Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UZxmfGf7clubtAJfJIAJC9QRurE.roa
File:                     UZxmfGf7clubtAJfJIAJC9QRurE.roa (raw, json)
Hash identifier:          REjEWf6af7WGh9/4IfqZzY6hQfJey+ebFw/f8zBBqzo=
Subject key identifier:   51:9C:66:7C:67:FB:72:5B:9B:B4:02:5F:24:80:09:0B:D4:11:BA:B1
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018EF56CB578632ED25A6AF44CD3DD068688
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UZxmfGf7clubtAJfJIAJC9QRurE.roa
Signing time:             Fri 19 Apr 2024 08:15:25 +0000
ROA not before:           Fri 19 Apr 2024 08:15:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29066
IP address blocks:        163.5.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:6c:b5:78:63:2e:d2:5a:6a:f4:4c:d3:dd:06:86:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 19 08:15:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=519c667c67fb725b9bb4025f2480090bd411bab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b8:51:57:45:71:75:ec:ea:66:d9:23:5b:e7:
                    39:4a:c2:ad:b4:4b:b3:b1:a4:7e:67:d5:3c:40:3b:
                    f7:da:fc:51:02:ae:44:55:57:6c:3c:a4:8c:ba:25:
                    98:7b:cf:ca:7e:bd:6d:ac:1b:da:bf:b9:2f:a8:74:
                    68:54:3c:9d:17:93:e1:8f:68:44:f7:1e:63:e8:ff:
                    bd:d6:ce:c7:e1:d1:3a:bc:ce:72:90:11:90:aa:35:
                    d3:52:6f:40:f4:85:9e:f1:09:9a:d7:73:dc:f3:b0:
                    ff:2b:9a:25:a7:e0:71:d0:1b:68:fb:e9:60:46:74:
                    e6:d9:e8:52:0e:34:84:93:1a:c1:61:e6:d7:d9:56:
                    f8:34:0f:58:be:3c:51:bd:34:c0:b7:f2:b1:56:9a:
                    19:f8:61:bd:a5:6f:84:e6:20:b9:ae:75:21:fd:90:
                    ed:ed:4a:57:50:ef:7e:29:2f:80:77:63:97:76:98:
                    96:3d:05:21:45:0c:75:79:7c:20:c6:2b:02:72:9d:
                    16:88:79:c5:ba:64:75:cf:c9:dd:66:56:7c:d8:cc:
                    8d:28:d0:e2:0d:9d:bd:0d:02:48:63:30:35:3e:0e:
                    8d:ed:55:94:1e:3d:28:67:9a:f7:26:7b:25:05:5a:
                    b9:b4:b0:12:fe:d1:3d:90:23:ce:e3:a1:0b:4f:43:
                    45:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9C:66:7C:67:FB:72:5B:9B:B4:02:5F:24:80:09:0B:D4:11:BA:B1
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UZxmfGf7clubtAJfJIAJC9QRurE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:33:23:31:f0:68:86:17:d5:8c:54:cd:0b:eb:66:2f:1e:56:
         48:21:59:0a:b2:74:dc:3e:d8:4c:97:90:37:7d:ea:88:75:28:
         87:0a:2b:e1:3f:95:ab:39:1c:ee:54:6f:77:8d:93:ae:81:99:
         d9:db:d2:d1:15:76:25:64:70:da:8f:da:da:24:88:9a:13:32:
         4b:8f:f8:64:44:9b:b0:59:d9:9c:1f:2d:64:3f:1e:17:ab:a8:
         b0:30:75:aa:7d:4a:ef:73:41:4b:3b:b7:fc:9a:07:96:ec:25:
         5f:76:f4:eb:8c:d4:91:3d:d9:36:d0:a1:81:65:0b:3e:60:28:
         4d:42:23:b2:d8:43:03:16:19:3a:0a:00:af:fe:46:0a:f5:96:
         ec:11:18:2d:77:60:1b:b3:54:46:f9:4b:8a:c3:5d:81:63:c1:
         ed:5d:59:ea:fa:c0:ac:be:33:54:c3:fb:42:15:be:ed:c5:ba:
         86:8f:1d:d2:58:4c:0a:49:4f:30:6a:3b:37:0b:06:dd:9d:c4:
         a1:7d:10:07:2e:c2:00:e4:74:af:ce:8d:45:99:91:57:4b:e2:
         67:c8:0a:1c:74:39:3d:35:c0:63:0a:2e:14:2a:86:f0:87:5d:
         a6:86:5e:0e:62:c5:ba:e0:17:6d:98:07:12:44:61:18:28:8a:
         ed:60:98:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY71bLV4Yy7SWmr0TNPdBoaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNDE5MDgxNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTljNjY3YzY3ZmI3MjViOWJiNDAyNWYyNDgwMDkwYmQ0MTFiYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrhRV0VxdezqZtkjW+c5SsKttEuz
saR+Z9U8QDv32vxRAq5EVVdsPKSMuiWYe8/Kfr1trBvav7kvqHRoVDydF5Phj2hE
9x5j6P+91s7H4dE6vM5ykBGQqjXTUm9A9IWe8Qma13Pc87D/K5olp+Bx0Bto++lg
RnTm2ehSDjSEkxrBYebX2Vb4NA9YvjxRvTTAt/KxVpoZ+GG9pW+E5iC5rnUh/ZDt
7UpXUO9+KS+Ad2OXdpiWPQUhRQx1eXwgxisCcp0WiHnFumR1z8ndZlZ82MyNKNDi
DZ29DQJIYzA1Pg6N7VWUHj0oZ5r3JnslBVq5tLAS/tE9kCPO46ELT0NFgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGcZnxn+3Jbm7QCXySACQvUEbqxMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVVp4bWZHZjdjbHVidEFKZkpJQUpDOVFSdXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXTMA0G
CSqGSIb3DQEBCwUAA4IBAQCBMyMx8GiGF9WMVM0L62YvHlZIIVkKsnTcPthMl5A3
feqIdSiHCivhP5WrORzuVG93jZOugZnZ29LRFXYlZHDaj9raJIiaEzJLj/hkRJuw
WdmcHy1kPx4Xq6iwMHWqfUrvc0FLO7f8mgeW7CVfdvTrjNSRPdk20KGBZQs+YChN
QiOy2EMDFhk6CgCv/kYK9ZbsERgtd2Abs1RG+UuKw12BY8HtXVnq+sCsvjNUw/tC
Fb7txbqGjx3SWEwKSU8wajs3CwbdncShfRAHLsIA5HSvzo1FmZFXS+JnyAocdDk9
NcBjCi4UKobwh12mhl4OYsW64BdtmAcSRGEYKIrtYJhY
-----END CERTIFICATE-----