Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mfPlUuZ5G0wgRTe5oRvTYczmfDQ.roa
File:                     mfPlUuZ5G0wgRTe5oRvTYczmfDQ.roa (raw, json)
Hash identifier:          z9wvbWfuvpR98DBs97fG+VFUFi6l2gs3QdM+5vhiwv0=
Subject key identifier:   99:F3:E5:52:E6:79:1B:4C:20:45:37:B9:A1:1B:D3:61:CC:E6:7C:34
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01914177EF726BB0D75BB5DFB0193F7A1190
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mfPlUuZ5G0wgRTe5oRvTYczmfDQ.roa
Signing time:             Sun 11 Aug 2024 12:44:24 +0000
ROA not before:           Sun 11 Aug 2024 12:44:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198831
IP address blocks:        163.5.59.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:41:77:ef:72:6b:b0:d7:5b:b5:df:b0:19:3f:7a:11:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 11 12:44:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99f3e552e6791b4c204537b9a11bd361cce67c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:04:43:9d:c6:2f:bd:e0:10:04:aa:8d:1e:b1:
                    61:60:08:09:ec:09:96:17:63:b1:5a:51:d7:bd:fa:
                    e5:0d:91:8f:bb:ca:a7:38:8d:b1:e3:7c:6b:80:a2:
                    66:f9:37:19:54:55:f2:e6:24:cb:9d:45:04:fe:6a:
                    d6:77:9f:70:10:f9:65:80:f2:97:69:13:1b:ab:8d:
                    bd:21:ab:15:7e:da:2c:5a:fc:a9:eb:2b:85:2d:bc:
                    28:6e:c0:ba:06:f8:23:6f:fb:f3:d0:2b:e2:6c:63:
                    70:88:01:16:6b:23:82:d4:92:51:5d:bc:9a:01:23:
                    ae:17:55:13:cd:d8:7e:79:1e:ad:81:ec:cf:b4:01:
                    07:30:23:cd:ed:e8:ea:0e:4c:23:29:da:0e:80:a3:
                    8a:ee:8c:0f:dc:df:8f:18:6d:63:7c:5c:20:b8:0b:
                    b6:6d:39:4e:7c:65:45:ad:db:5c:c3:96:6e:17:da:
                    4a:b0:64:b2:bf:a6:2d:b7:4b:af:dd:64:b5:6e:65:
                    c3:e8:1a:27:f3:22:45:ec:e9:42:2a:2d:08:7b:35:
                    e1:af:4d:9e:9a:fd:6d:f0:79:39:4a:1f:90:d2:cc:
                    c7:0d:02:f3:71:6e:9d:30:3a:7e:a6:0c:7e:a8:9f:
                    4e:1f:07:31:de:19:57:0a:7e:9e:82:bc:05:25:dc:
                    61:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F3:E5:52:E6:79:1B:4C:20:45:37:B9:A1:1B:D3:61:CC:E6:7C:34
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/mfPlUuZ5G0wgRTe5oRvTYczmfDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:c3:d0:8c:58:25:67:72:19:ca:d1:82:df:56:31:7c:de:71:
         a6:a5:9f:1f:30:05:91:2d:72:76:02:08:50:6e:eb:33:df:22:
         96:ff:0c:14:b1:e7:b6:44:19:35:a9:ec:af:db:0b:ff:1e:de:
         88:78:b3:d6:2e:99:e7:e1:26:54:81:cc:af:40:96:45:7b:8e:
         8b:87:b0:d5:a6:2f:da:b2:11:04:37:65:fe:d5:6f:46:51:ef:
         dc:91:e4:36:8a:04:e6:ec:44:11:9f:2d:0e:06:4e:a0:24:bb:
         e7:42:51:89:e8:d9:2c:ba:65:f8:99:be:42:0f:6b:f7:35:7b:
         92:07:e1:7d:a6:26:65:21:60:0b:d4:7a:ef:4a:ff:d3:3d:f8:
         65:59:49:5e:7a:57:af:da:af:14:4b:5b:a7:91:7e:1d:b0:c5:
         a3:18:29:22:a2:12:37:b5:16:32:d9:58:e1:d1:1d:88:fd:f3:
         7c:1c:99:30:b2:8e:60:a9:29:d6:0d:1b:4d:0f:21:b3:98:9b:
         fb:25:e4:4d:75:15:37:5a:79:59:4e:9b:0c:0e:bf:95:eb:da:
         e1:56:9a:02:65:11:c1:7f:7d:18:c6:84:16:44:f8:4f:66:2a:
         6d:f5:7c:b9:c8:6e:fc:9f:f8:ed:b3:5c:b0:aa:bd:c9:20:a5:
         2e:54:13:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFBd+9ya7DXW7XfsBk/ehGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwODExMTI0NDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWYzZTU1MmU2NzkxYjRjMjA0NTM3YjlhMTFiZDM2MWNjZTY3YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwRDncYvveAQBKqNHrFhYAgJ7AmW
F2OxWlHXvfrlDZGPu8qnOI2x43xrgKJm+TcZVFXy5iTLnUUE/mrWd59wEPllgPKX
aRMbq429IasVftosWvyp6yuFLbwobsC6Bvgjb/vz0CvibGNwiAEWayOC1JJRXbya
ASOuF1UTzdh+eR6tgezPtAEHMCPN7ejqDkwjKdoOgKOK7owP3N+PGG1jfFwguAu2
bTlOfGVFrdtcw5ZuF9pKsGSyv6Ytt0uv3WS1bmXD6Bon8yJF7OlCKi0IezXhr02e
mv1t8Hk5Sh+Q0szHDQLzcW6dMDp+pgx+qJ9OHwcx3hlXCn6egrwFJdxhuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJnz5VLmeRtMIEU3uaEb02HM5nw0MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbWZQbFV1WjVHMHdnUlRlNW9SdlRZY3ptZkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowU7AwQA
uf02MA0GCSqGSIb3DQEBCwUAA4IBAQCTw9CMWCVnchnK0YLfVjF83nGmpZ8fMAWR
LXJ2AghQbusz3yKW/wwUsee2RBk1qeyv2wv/Ht6IeLPWLpnn4SZUgcyvQJZFe46L
h7DVpi/ashEEN2X+1W9GUe/ckeQ2igTm7EQRny0OBk6gJLvnQlGJ6NksumX4mb5C
D2v3NXuSB+F9piZlIWAL1HrvSv/TPfhlWUleelev2q8US1unkX4dsMWjGCkiohI3
tRYy2Vjh0R2I/fN8HJkwso5gqSnWDRtNDyGzmJv7JeRNdRU3WnlZTpsMDr+V69rh
VpoCZRHBf30YxoQWRPhPZipt9Xy5yG78n/jts1ywqr3JIKUuVBNF
-----END CERTIFICATE-----