Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hJRztrqE0PSxCQUzQ_zjtj0zauA.roa
File:                     hJRztrqE0PSxCQUzQ_zjtj0zauA.roa (raw, json)
Hash identifier:          mwJUOok2CFTr9Lal8WSH+srpy6mNmXIAGs58mujAJn4=
Subject key identifier:   84:94:73:B6:BA:84:D0:F4:B1:09:05:33:43:FC:E3:B6:3D:33:6A:E0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01945A0E91409FC6AC04951BB33093ED957D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hJRztrqE0PSxCQUzQ_zjtj0zauA.roa
Signing time:             Sun 12 Jan 2025 10:28:11 +0000
ROA not before:           Sun 12 Jan 2025 10:28:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10103
IP address blocks:        163.5.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5a:0e:91:40:9f:c6:ac:04:95:1b:b3:30:93:ed:95:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan 12 10:28:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=849473b6ba84d0f4b109053343fce3b63d336ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:30:f7:b1:29:d7:8e:f8:fe:78:2e:ca:e8:1e:
                    6d:1a:2b:d8:96:0b:60:83:8c:9b:2b:1c:ad:09:94:
                    23:66:a3:e7:6e:cf:73:35:0d:7f:21:89:46:1c:c0:
                    a0:3b:d7:67:cc:03:7b:22:ba:0f:1e:a6:7f:56:a1:
                    38:03:77:1a:fe:1e:82:63:e6:a8:6f:66:90:f0:b6:
                    87:21:74:1b:0d:85:81:75:6e:a4:05:37:51:4c:47:
                    8b:69:f1:6e:01:e6:d2:57:d4:ee:78:a7:2d:24:f5:
                    86:67:6d:81:c9:f8:df:c2:1a:96:6b:86:2c:b5:1e:
                    f8:3a:af:fd:66:f8:24:1d:6e:12:b1:88:28:20:79:
                    8a:d1:e4:d8:e4:a6:e3:df:64:10:52:7c:35:51:c3:
                    4b:77:e2:8e:81:fe:95:2c:b9:c5:ab:1d:a6:e5:16:
                    ef:49:a6:9a:04:d1:de:58:20:f8:8a:3c:6a:48:13:
                    06:5e:bd:44:d6:9d:d9:e3:f0:7a:1f:8c:2d:aa:c7:
                    a3:7b:52:81:8c:60:84:a3:2c:5c:75:8d:a4:83:ae:
                    9d:ed:69:0c:ad:db:ed:d9:46:0e:64:51:05:64:50:
                    8e:e5:44:c5:30:d7:88:db:eb:aa:5e:56:9c:7e:88:
                    4c:1b:66:ae:b2:56:74:27:a0:e5:fc:84:55:ac:b8:
                    a9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:94:73:B6:BA:84:D0:F4:B1:09:05:33:43:FC:E3:B6:3D:33:6A:E0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hJRztrqE0PSxCQUzQ_zjtj0zauA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:97:63:e0:8c:f5:37:0d:e4:81:d9:f6:cc:45:af:21:36:d9:
         65:6e:6f:84:af:18:72:a4:a7:da:0e:de:26:e2:88:45:2b:67:
         e7:a6:e1:f5:ac:de:66:62:b4:25:0a:92:25:16:cf:d4:7f:76:
         3d:cd:55:26:55:6f:d4:dc:17:9d:57:61:5c:29:59:47:a7:d5:
         8d:b0:93:cd:42:62:6d:ec:94:1f:ea:2f:44:f2:c6:19:f7:9a:
         3e:e1:e1:38:7e:8b:63:5a:97:19:a4:74:8f:0d:f4:e1:b8:0b:
         a8:58:77:7c:27:91:03:19:fe:d8:8f:2c:99:b1:d4:cc:c8:ec:
         06:a2:c8:96:19:35:ea:31:60:56:a4:8a:59:f7:56:30:d8:f9:
         40:a6:a2:06:94:1f:89:c2:c9:ae:90:2c:53:18:2b:72:91:69:
         07:f5:75:d1:02:a8:1c:56:ee:4f:e6:7a:bd:b1:06:1b:cf:ad:
         95:d5:c9:f8:85:ce:78:a3:3a:d8:c8:e8:fb:d0:10:ed:ad:c3:
         7b:cb:70:57:e5:d4:6e:a3:9b:9e:04:1f:83:45:81:20:91:84:
         d7:4b:ab:2f:c7:b2:cf:43:af:48:14:b5:dc:b1:de:bb:64:ca:
         09:01:ea:f4:9d:44:40:ad:80:c1:af:45:cd:82:5a:22:a1:45:
         9f:ee:38:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRaDpFAn8asBJUbszCT7ZV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTEyMTAyODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk0NzNiNmJhODRkMGY0YjEwOTA1MzM0M2ZjZTNiNjNkMzM2YWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jD3sSnXjvj+eC7K6B5tGivYlgtg
g4ybKxytCZQjZqPnbs9zNQ1/IYlGHMCgO9dnzAN7IroPHqZ/VqE4A3ca/h6CY+ao
b2aQ8LaHIXQbDYWBdW6kBTdRTEeLafFuAebSV9TueKctJPWGZ22ByfjfwhqWa4Ys
tR74Oq/9ZvgkHW4SsYgoIHmK0eTY5Kbj32QQUnw1UcNLd+KOgf6VLLnFqx2m5Rbv
SaaaBNHeWCD4ijxqSBMGXr1E1p3Z4/B6H4wtqseje1KBjGCEoyxcdY2kg66d7WkM
rdvt2UYOZFEFZFCO5UTFMNeI2+uqXlacfohMG2auslZ0J6Dl/IRVrLipCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISUc7a6hND0sQkFM0P847Y9M2rgMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaEpSenRycUUwUFN4Q1FVelFfemp0ajB6YXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUMMA0G
CSqGSIb3DQEBCwUAA4IBAQA+l2PgjPU3DeSB2fbMRa8hNtllbm+ErxhypKfaDt4m
4ohFK2fnpuH1rN5mYrQlCpIlFs/Uf3Y9zVUmVW/U3BedV2FcKVlHp9WNsJPNQmJt
7JQf6i9E8sYZ95o+4eE4fotjWpcZpHSPDfThuAuoWHd8J5EDGf7YjyyZsdTMyOwG
osiWGTXqMWBWpIpZ91Yw2PlApqIGlB+JwsmukCxTGCtykWkH9XXRAqgcVu5P5nq9
sQYbz62V1cn4hc54ozrYyOj70BDtrcN7y3BX5dRuo5ueBB+DRYEgkYTXS6svx7LP
Q69IFLXcsd67ZMoJAer0nURArYDBr0XNgloioUWf7jj7
-----END CERTIFICATE-----