Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YtVBwP_tjs6dXAJZ8bsGURdII9I.roa
File:                     YtVBwP_tjs6dXAJZ8bsGURdII9I.roa (raw, json)
Hash identifier:          d06WJbu6mZ4RfBsJ5f8Oi1aM+N9NjGNTstwqwjqQ+mQ=
Subject key identifier:   62:D5:41:C0:FF:ED:8E:CE:9D:5C:02:59:F1:BB:06:51:17:48:23:D2
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A24D45648D70518342BCB6A110E86
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YtVBwP_tjs6dXAJZ8bsGURdII9I.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        163.5.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:24:d4:56:48:d7:05:18:34:2b:cb:6a:11:0e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62d541c0ffed8ece9d5c0259f1bb0651174823d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:30:41:9b:4e:08:9f:d3:2c:5e:d6:2f:56:fa:
                    c0:4b:05:46:55:e7:a4:68:67:26:cb:99:62:5f:de:
                    1a:e9:dd:85:14:4a:d3:0c:06:fa:69:be:58:b7:44:
                    e4:69:a2:c9:04:f4:8b:6b:93:cd:2a:58:8b:96:72:
                    46:97:21:a0:fa:3e:c0:c2:ef:d8:22:6c:08:f2:9b:
                    f8:18:40:5d:85:5b:fe:93:de:1e:87:66:fd:b6:6f:
                    67:75:02:1b:28:55:92:3a:51:65:ae:fe:d8:ca:7a:
                    ad:e9:c0:c7:55:bd:af:7c:ab:f8:45:7d:3b:0a:d7:
                    0f:c1:19:75:36:40:80:62:c5:19:6a:8f:38:83:57:
                    44:b0:6e:62:3e:04:15:b7:82:cb:b2:f5:62:25:b1:
                    24:94:f4:09:c9:3e:ff:3d:51:18:a6:d7:56:c5:a1:
                    ea:2b:7c:d5:6d:11:aa:04:dc:37:42:c8:da:77:7d:
                    1f:82:1c:60:89:66:b0:99:b6:aa:c4:e5:70:8d:e7:
                    41:28:22:56:68:5d:eb:7f:0b:57:41:d0:a1:5f:a2:
                    80:87:85:c6:01:83:2e:8c:91:9d:11:b7:0e:69:ca:
                    93:47:61:f9:ba:25:7a:e7:31:f6:7b:0f:91:0d:c0:
                    45:e8:df:7f:fb:08:d5:13:30:b2:0e:93:7a:34:c8:
                    39:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D5:41:C0:FF:ED:8E:CE:9D:5C:02:59:F1:BB:06:51:17:48:23:D2
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YtVBwP_tjs6dXAJZ8bsGURdII9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:cc:bf:93:d5:7e:04:c4:5c:58:db:4f:1b:3a:64:63:8c:a2:
         3b:3f:b9:b0:81:83:12:0f:2a:90:f2:e8:df:21:73:b5:d2:e9:
         43:e3:87:aa:50:6d:d7:c4:47:80:7a:37:e5:b6:bb:10:bc:ce:
         28:58:3f:35:b4:0c:94:9e:d4:8e:94:6d:34:b1:e8:86:36:6c:
         bc:b8:26:0a:a6:71:ed:df:d1:13:01:3b:8c:a0:1e:c0:ed:1f:
         92:89:65:e0:03:94:2d:53:68:34:63:0b:17:54:9b:f2:f2:e3:
         e6:1d:63:f2:3b:78:c3:fb:05:fb:6d:29:e0:a4:26:6a:6e:d7:
         e2:2a:38:93:be:59:39:37:6d:ff:42:06:81:03:46:c2:92:86:
         1d:9b:54:0e:b9:9d:bd:65:19:7d:d2:22:a8:b4:a1:4f:96:57:
         22:f4:ec:51:fc:1d:bd:74:f8:68:c5:46:4c:c8:4b:36:66:76:
         ee:81:21:a7:f7:e1:b8:8d:96:d2:43:46:c0:f0:3e:58:78:5d:
         81:56:50:cf:cb:4b:77:7c:6f:9e:80:ae:b5:a9:5e:6d:b2:88:
         73:67:f3:70:59:ab:bb:0c:ba:7b:82:82:ab:85:fb:33:aa:b2:
         35:9c:af:3b:16:dc:a2:d0:0f:91:fa:4b:31:cb:02:ab:2b:5c:
         4e:d3:3b:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiTUVkjXBRg0K8tqEQ6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmQ1NDFjMGZmZWQ4ZWNlOWQ1YzAyNTlmMWJiMDY1MTE3NDgyM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TBBm04In9MsXtYvVvrASwVGVeek
aGcmy5liX94a6d2FFErTDAb6ab5Yt0TkaaLJBPSLa5PNKliLlnJGlyGg+j7Awu/Y
ImwI8pv4GEBdhVv+k94eh2b9tm9ndQIbKFWSOlFlrv7Yynqt6cDHVb2vfKv4RX07
CtcPwRl1NkCAYsUZao84g1dEsG5iPgQVt4LLsvViJbEklPQJyT7/PVEYptdWxaHq
K3zVbRGqBNw3Qsjad30fghxgiWawmbaqxOVwjedBKCJWaF3rfwtXQdChX6KAh4XG
AYMujJGdEbcOacqTR2H5uiV65zH2ew+RDcBF6N9/+wjVEzCyDpN6NMg5FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLVQcD/7Y7OnVwCWfG7BlEXSCPSMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWXRWQndQX3RqczZkWEFKWjhic0dVUmRJSTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowV8MA0G
CSqGSIb3DQEBCwUAA4IBAQAlzL+T1X4ExFxY208bOmRjjKI7P7mwgYMSDyqQ8ujf
IXO10ulD44eqUG3XxEeAejfltrsQvM4oWD81tAyUntSOlG00seiGNmy8uCYKpnHt
39ETATuMoB7A7R+SiWXgA5QtU2g0YwsXVJvy8uPmHWPyO3jD+wX7bSngpCZqbtfi
KjiTvlk5N23/QgaBA0bCkoYdm1QOuZ29ZRl90iKotKFPllci9OxR/B29dPhoxUZM
yEs2ZnbugSGn9+G4jZbSQ0bA8D5YeF2BVlDPy0t3fG+egK61qV5tsohzZ/NwWau7
DLp7goKrhfszqrI1nK87Ftyi0A+R+ksxywKrK1xO0zvo
-----END CERTIFICATE-----