUISfJOh+Q0dXPCU+YAEQ2LyDAaM
RZ58hVKYtgvfEnDKidAEMYP8GoPHSmyXWxelDQrp+0sdAxYFgfipiyv1XeAE+R3Y
Olrfpjctpo82FDeuwEIUWOLrKjoJy/cwA9mKR8HikCLz
-----END CERTIFICATE-----