Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BUKOEZIQGQNuMG-pDBoAZlkGn-A.roa
File:                     BUKOEZIQGQNuMG-pDBoAZlkGn-A.roa (raw, json)
Hash identifier:          QX5VZx/73nhLzMgIxdUt1vzUCdopSw8R4TigK+i+EN0=
Subject key identifier:   05:42:8E:11:92:10:19:03:6E:30:6F:A9:0C:1A:00:66:59:06:9F:E0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256C3B0EF5244875D8871529160689
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BUKOEZIQGQNuMG-pDBoAZlkGn-A.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        163.5.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6c:3b:0e:f5:24:48:75:d8:87:15:29:16:06:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05428e11921019036e306fa90c1a006659069fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c7:26:9d:b4:bf:3c:e3:9c:45:44:32:e5:64:
                    98:c8:9f:21:cd:87:85:9f:96:d5:fc:f2:e7:e5:be:
                    24:76:13:b7:0f:7e:a3:a3:44:d5:b3:21:41:50:2d:
                    c4:0d:b0:b9:50:ee:a3:63:55:aa:0f:1d:38:53:89:
                    87:14:f7:4b:3d:38:7f:e2:b8:38:f2:01:1f:eb:09:
                    56:d9:c9:aa:f2:11:08:c0:be:9d:43:04:f7:cf:9b:
                    95:1c:7a:96:24:40:72:3c:75:8c:e7:70:05:9d:01:
                    49:9d:cd:48:a1:bf:c0:c5:39:e7:a1:5e:b4:93:6f:
                    65:33:26:0b:08:e4:37:cb:00:f0:d6:b0:e3:b1:51:
                    c1:14:38:e3:3f:0b:0b:4c:70:f3:09:bc:94:32:a7:
                    f9:63:5e:db:30:29:ee:ea:b9:d4:61:98:2e:ef:f9:
                    6e:cc:47:af:08:10:fd:3b:0d:97:ef:68:5b:22:b3:
                    81:03:18:d3:58:31:9d:54:2a:08:15:ae:4b:8d:fd:
                    c9:a5:ce:8c:d9:df:e2:b8:f9:9e:ae:97:0f:e7:7a:
                    de:b5:4c:aa:8a:69:d5:e7:c0:20:56:b1:4a:84:98:
                    25:eb:c6:a6:53:8d:36:50:71:12:ea:a2:db:1b:81:
                    1a:14:7d:29:e8:d4:81:ac:5c:45:29:81:61:43:28:
                    28:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:42:8E:11:92:10:19:03:6E:30:6F:A9:0C:1A:00:66:59:06:9F:E0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BUKOEZIQGQNuMG-pDBoAZlkGn-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:41:d8:09:38:e5:b7:75:a2:55:a5:dd:16:94:25:43:f7:8d:
         7f:bb:64:e4:82:45:6e:b5:31:d1:5e:26:3f:cf:51:5b:06:9e:
         ea:b7:9c:97:e3:36:fd:e7:b8:73:db:e2:b2:da:fb:28:f7:e2:
         db:e8:d9:fc:f5:b6:45:2b:6f:c4:05:cd:a9:01:6e:36:99:35:
         72:d2:75:1d:17:47:38:76:ad:0a:97:1c:37:4d:ed:7f:b5:92:
         82:05:e9:ec:c3:79:52:89:8a:32:c5:42:a2:8b:b5:52:90:0f:
         a4:40:b2:13:5f:3d:bc:f8:b6:1c:16:8f:89:19:19:05:d1:c1:
         df:83:21:e1:30:87:a4:38:c8:47:39:fc:a5:dd:d3:4a:c4:f5:
         c6:44:8a:14:d8:f1:b0:14:07:73:6d:cc:ae:b4:42:f5:31:17:
         31:ab:32:1a:a7:b5:5a:12:06:84:47:81:37:9f:f9:4e:a6:c7:
         a7:ff:26:4f:09:59:12:bb:04:c0:2b:fb:7a:20:d1:0a:ff:58:
         12:9d:c2:3b:2e:9e:04:31:a1:1a:80:e2:aa:e2:ac:ee:59:10:
         8e:3a:54:bc:0b:51:fa:05:4f:17:ec:a8:47:7c:89:23:2c:57:
         ec:5c:2c:01:37:bd:42:b3:d0:72:ea:6b:d4:fb:5a:30:22:18:
         bb:35:13:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWw7DvUkSHXYhxUpFgaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTQyOGUxMTkyMTAxOTAzNmUzMDZmYTkwYzFhMDA2NjU5MDY5ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMcmnbS/POOcRUQy5WSYyJ8hzYeF
n5bV/PLn5b4kdhO3D36jo0TVsyFBUC3EDbC5UO6jY1WqDx04U4mHFPdLPTh/4rg4
8gEf6wlW2cmq8hEIwL6dQwT3z5uVHHqWJEByPHWM53AFnQFJnc1Iob/AxTnnoV60
k29lMyYLCOQ3ywDw1rDjsVHBFDjjPwsLTHDzCbyUMqf5Y17bMCnu6rnUYZgu7/lu
zEevCBD9Ow2X72hbIrOBAxjTWDGdVCoIFa5Ljf3Jpc6M2d/iuPmerpcP53retUyq
imnV58AgVrFKhJgl68amU402UHES6qLbG4EaFH0p6NSBrFxFKYFhQygoXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVCjhGSEBkDbjBvqQwaAGZZBp/gMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQlVLT0VaSVFHUU51TUctcERCb0FabGtHbi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUhMA0G
CSqGSIb3DQEBCwUAA4IBAQCcQdgJOOW3daJVpd0WlCVD941/u2TkgkVutTHRXiY/
z1FbBp7qt5yX4zb957hz2+Ky2vso9+Lb6Nn89bZFK2/EBc2pAW42mTVy0nUdF0c4
dq0Klxw3Te1/tZKCBensw3lSiYoyxUKii7VSkA+kQLITXz28+LYcFo+JGRkF0cHf
gyHhMIekOMhHOfyl3dNKxPXGRIoU2PGwFAdzbcyutEL1MRcxqzIap7VaEgaER4E3
n/lOpsen/yZPCVkSuwTAK/t6INEK/1gSncI7Lp4EMaEagOKq4qzuWRCOOlS8C1H6
BU8X7KhHfIkjLFfsXCwBN71Cs9By6mvU+1owIhi7NRPZ
-----END CERTIFICATE-----