Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/K9MvOlT8jbGsySOz_hvO694i9R0.roa
File:                     K9MvOlT8jbGsySOz_hvO694i9R0.roa (raw, json)
Hash identifier:          475tPzIYTVOcG2idVagHiV52aOGVx2yYLZhS7Oa3bxI=
Subject key identifier:   2B:D3:2F:3A:54:FC:8D:B1:AC:C9:23:B3:FE:1B:CE:EB:DE:22:F5:1D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A351C46E5259D14B9D52A5B47C38C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/K9MvOlT8jbGsySOz_hvO694i9R0.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60949
IP address blocks:        163.5.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:35:1c:46:e5:25:9d:14:b9:d5:2a:5b:47:c3:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bd32f3a54fc8db1acc923b3fe1bceebde22f51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2b:47:f9:3e:d3:58:20:eb:a1:f1:7c:12:18:
                    a3:99:65:d0:53:65:c3:58:a3:48:c5:65:34:ef:df:
                    84:ec:19:34:c4:75:9e:4b:9c:87:93:61:cf:db:60:
                    e1:a3:14:ca:46:cf:9b:cd:61:5a:e1:69:3f:28:9a:
                    a1:2f:e7:da:91:e7:98:a4:82:f9:74:8a:63:85:40:
                    14:ee:63:62:f2:11:60:a6:bb:d5:01:49:71:38:fe:
                    60:a9:68:2c:f0:60:53:89:60:f3:6a:9e:ba:77:90:
                    08:3d:da:69:46:98:0b:e6:95:ff:20:32:b7:98:3e:
                    88:47:78:e8:84:dd:fa:68:98:9b:f3:10:65:30:47:
                    c1:fc:0e:fa:9e:e4:3a:56:c1:54:8d:df:fb:01:33:
                    e2:57:72:6e:c2:0d:94:59:e7:8f:43:1c:94:59:b8:
                    29:f5:00:40:a7:a7:18:4d:1c:fb:c9:6f:88:d1:16:
                    b6:76:27:77:41:b3:f4:b9:b1:05:b9:c9:e7:e1:f4:
                    0e:8e:85:a4:bb:41:93:cc:ad:d1:3b:38:f4:61:96:
                    56:a2:f0:c3:67:b5:5a:6b:9f:1b:c3:b9:e5:97:e4:
                    f9:0b:f2:b2:c0:b0:a0:c0:06:c1:af:2d:c9:bc:71:
                    38:4e:6d:50:5d:05:4a:09:f2:ec:75:70:9e:6b:bd:
                    ed:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D3:2F:3A:54:FC:8D:B1:AC:C9:23:B3:FE:1B:CE:EB:DE:22:F5:1D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/K9MvOlT8jbGsySOz_hvO694i9R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:f9:dd:c9:49:a9:24:29:47:02:e4:ff:3c:5b:28:8c:6f:84:
         16:fe:5a:f4:74:f7:09:1c:0e:05:93:04:26:62:3e:c0:a4:b9:
         c1:46:74:70:e9:ff:66:aa:a8:7a:18:ee:a1:b9:82:da:81:6d:
         d4:b8:ae:32:d5:59:99:ad:82:69:e2:58:11:97:30:8d:8a:53:
         43:78:99:a2:8b:eb:6e:06:33:ee:2e:97:ab:f9:ef:f7:04:7b:
         bb:57:55:03:2b:51:8d:b8:c9:f3:c3:23:3d:79:e9:5c:7b:02:
         f2:05:09:a8:62:9d:3f:76:30:52:ef:bd:c2:5d:5e:90:ff:bb:
         23:79:3e:4a:33:5e:99:2e:d8:49:43:ba:5b:f9:9f:55:6c:cd:
         b6:d1:d4:e4:9f:b4:88:ee:d0:1f:52:80:b8:f6:95:35:31:4d:
         d4:f7:6c:1b:74:53:bd:a2:45:3f:4f:27:40:f4:cf:a7:58:fb:
         ec:b2:94:6b:a6:f0:b2:b4:00:90:7f:d9:cc:0e:dc:e7:0e:e1:
         6a:ca:0a:3f:ea:00:1e:6d:5a:6c:78:9f:92:29:b5:e6:0b:00:
         fc:d1:22:1a:a4:5c:95:e0:96:89:e0:70:4a:1c:1c:06:89:5e:
         21:4d:67:85:de:87:b9:e0:cf:76:06:af:17:d0:9a:f5:84:a9:
         0c:c2:fb:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajUcRuUlnRS51SpbR8OMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQzMmYzYTU0ZmM4ZGIxYWNjOTIzYjNmZTFiY2VlYmRlMjJmNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCtH+T7TWCDrofF8EhijmWXQU2XD
WKNIxWU079+E7Bk0xHWeS5yHk2HP22DhoxTKRs+bzWFa4Wk/KJqhL+fakeeYpIL5
dIpjhUAU7mNi8hFgprvVAUlxOP5gqWgs8GBTiWDzap66d5AIPdppRpgL5pX/IDK3
mD6IR3johN36aJib8xBlMEfB/A76nuQ6VsFUjd/7ATPiV3Juwg2UWeePQxyUWbgp
9QBAp6cYTRz7yW+I0Ra2did3QbP0ubEFucnn4fQOjoWku0GTzK3ROzj0YZZWovDD
Z7Vaa58bw7nll+T5C/KywLCgwAbBry3JvHE4Tm1QXQVKCfLsdXCea73tDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvTLzpU/I2xrMkjs/4bzuveIvUdMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSzlNdk9sVDhqYkdzeVNPel9odk82OTRpOVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXFMA0G
CSqGSIb3DQEBCwUAA4IBAQCk+d3JSakkKUcC5P88WyiMb4QW/lr0dPcJHA4FkwQm
Yj7ApLnBRnRw6f9mqqh6GO6huYLagW3UuK4y1VmZrYJp4lgRlzCNilNDeJmii+tu
BjPuLper+e/3BHu7V1UDK1GNuMnzwyM9eelcewLyBQmoYp0/djBS773CXV6Q/7sj
eT5KM16ZLthJQ7pb+Z9VbM220dTkn7SI7tAfUoC49pU1MU3U92wbdFO9okU/TydA
9M+nWPvsspRrpvCytACQf9nMDtznDuFqygo/6gAebVpseJ+SKbXmCwD80SIapFyV
4JaJ4HBKHBwGiV4hTWeF3oe54M92Bq8X0Jr1hKkMwvvc
-----END CERTIFICATE-----