Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cV2r4jA40PY9QqrvhCnGSYziLpw.roa
File:                     cV2r4jA40PY9QqrvhCnGSYziLpw.roa (raw, json)
Hash identifier:          K4t8oxBuG1VObwQlFjYa3yZddHKyS+0AmtV7vya8Or8=
Subject key identifier:   71:5D:AB:E2:30:38:D0:F6:3D:42:AA:EF:84:29:C6:49:8C:E2:2E:9C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4255D1ACCD802ED8F2373838DBBE5C0
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cV2r4jA40PY9QqrvhCnGSYziLpw.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     132825
IP address blocks:        163.5.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:1a:cc:d8:02:ed:8f:23:73:83:8d:bb:e5:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=715dabe23038d0f63d42aaef8429c6498ce22e9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3e:fd:0e:33:12:aa:63:00:7e:20:e5:8e:35:
                    9e:91:1b:51:85:30:5a:a5:32:dd:1f:a1:db:15:d6:
                    de:ed:c2:a5:6d:c8:63:99:3c:be:f6:11:43:af:58:
                    73:7f:7e:41:61:45:8d:e6:db:20:27:09:c9:5a:52:
                    9b:54:35:e7:52:24:54:72:17:95:fa:cc:41:d9:52:
                    d4:73:fd:2f:70:d5:b6:97:70:b4:5c:1b:d6:62:4f:
                    5c:af:ff:6a:42:a2:a8:84:af:75:e8:9b:9d:f2:6d:
                    e7:7c:ec:e1:16:fe:85:71:db:03:23:93:ed:00:37:
                    63:cd:d6:04:d6:0e:c4:52:e2:e8:84:51:50:95:69:
                    05:93:94:e7:a8:56:0a:b9:aa:e1:d0:8f:18:c5:1c:
                    7d:93:67:64:c3:32:a6:a6:49:4c:ee:6a:2d:96:10:
                    df:c5:9e:c7:78:e9:1d:07:47:13:8b:30:cf:19:67:
                    66:f4:7f:b5:66:ac:dd:08:ba:aa:93:b6:24:10:0f:
                    67:df:a5:e9:83:b8:5a:b5:7b:44:07:33:b9:52:6c:
                    65:8f:8b:c4:93:79:20:64:d9:24:83:0d:6a:45:12:
                    ca:13:3c:18:1a:26:50:41:82:54:11:fc:47:58:17:
                    fd:89:00:16:23:f6:56:82:a8:13:1d:ee:24:ea:45:
                    f1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:5D:AB:E2:30:38:D0:F6:3D:42:AA:EF:84:29:C6:49:8C:E2:2E:9C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cV2r4jA40PY9QqrvhCnGSYziLpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:c3:ef:83:7b:a5:5b:02:05:55:c6:c5:87:bf:c4:99:86:7f:
         59:a2:a8:b4:ee:85:05:4b:bd:c1:07:a1:26:28:f7:4e:f7:d5:
         4c:6d:ed:16:da:b4:20:e5:e5:f5:3c:6a:6a:24:bd:4c:09:4a:
         f7:28:7e:64:75:ee:2d:c8:8d:71:f3:00:62:c5:31:25:5b:4b:
         d8:37:b2:63:97:3a:42:c4:e3:7f:a6:f4:24:3d:2c:9c:d3:c6:
         a4:46:02:b1:ee:29:39:68:3c:5f:ce:04:8e:0b:3a:b9:31:55:
         57:fa:b5:83:1d:04:12:5f:58:2d:93:fa:3d:8f:b5:dc:08:4e:
         69:c2:95:4e:36:19:ee:5b:4c:ec:22:57:15:b6:da:37:12:96:
         52:d6:a1:f5:fd:22:95:36:a8:55:5c:49:8c:f9:6a:a9:1f:21:
         be:15:45:58:98:ca:ad:e3:7a:f6:05:6c:96:8b:24:be:7f:d2:
         c7:80:87:84:07:0a:b1:ad:7a:60:bf:25:48:a3:f0:7e:1c:82:
         25:76:c8:ac:ef:ee:9f:6a:65:b2:9e:3d:68:a4:8f:85:e6:39:
         11:04:27:73:61:de:b7:36:a5:07:8e:ed:6c:6a:79:82:c3:f8:
         34:30:dc:3c:6d:3d:c7:3b:96:f6:c6:06:57:82:72:45:0f:b4:
         e4:9e:b9:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV0azNgC7Y8jc4ONu+XAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTVkYWJlMjMwMzhkMGY2M2Q0MmFhZWY4NDI5YzY0OThjZTIyZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0D79DjMSqmMAfiDljjWekRtRhTBa
pTLdH6HbFdbe7cKlbchjmTy+9hFDr1hzf35BYUWN5tsgJwnJWlKbVDXnUiRUcheV
+sxB2VLUc/0vcNW2l3C0XBvWYk9cr/9qQqKohK916Jud8m3nfOzhFv6FcdsDI5Pt
ADdjzdYE1g7EUuLohFFQlWkFk5TnqFYKuarh0I8YxRx9k2dkwzKmpklM7motlhDf
xZ7HeOkdB0cTizDPGWdm9H+1ZqzdCLqqk7YkEA9n36Xpg7hatXtEBzO5Umxlj4vE
k3kgZNkkgw1qRRLKEzwYGiZQQYJUEfxHWBf9iQAWI/ZWgqgTHe4k6kXxYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFdq+IwOND2PUKq74QpxkmM4i6cMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvY1YycjRqQTQwUFk5UXFydmhDbkdTWXppTHB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVGMA0G
CSqGSIb3DQEBCwUAA4IBAQBRw++De6VbAgVVxsWHv8SZhn9Zoqi07oUFS73BB6Em
KPdO99VMbe0W2rQg5eX1PGpqJL1MCUr3KH5kde4tyI1x8wBixTElW0vYN7JjlzpC
xON/pvQkPSyc08akRgKx7ik5aDxfzgSOCzq5MVVX+rWDHQQSX1gtk/o9j7XcCE5p
wpVONhnuW0zsIlcVtto3EpZS1qH1/SKVNqhVXEmM+WqpHyG+FUVYmMqt43r2BWyW
iyS+f9LHgIeEBwqxrXpgvyVIo/B+HIIldsis7+6famWynj1opI+F5jkRBCdzYd63
NqUHju1sanmCw/g0MNw8bT3HO5b2xgZXgnJFD7TknrnL
-----END CERTIFICATE-----