Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/R8jpt2kGRL9bflzuYNFmwF0hNn4.roa
File:                     R8jpt2kGRL9bflzuYNFmwF0hNn4.roa (raw, json)
Hash identifier:          tz7kjd5UWGZ7MV3n97kjl7ohVOy0te9CdYiD+Urim84=
Subject key identifier:   47:C8:E9:B7:69:06:44:BF:5B:7E:5C:EE:60:D1:66:C0:5D:21:36:7E
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A41A12A634920DDBEB2A08E489FB8
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/R8jpt2kGRL9bflzuYNFmwF0hNn4.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205091
IP address blocks:        163.5.172.0/24 maxlen: 24
                          163.5.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:41:a1:2a:63:49:20:dd:be:b2:a0:8e:48:9f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47c8e9b7690644bf5b7e5cee60d166c05d21367e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:34:ee:d6:23:93:da:c8:55:b8:1f:a8:aa:17:
                    b8:c5:bb:7a:33:57:f1:a4:4f:43:e3:31:89:59:66:
                    16:78:09:3c:d5:d9:2d:ee:21:e9:f4:02:c8:37:73:
                    b6:de:3f:f4:17:1b:7a:a1:3d:c2:4f:ba:e9:14:a4:
                    65:67:78:c8:7a:e6:66:49:52:9f:82:bc:ba:be:72:
                    0d:30:9c:16:63:0e:03:93:93:06:69:d7:21:c5:3a:
                    01:1d:0b:af:97:2e:21:bb:28:da:d7:46:55:ba:08:
                    1e:92:33:b0:d6:50:dd:b4:76:0e:eb:3e:6e:b3:90:
                    66:2e:0e:a8:28:91:b7:06:1d:ed:cd:19:95:3f:a3:
                    d7:f8:21:4e:eb:5c:c0:b5:a3:17:47:82:22:26:11:
                    1e:9b:c5:c3:5a:c2:0a:f7:30:49:78:38:b9:14:a4:
                    c6:2a:7e:ea:c2:7f:98:2c:36:64:73:5f:27:3f:74:
                    b4:0f:ee:c1:7d:e3:13:26:70:c1:2c:9c:2e:40:df:
                    31:7c:5a:c5:c5:9d:e8:04:05:a2:f7:5f:5e:e1:71:
                    30:a5:e2:62:07:26:34:f3:be:be:62:c0:25:27:b3:
                    f3:55:88:e3:55:f6:08:45:36:e9:d7:5c:58:9c:ce:
                    01:26:65:15:62:8e:8a:32:8d:48:c7:b5:f9:35:2d:
                    57:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C8:E9:B7:69:06:44:BF:5B:7E:5C:EE:60:D1:66:C0:5D:21:36:7E
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/R8jpt2kGRL9bflzuYNFmwF0hNn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.172.0/24
                  163.5.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:fc:2d:d3:4a:e0:9e:cc:e7:ca:dd:2c:e7:dd:a8:fa:16:cf:
         fd:20:d1:f9:1c:eb:58:2a:dc:07:54:74:f0:cd:da:32:d8:90:
         3b:64:37:ae:6c:1c:17:4c:14:3d:45:9a:69:ff:39:53:60:8c:
         90:6f:fd:e2:77:1a:bc:83:5a:5e:42:25:8d:cf:01:db:5f:1a:
         01:23:e9:24:f2:d2:99:7e:5e:5f:da:a7:c5:eb:84:c8:9f:19:
         55:95:b1:0b:40:f5:ae:09:20:fa:69:56:c1:6d:c3:64:35:33:
         b4:bf:a6:bf:7b:86:10:9a:df:3c:5a:b0:63:cc:c7:b6:25:0a:
         eb:88:fc:42:d5:cf:9a:b8:2a:57:df:e7:da:76:30:87:76:d8:
         88:bb:72:3e:60:68:aa:46:d0:30:89:70:f5:17:32:e2:60:53:
         15:04:f9:6c:79:1d:49:ab:e0:dd:0e:a1:b4:47:70:85:19:ab:
         0e:59:bc:7d:d8:f3:14:cf:65:19:d8:05:3a:3c:a1:48:b6:7b:
         d0:4b:34:aa:e8:b8:e8:b5:58:12:ac:13:77:cb:83:6b:0f:fb:
         e7:7f:71:fa:4c:ef:7b:be:4c:d1:99:25:06:07:76:6f:0f:44:
         ba:d4:f5:ba:91:b6:d6:5d:9f:9a:a0:d0:f6:e2:6f:73:6f:ca:
         64:87:f6:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjakGhKmNJIN2+sqCOSJ+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2M4ZTliNzY5MDY0NGJmNWI3ZTVjZWU2MGQxNjZjMDVkMjEzNjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjTu1iOT2shVuB+oqhe4xbt6M1fx
pE9D4zGJWWYWeAk81dkt7iHp9ALIN3O23j/0Fxt6oT3CT7rpFKRlZ3jIeuZmSVKf
gry6vnINMJwWYw4Dk5MGadchxToBHQuvly4huyja10ZVuggekjOw1lDdtHYO6z5u
s5BmLg6oKJG3Bh3tzRmVP6PX+CFO61zAtaMXR4IiJhEem8XDWsIK9zBJeDi5FKTG
Kn7qwn+YLDZkc18nP3S0D+7BfeMTJnDBLJwuQN8xfFrFxZ3oBAWi919e4XEwpeJi
ByY0876+YsAlJ7PzVYjjVfYIRTbp11xYnM4BJmUVYo6KMo1Ix7X5NS1XOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEfI6bdpBkS/W35c7mDRZsBdITZ+MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUjhqcHQya0dSTDliZmx6dVlORm13RjBoTm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowWsAwQA
owW8MA0GCSqGSIb3DQEBCwUAA4IBAQBm/C3TSuCezOfK3Szn3aj6Fs/9INH5HOtY
KtwHVHTwzdoy2JA7ZDeubBwXTBQ9RZpp/zlTYIyQb/3idxq8g1peQiWNzwHbXxoB
I+kk8tKZfl5f2qfF64TInxlVlbELQPWuCSD6aVbBbcNkNTO0v6a/e4YQmt88WrBj
zMe2JQrriPxC1c+auCpX3+fadjCHdtiIu3I+YGiqRtAwiXD1FzLiYFMVBPlseR1J
q+DdDqG0R3CFGasOWbx92PMUz2UZ2AU6PKFItnvQSzSq6LjotVgSrBN3y4NrD/vn
f3H6TO97vkzRmSUGB3ZvD0S61PW6kbbWXZ+aoND24m9zb8pkh/YT
-----END CERTIFICATE-----