Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8Iy7PEgXCENcqbUTF4NgEWAIGxE.roa
File:                     8Iy7PEgXCENcqbUTF4NgEWAIGxE.roa (raw, json)
Hash identifier:          tYoHauDzrK0HZEXCf5eIiTSzW+qOb+aqPn4bkcB7B14=
Subject key identifier:   F0:8C:BB:3C:48:17:08:43:5C:A9:B5:13:17:83:60:11:60:08:1B:11
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC42558EBD01C19277B84318D8BF42B94
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8Iy7PEgXCENcqbUTF4NgEWAIGxE.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        163.5.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:58:eb:d0:1c:19:27:7b:84:31:8d:8b:f4:2b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f08cbb3c481708435ca9b5131783601160081b11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4a:1c:c8:38:70:9d:19:fc:7e:9c:2e:ed:ce:
                    df:5f:d4:a9:bd:17:16:6b:5e:33:41:75:5a:6e:83:
                    9f:ad:86:51:39:06:a0:cc:2f:ba:82:97:e8:c1:a7:
                    e5:e2:f4:54:8b:fc:d8:48:6f:02:61:90:74:3a:22:
                    bc:62:81:22:33:bb:d8:62:35:ce:6c:94:74:a7:85:
                    92:4f:ad:9b:7f:72:85:ab:1a:53:e9:d8:4d:d5:48:
                    84:ab:91:c8:43:51:ca:33:22:30:73:d7:59:0e:bd:
                    ee:64:be:04:31:50:69:e2:ed:0a:3f:c7:df:c3:5c:
                    21:26:0a:4e:c9:73:cd:23:8d:2b:08:4f:b0:33:95:
                    39:95:b5:0f:4c:bb:72:3c:53:2f:7d:00:b4:7a:39:
                    53:b9:c3:b4:57:b7:aa:c7:fe:5c:ea:c2:e7:a9:c8:
                    a1:fb:43:f3:c3:b1:d0:3a:78:25:ed:16:75:31:d1:
                    0c:bf:a1:f0:1b:d6:65:74:a0:8e:8a:35:4f:07:f1:
                    cc:41:2b:05:21:f9:7d:75:34:60:1a:a7:aa:a3:9f:
                    10:a7:66:26:4e:21:b0:a2:b2:a4:8c:79:ed:fa:e5:
                    54:ef:8d:d2:1b:98:90:ff:0c:d7:34:95:08:f2:35:
                    a2:70:08:c9:c3:bd:42:18:67:5f:d1:e9:c4:ab:3a:
                    96:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:8C:BB:3C:48:17:08:43:5C:A9:B5:13:17:83:60:11:60:08:1B:11
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8Iy7PEgXCENcqbUTF4NgEWAIGxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:ee:f2:69:aa:f2:2b:6e:fa:7a:24:f4:0b:de:ab:fd:b7:b8:
         56:b9:a5:0d:14:b2:53:48:39:0a:66:ab:d0:37:f0:c7:27:bb:
         22:32:3b:17:26:15:78:7f:0e:bc:c4:01:38:e4:6e:e6:ca:0c:
         1f:6e:9e:94:7f:1c:71:21:42:d0:4f:3b:8d:dd:c5:78:63:cf:
         24:3a:31:d5:4c:dc:88:a5:16:89:73:0b:5f:ba:09:03:8b:9c:
         98:af:bb:96:ce:45:43:09:05:78:cc:4b:22:9e:bc:4c:a0:d6:
         85:2b:7c:c3:f9:12:29:c9:1b:41:e7:32:d5:6b:1c:16:bc:a8:
         dc:ef:f9:f0:49:a0:7e:cc:3d:6e:2f:a9:a4:9c:5e:fc:a3:67:
         76:2b:b0:d6:25:ef:16:a6:dd:27:80:90:d9:59:8a:74:79:d4:
         87:95:c1:e1:5a:50:ec:d8:bc:d2:ed:b0:76:bb:8d:d5:ed:31:
         a6:68:54:c1:43:20:15:6b:fd:40:9b:f2:0c:3a:64:53:13:f8:
         c9:af:39:e7:38:bc:64:d1:60:25:c2:cc:e2:6e:a3:57:86:0d:
         74:bd:7e:50:db:2a:91:d1:6d:4a:7b:20:92:a5:cd:8d:7c:30:
         d2:40:26:78:59:5a:23:d9:6a:9c:e7:39:63:0f:b5:5d:8b:35:
         af:3b:f7:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVjr0BwZJ3uEMY2L9CuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDhjYmIzYzQ4MTcwODQzNWNhOWI1MTMxNzgzNjAxMTYwMDgxYjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEocyDhwnRn8fpwu7c7fX9SpvRcW
a14zQXVaboOfrYZROQagzC+6gpfowafl4vRUi/zYSG8CYZB0OiK8YoEiM7vYYjXO
bJR0p4WST62bf3KFqxpT6dhN1UiEq5HIQ1HKMyIwc9dZDr3uZL4EMVBp4u0KP8ff
w1whJgpOyXPNI40rCE+wM5U5lbUPTLtyPFMvfQC0ejlTucO0V7eqx/5c6sLnqcih
+0Pzw7HQOngl7RZ1MdEMv6HwG9ZldKCOijVPB/HMQSsFIfl9dTRgGqeqo58Qp2Ym
TiGworKkjHnt+uVU743SG5iQ/wzXNJUI8jWicAjJw71CGGdf0enEqzqWMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCMuzxIFwhDXKm1ExeDYBFgCBsRMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvOEl5N1BFZ1hDRU5jcWJVVEY0TmdFV0FJR3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW7MA0G
CSqGSIb3DQEBCwUAA4IBAQCv7vJpqvIrbvp6JPQL3qv9t7hWuaUNFLJTSDkKZqvQ
N/DHJ7siMjsXJhV4fw68xAE45G7mygwfbp6UfxxxIULQTzuN3cV4Y88kOjHVTNyI
pRaJcwtfugkDi5yYr7uWzkVDCQV4zEsinrxMoNaFK3zD+RIpyRtB5zLVaxwWvKjc
7/nwSaB+zD1uL6mknF78o2d2K7DWJe8Wpt0ngJDZWYp0edSHlcHhWlDs2LzS7bB2
u43V7TGmaFTBQyAVa/1Am/IMOmRTE/jJrznnOLxk0WAlwszibqNXhg10vX5Q2yqR
0W1KeyCSpc2NfDDSQCZ4WVoj2Wqc5zljD7VdizWvO/dd
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:47:08 2024 by rpki-client on console-fra.rpki-client.org