Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/I9IEEpjpYQVqXn8s0LFPMu-e8Us.roa
File:                     I9IEEpjpYQVqXn8s0LFPMu-e8Us.roa (raw, json)
Hash identifier:          TUxcgYJDjRl29mfbiPtl4QjssqOsr84dN0jDdHxnbVQ=
Subject key identifier:   23:D2:04:12:98:E9:61:05:6A:5E:7F:2C:D0:B1:4F:32:EF:9E:F1:4B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018D412DB85BFE337242D133280697BDC59D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/I9IEEpjpYQVqXn8s0LFPMu-e8Us.roa
Signing time:             Thu 25 Jan 2024 15:12:11 +0000
ROA not before:           Thu 25 Jan 2024 15:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        163.5.135.0/24 maxlen: 24
                          163.5.175.0/24 maxlen: 24
                          163.5.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:41:2d:b8:5b:fe:33:72:42:d1:33:28:06:97:bd:c5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan 25 15:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23d2041298e961056a5e7f2cd0b14f32ef9ef14b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bb:ef:a5:72:10:f7:e0:ee:45:7c:fb:6b:7d:
                    52:f9:5c:ca:90:76:68:34:35:d8:74:d1:97:b0:2d:
                    b0:29:2b:5c:0b:c2:ed:eb:2a:fb:06:fe:2a:89:21:
                    fc:0b:72:ab:39:d1:78:3d:65:b7:d9:49:e7:0c:99:
                    60:2c:07:cb:05:19:f7:0e:8e:82:3c:53:36:a8:dd:
                    1a:9c:bc:d9:40:47:0e:9e:75:2e:75:0f:44:76:68:
                    9d:e2:a7:c8:67:8b:03:a8:3e:a5:73:df:5b:6b:7e:
                    30:ce:5c:1e:22:9e:6b:f7:84:05:40:78:4d:26:02:
                    10:9b:2b:dc:63:e8:58:e1:68:83:4f:56:cc:f8:e5:
                    d6:95:87:1b:ff:22:4c:c8:63:86:db:1c:17:52:30:
                    d9:b1:31:04:00:59:08:9d:4f:36:cf:1f:39:ba:aa:
                    bf:d6:29:79:21:5e:58:35:ed:19:09:67:82:13:77:
                    ce:9b:89:e1:0e:8a:e1:52:25:aa:83:f9:1f:51:64:
                    18:67:e4:b7:06:00:5c:01:5e:82:74:30:fb:0f:0d:
                    eb:c0:f4:97:6f:6f:8f:95:7a:06:fb:72:96:a6:60:
                    4f:dc:44:c9:11:c5:92:19:53:31:be:13:4f:d5:68:
                    11:77:bd:54:7c:e8:d3:15:b9:54:c5:20:e9:b5:d3:
                    6e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D2:04:12:98:E9:61:05:6A:5E:7F:2C:D0:B1:4F:32:EF:9E:F1:4B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/I9IEEpjpYQVqXn8s0LFPMu-e8Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.135.0/24
                  163.5.175.0/24
                  163.5.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:e6:9b:6e:a6:9f:6f:b0:32:7b:52:28:91:95:93:df:c5:06:
         fb:26:67:ac:fd:c4:14:68:91:f9:26:78:f6:ed:e8:09:6e:b6:
         8d:ee:4d:d6:07:6c:81:8a:0b:7a:9c:fa:0f:27:07:37:d4:c5:
         4d:89:fe:9c:18:65:28:0c:45:fd:b2:0a:59:34:64:bd:01:33:
         3d:18:d9:db:55:06:6a:ee:db:20:6c:21:bd:d7:90:04:2a:32:
         22:ea:92:8d:6c:8f:f5:f6:bd:52:8d:3b:07:5e:d1:bf:ad:ba:
         63:77:7f:60:bd:0b:d0:eb:28:e4:10:49:bf:31:b0:f9:93:57:
         8c:1a:4c:62:5a:64:33:f1:20:bb:48:e2:ea:af:4c:44:2d:1f:
         5b:52:ac:f0:71:c3:33:b0:47:48:c9:5e:79:3a:ee:6b:09:30:
         2b:35:8a:98:ee:e9:f4:00:96:4f:d5:6d:5f:42:8a:19:2f:fd:
         50:54:7f:ac:72:b2:70:21:90:3d:d7:4e:92:56:04:0a:a8:37:
         90:97:fd:93:df:53:35:79:eb:81:0c:96:8e:2a:30:70:8d:ba:
         71:86:05:49:e7:b8:49:9f:a6:fc:d2:82:94:9f:61:12:06:05:
         f3:01:3e:88:b8:4f:77:e2:ca:c5:bc:e7:ef:70:ba:6e:b4:30:
         f7:51:4f:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1BLbhb/jNyQtEzKAaXvcWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTI1MTUxMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2QyMDQxMjk4ZTk2MTA1NmE1ZTdmMmNkMGIxNGYzMmVmOWVmMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbvvpXIQ9+DuRXz7a31S+VzKkHZo
NDXYdNGXsC2wKStcC8Lt6yr7Bv4qiSH8C3KrOdF4PWW32UnnDJlgLAfLBRn3Do6C
PFM2qN0anLzZQEcOnnUudQ9Edmid4qfIZ4sDqD6lc99ba34wzlweIp5r94QFQHhN
JgIQmyvcY+hY4WiDT1bM+OXWlYcb/yJMyGOG2xwXUjDZsTEEAFkInU82zx85uqq/
1il5IV5YNe0ZCWeCE3fOm4nhDorhUiWqg/kfUWQYZ+S3BgBcAV6CdDD7Dw3rwPSX
b2+PlXoG+3KWpmBP3ETJEcWSGVMxvhNP1WgRd71UfOjTFblUxSDptdNuWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCPSBBKY6WEFal5/LNCxTzLvnvFLMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSTlJRUVwanBZUVZxWG44czBMRlBNdS1lOFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowWHAwQA
owWvAwQAowXRMA0GCSqGSIb3DQEBCwUAA4IBAQBc5ptupp9vsDJ7UiiRlZPfxQb7
Jmes/cQUaJH5Jnj27egJbraN7k3WB2yBigt6nPoPJwc31MVNif6cGGUoDEX9sgpZ
NGS9ATM9GNnbVQZq7tsgbCG915AEKjIi6pKNbI/19r1SjTsHXtG/rbpjd39gvQvQ
6yjkEEm/MbD5k1eMGkxiWmQz8SC7SOLqr0xELR9bUqzwccMzsEdIyV55Ou5rCTAr
NYqY7un0AJZP1W1fQooZL/1QVH+scrJwIZA9106SVgQKqDeQl/2T31M1eeuBDJaO
KjBwjbpxhgVJ57hJn6b80oKUn2ESBgXzAT6IuE934srFvOfvcLputDD3UU8I
-----END CERTIFICATE-----