Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GE4-rSK9fvpoQkeJBtohykoew70.roa
File:                     GE4-rSK9fvpoQkeJBtohykoew70.roa (raw, json)
Hash identifier:          OTVhnB/qsH/AGFKHFhj4zSKct6WRC6kBLpz4olEy3FM=
Subject key identifier:   18:4E:3E:AD:22:BD:7E:FA:68:42:47:89:06:DA:21:CA:4A:1E:C3:BD
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01917C3CC54D45CDB997E30D6FEAD512E6B5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GE4-rSK9fvpoQkeJBtohykoew70.roa
Signing time:             Thu 22 Aug 2024 22:37:22 +0000
ROA not before:           Thu 22 Aug 2024 22:37:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24429
IP address blocks:        163.5.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7c:3c:c5:4d:45:cd:b9:97:e3:0d:6f:ea:d5:12:e6:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 22 22:37:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=184e3ead22bd7efa6842478906da21ca4a1ec3bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:77:69:f5:a9:29:cf:5d:d4:9b:49:c7:0c:2c:
                    78:55:ed:22:6e:e9:17:e8:de:02:df:a9:79:03:20:
                    14:93:32:d1:e1:ea:d7:5d:26:35:b1:2f:61:a4:41:
                    5e:2c:d9:f2:6c:b4:70:2c:cb:15:59:c8:cc:cf:93:
                    ec:32:f0:f2:11:9f:3d:30:df:5c:5c:10:37:35:5a:
                    6a:42:da:32:2c:5a:49:6f:9a:d1:a8:37:15:e8:02:
                    dc:32:51:ba:68:a6:3b:eb:6f:26:8a:15:95:2c:38:
                    9d:94:01:3c:70:02:78:73:2b:a6:63:05:86:b6:44:
                    18:76:2f:bc:85:d6:ce:c2:0a:91:7c:03:97:94:36:
                    24:ca:8d:53:35:dd:d4:b6:4d:8e:e2:54:7c:3d:d8:
                    80:33:a2:48:c9:b0:1d:bd:fb:11:13:6a:28:a7:94:
                    e6:07:14:af:17:1f:40:6e:e7:b6:74:b1:0f:22:ce:
                    dd:16:39:e0:e8:e6:9b:e8:37:40:bf:5f:eb:9b:3a:
                    3a:dd:7d:67:83:93:01:65:c9:63:2c:c2:25:3a:89:
                    60:7e:c6:a0:1d:f2:45:f8:e4:10:5e:d8:83:e8:cc:
                    23:30:d5:d0:0a:72:e4:e1:a6:42:38:cb:03:2f:5f:
                    23:65:4b:1c:ae:4a:8a:df:6e:17:4d:16:eb:ac:05:
                    8e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:4E:3E:AD:22:BD:7E:FA:68:42:47:89:06:DA:21:CA:4A:1E:C3:BD
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GE4-rSK9fvpoQkeJBtohykoew70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:94:f9:fc:a5:0f:ba:5f:e3:a6:8e:b3:fd:10:59:d2:79:22:
         68:78:3e:7f:33:0c:94:07:bc:89:02:9f:e6:c5:d2:a0:dd:14:
         12:71:17:3f:f9:b2:a7:c7:55:95:93:0d:fe:72:e0:98:03:06:
         6a:df:98:fe:9c:d9:7f:c0:43:4b:69:59:ec:73:87:d2:09:25:
         60:9d:87:8d:e6:5f:dd:54:e7:cf:55:54:23:51:fe:24:7e:21:
         8c:4d:67:97:35:d5:6f:1d:d4:3e:f1:66:79:ab:87:2e:c9:82:
         ab:b0:49:b0:c6:63:e1:db:7a:52:0f:02:6e:c6:68:03:bd:e6:
         76:e1:b5:33:95:8b:bf:cd:ac:f3:49:72:c5:cd:cd:c1:54:ab:
         22:f7:a2:8d:3f:60:22:70:15:18:24:e3:e6:73:dc:03:58:47:
         dd:20:7b:4b:66:2e:98:c1:eb:ce:ed:dd:8d:b0:ee:72:78:9b:
         ea:7a:08:46:46:6b:7b:36:83:13:bf:fe:a1:6d:1a:8a:a4:ab:
         cd:d4:4d:fc:84:71:bc:9d:ee:75:b1:32:d6:28:c9:41:76:be:
         a4:bd:19:a0:6f:e4:ff:a0:e0:41:da:52:39:47:e7:e7:7e:20:
         99:c1:ed:eb:b9:2e:2f:62:a0:8a:71:e6:37:92:9c:24:8f:b0:
         45:b0:b0:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF8PMVNRc25l+MNb+rVEua1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwODIyMjIzNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODRlM2VhZDIyYmQ3ZWZhNjg0MjQ3ODkwNmRhMjFjYTRhMWVjM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjndp9akpz13Um0nHDCx4Ve0ibukX
6N4C36l5AyAUkzLR4erXXSY1sS9hpEFeLNnybLRwLMsVWcjMz5PsMvDyEZ89MN9c
XBA3NVpqQtoyLFpJb5rRqDcV6ALcMlG6aKY7628mihWVLDidlAE8cAJ4cyumYwWG
tkQYdi+8hdbOwgqRfAOXlDYkyo1TNd3Utk2O4lR8PdiAM6JIybAdvfsRE2oop5Tm
BxSvFx9Abue2dLEPIs7dFjng6Oab6DdAv1/rmzo63X1ng5MBZcljLMIlOolgfsag
HfJF+OQQXtiD6MwjMNXQCnLk4aZCOMsDL18jZUscrkqK324XTRbrrAWOQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhOPq0ivX76aEJHiQbaIcpKHsO9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvR0U0LXJTSzlmdnBvUWtlSkJ0b2h5a29ldzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWmMA0G
CSqGSIb3DQEBCwUAA4IBAQAelPn8pQ+6X+OmjrP9EFnSeSJoeD5/MwyUB7yJAp/m
xdKg3RQScRc/+bKnx1WVkw3+cuCYAwZq35j+nNl/wENLaVnsc4fSCSVgnYeN5l/d
VOfPVVQjUf4kfiGMTWeXNdVvHdQ+8WZ5q4cuyYKrsEmwxmPh23pSDwJuxmgDveZ2
4bUzlYu/zazzSXLFzc3BVKsi96KNP2AicBUYJOPmc9wDWEfdIHtLZi6YwevO7d2N
sO5yeJvqeghGRmt7NoMTv/6hbRqKpKvN1E38hHG8ne51sTLWKMlBdr6kvRmgb+T/
oOBB2lI5R+fnfiCZwe3ruS4vYqCKceY3kpwkj7BFsLDo
-----END CERTIFICATE-----