Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lnSKjfKrcafvzZdYSu-q99ikid4.roa
File:                     lnSKjfKrcafvzZdYSu-q99ikid4.roa (raw, json)
Hash identifier:          ApoMV45wXk379R7Gj3r6Mc5jFuC1SMfSgd6lycK5yR4=
Subject key identifier:   96:74:8A:8D:F2:AB:71:A7:EF:CD:97:58:4A:EF:AA:F7:D8:A4:89:DE
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01921E423847EDCDD78EF9B11AA62CA8552B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lnSKjfKrcafvzZdYSu-q99ikid4.roa
Signing time:             Mon 23 Sep 2024 09:41:49 +0000
ROA not before:           Mon 23 Sep 2024 09:41:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        163.5.153.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          163.5.177.0/24 maxlen: 24
                          163.5.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1e:42:38:47:ed:cd:d7:8e:f9:b1:1a:a6:2c:a8:55:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 23 09:41:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96748a8df2ab71a7efcd97584aefaaf7d8a489de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:32:17:1c:fa:a6:59:57:0e:86:32:2e:3c:bd:
                    00:d0:00:dc:3d:21:14:8c:07:63:a0:4c:9e:88:cb:
                    9a:c8:a9:ca:d9:a9:9b:50:ac:9a:65:48:e8:80:de:
                    63:1c:29:1e:69:15:a8:62:80:09:4d:a4:20:94:e0:
                    86:ab:96:a4:58:f1:48:75:d6:b1:79:f6:e1:45:8c:
                    b6:7a:63:6c:70:26:d5:48:e7:9f:b7:4d:14:7b:7c:
                    d8:ba:f6:ef:a0:c9:44:bd:36:1e:af:8f:73:49:1c:
                    66:8d:97:2a:e8:c5:8b:4a:67:46:ba:bb:a2:c4:07:
                    dc:3e:cb:e4:eb:a9:62:55:53:fd:ba:a5:6d:54:f8:
                    d9:1b:ef:6d:2e:af:4a:af:3f:c6:8f:0d:b0:8d:10:
                    91:bf:fa:00:d8:f0:7f:41:93:1a:62:d9:01:b8:7a:
                    ea:99:73:de:20:b4:1b:24:68:b3:1d:60:0f:fd:74:
                    05:c7:28:ab:84:1b:76:fd:8c:b1:b3:f0:6d:fd:12:
                    e7:a3:e8:5d:68:a7:7e:77:ef:44:14:05:5d:f8:26:
                    c9:d5:9a:ac:31:e2:39:c5:81:43:c8:6b:2a:af:e7:
                    62:3d:22:2a:cb:21:3a:bb:6f:23:4c:68:06:25:25:
                    b4:ce:c1:19:2b:3c:2b:85:d8:22:10:b5:ba:e3:e8:
                    7f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:74:8A:8D:F2:AB:71:A7:EF:CD:97:58:4A:EF:AA:F7:D8:A4:89:DE
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lnSKjfKrcafvzZdYSu-q99ikid4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.153.0-163.5.154.255
                  163.5.177.0/24
                  163.5.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:89:8c:dc:56:db:d6:9b:c9:a3:e1:f6:31:58:72:bc:d7:76:
         29:ee:70:36:70:39:aa:2c:89:7b:53:3d:37:04:61:91:81:d1:
         4a:cf:69:eb:bd:10:72:66:d0:7c:1e:6e:77:be:00:0f:61:43:
         2a:48:88:39:36:40:50:dc:d3:f7:2f:a2:e4:30:52:c5:86:7c:
         ee:99:54:50:ed:5c:fe:31:c0:9a:b1:46:ef:f5:a5:4e:47:f5:
         20:ad:16:90:c3:b0:bd:61:6f:c8:35:38:ae:24:af:85:1e:a7:
         4a:25:9a:9b:65:1a:c6:73:2c:6f:56:a1:cd:90:eb:9c:1d:16:
         b2:56:ed:c8:fd:88:a0:38:19:78:55:44:78:a8:cb:41:b8:4b:
         6a:19:95:9c:b0:73:83:d6:b1:c9:f3:5a:f6:31:22:2a:a7:96:
         0b:12:5a:6a:dd:17:0a:10:9b:00:5b:6d:21:74:dd:8b:84:d1:
         3e:b0:91:6f:c3:77:a8:35:70:9f:c4:0d:cf:3a:9e:94:9a:20:
         59:63:e2:6a:1c:c6:57:99:28:d4:7e:cd:0d:06:75:81:86:52:
         71:86:ba:fe:6b:6a:41:58:58:aa:51:66:13:5f:73:d1:1a:eb:
         68:e5:0a:9e:bd:50:36:0c:d5:cd:71:ee:de:8c:04:d7:47:c5:
         7b:58:f9:2a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZIeQjhH7c3XjvmxGqYsqFUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwOTIzMDk0MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc0OGE4ZGYyYWI3MWE3ZWZjZDk3NTg0YWVmYWFmN2Q4YTQ4OWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jIXHPqmWVcOhjIuPL0A0ADcPSEU
jAdjoEyeiMuayKnK2ambUKyaZUjogN5jHCkeaRWoYoAJTaQglOCGq5akWPFIddax
efbhRYy2emNscCbVSOeft00Ue3zYuvbvoMlEvTYer49zSRxmjZcq6MWLSmdGurui
xAfcPsvk66liVVP9uqVtVPjZG+9tLq9Krz/Gjw2wjRCRv/oA2PB/QZMaYtkBuHrq
mXPeILQbJGizHWAP/XQFxyirhBt2/Yyxs/Bt/RLno+hdaKd+d+9EFAVd+CbJ1Zqs
MeI5xYFDyGsqr+diPSIqyyE6u28jTGgGJSW0zsEZKzwrhdgiELW64+h/bwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJZ0io3yq3Gn782XWErvqvfYpIneMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbG5TS2pmS3JjYWZ2elpkWVN1LXE5OWlraWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBACjBZkD
BACjBZoDBACjBbEDBACjBfwwDQYJKoZIhvcNAQELBQADggEBAFWJjNxW29abyaPh
9jFYcrzXdinucDZwOaosiXtTPTcEYZGB0UrPaeu9EHJm0Hwebne+AA9hQypIiDk2
QFDc0/cvouQwUsWGfO6ZVFDtXP4xwJqxRu/1pU5H9SCtFpDDsL1hb8g1OK4kr4Ue
p0olmptlGsZzLG9Woc2Q65wdFrJW7cj9iKA4GXhVRHioy0G4S2oZlZywc4PWscnz
WvYxIiqnlgsSWmrdFwoQmwBbbSF03YuE0T6wkW/Dd6g1cJ/EDc86npSaIFlj4moc
xleZKNR+zQ0GdYGGUnGGuv5rakFYWKpRZhNfc9Ea62jlCp69UDYM1c1x7t6MBNdH
xXtY+So=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:06:27 2024 by rpki-client on console-ams.rpki-client.org