Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cdfGgcndvACG6GEF5XrTDoO7gfw.roa
File:                     cdfGgcndvACG6GEF5XrTDoO7gfw.roa (raw, json)
Hash identifier:          NlYoW47ITXvowAHXSZCWwLSI2n8LsN2T2iP+eNSXOvY=
Subject key identifier:   71:D7:C6:81:C9:DD:BC:00:86:E8:61:05:E5:7A:D3:0E:83:BB:81:FC
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC42560DC36EA4FEE2EB9B99D2A701F12
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cdfGgcndvACG6GEF5XrTDoO7gfw.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200131
IP address blocks:        163.5.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:60:dc:36:ea:4f:ee:2e:b9:b9:9d:2a:70:1f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d7c681c9ddbc0086e86105e57ad30e83bb81fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0d:80:f0:82:8b:5d:e2:96:82:aa:e5:c3:fd:
                    13:5e:c7:01:b7:6a:2a:cf:64:91:9f:52:78:d9:16:
                    cb:f9:c0:0a:66:17:1e:e0:b6:b7:a4:8e:b9:3d:81:
                    ec:50:53:4e:5e:84:a4:3e:dd:f5:10:1f:7b:5e:7f:
                    a2:31:c3:2e:49:19:ee:b8:6d:32:fe:4c:d0:c8:ad:
                    ad:13:cb:07:e6:62:d0:fb:57:ca:0d:5c:04:03:bf:
                    87:31:a3:fb:87:44:27:21:03:c9:38:57:73:fc:1d:
                    3e:f5:6c:5b:d4:c2:55:66:aa:6f:ef:24:a1:9b:61:
                    27:46:f7:5c:f7:a7:8d:49:5f:de:f5:12:61:07:87:
                    99:1a:7c:0e:c7:e7:ce:5a:74:00:d1:7a:d4:0f:a5:
                    60:6c:f2:c9:71:ac:48:5f:b8:93:fa:ad:b1:34:6b:
                    8c:4a:4c:5e:a5:46:08:23:44:d7:28:04:98:1c:ce:
                    fb:d6:10:1c:e2:a7:58:35:97:f7:ed:c9:6e:d7:9a:
                    07:65:e0:33:bd:d5:46:63:5c:ce:c6:57:bd:44:ec:
                    e4:5c:38:71:f6:08:9f:a5:d3:9f:cf:53:5e:54:a3:
                    1f:0b:a3:a1:28:81:e8:eb:b3:cf:83:16:1d:1f:ad:
                    cc:f6:c7:f2:03:0c:2c:37:4c:73:87:df:55:a4:85:
                    1d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D7:C6:81:C9:DD:BC:00:86:E8:61:05:E5:7A:D3:0E:83:BB:81:FC
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/cdfGgcndvACG6GEF5XrTDoO7gfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ba:7f:d7:c4:67:2d:10:f1:ec:76:fc:ac:41:eb:96:ca:80:
         58:86:15:f6:5e:92:2f:ea:c4:87:fd:87:bc:6d:ec:21:14:0a:
         31:91:2d:e9:c9:8c:ac:34:f9:7c:c9:1c:59:88:ae:36:bb:3b:
         87:8e:f8:ee:53:dd:28:54:7c:00:98:69:4a:b0:b9:70:50:fb:
         d4:c2:d1:e6:f0:15:e7:85:d1:35:c2:e5:ac:d8:dc:51:76:1e:
         b4:fb:99:f9:35:d9:f5:69:2f:42:5e:5e:c4:9a:c5:c3:25:8c:
         76:e7:42:e1:a3:9d:6d:d7:2a:c2:c0:99:2f:6c:fd:7f:11:fa:
         e7:1a:ad:d9:61:34:0e:34:1e:77:1d:e6:c6:6e:b3:df:99:ad:
         2a:c2:4f:02:73:b2:04:c6:14:27:1d:6a:46:95:f7:86:54:e3:
         24:30:34:6c:07:93:16:cc:95:91:00:31:5f:45:c8:c2:9c:1e:
         a7:e1:3b:4a:22:25:09:59:0b:a3:c9:6c:16:df:91:de:e2:96:
         f2:a1:04:28:c2:5d:ff:b5:f4:f9:51:17:62:9c:93:1b:d0:7f:
         79:f5:85:5f:c8:dd:99:85:42:58:3a:dd:27:27:12:19:c5:75:
         16:fa:18:2f:cb:59:94:87:d4:75:3a:94:9b:d5:4f:86:cc:45:
         7b:f0:a4:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWDcNupP7i65uZ0qcB8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQ3YzY4MWM5ZGRiYzAwODZlODYxMDVlNTdhZDMwZTgzYmI4MWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg2A8IKLXeKWgqrlw/0TXscBt2oq
z2SRn1J42RbL+cAKZhce4La3pI65PYHsUFNOXoSkPt31EB97Xn+iMcMuSRnuuG0y
/kzQyK2tE8sH5mLQ+1fKDVwEA7+HMaP7h0QnIQPJOFdz/B0+9Wxb1MJVZqpv7ySh
m2EnRvdc96eNSV/e9RJhB4eZGnwOx+fOWnQA0XrUD6VgbPLJcaxIX7iT+q2xNGuM
SkxepUYII0TXKASYHM771hAc4qdYNZf37clu15oHZeAzvdVGY1zOxle9ROzkXDhx
9gifpdOfz1NeVKMfC6OhKIHo67PPgxYdH63M9sfyAwwsN0xzh99VpIUdJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHXxoHJ3bwAhuhhBeV60w6Du4H8MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvY2RmR2djbmR2QUNHNkdFRjVYclREb083Z2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXEMA0G
CSqGSIb3DQEBCwUAA4IBAQAqun/XxGctEPHsdvysQeuWyoBYhhX2XpIv6sSH/Ye8
bewhFAoxkS3pyYysNPl8yRxZiK42uzuHjvjuU90oVHwAmGlKsLlwUPvUwtHm8BXn
hdE1wuWs2NxRdh60+5n5Ndn1aS9CXl7EmsXDJYx250Lho51t1yrCwJkvbP1/Efrn
Gq3ZYTQONB53HebGbrPfma0qwk8Cc7IExhQnHWpGlfeGVOMkMDRsB5MWzJWRADFf
RcjCnB6n4TtKIiUJWQujyWwW35He4pbyoQQowl3/tfT5URdinJMb0H959YVfyN2Z
hUJYOt0nJxIZxXUW+hgvy1mUh9R1OpSb1U+GzEV78KTn
-----END CERTIFICATE-----