Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/s1fEXBnyNNnKRMXLlX669Mm-I3s.roa
File:                     s1fEXBnyNNnKRMXLlX669Mm-I3s.roa (raw, json)
Hash identifier:          tFYsR3X602rmiJg4ai/7cPASVGTpR/aHWkEQmGX683c=
Subject key identifier:   B3:57:C4:5C:19:F2:34:D9:CA:44:C5:CB:95:7E:BA:F4:C9:BE:23:7B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018E953B25128DF94DA203DA982BD1344126
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/s1fEXBnyNNnKRMXLlX669Mm-I3s.roa
Signing time:             Sun 31 Mar 2024 15:57:45 +0000
ROA not before:           Sun 31 Mar 2024 15:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        163.5.38.0/23 maxlen: 23
                          163.5.38.0/24 maxlen: 24
                          163.5.39.0/24 maxlen: 24
                          163.5.60.0/24 maxlen: 24
                          163.5.63.0/24 maxlen: 24
                          163.5.88.0/24 maxlen: 24
                          163.5.90.0/24 maxlen: 24
                          163.5.93.0/24 maxlen: 24
                          163.5.100.0/24 maxlen: 24
                          163.5.101.0/24 maxlen: 24
                          163.5.102.0/24 maxlen: 24
                          163.5.108.0/24 maxlen: 24
                          163.5.109.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.117.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.130.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.147.0/24 maxlen: 24
                          163.5.174.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.225.0/24 maxlen: 24
                          163.5.226.0/24 maxlen: 24
                          163.5.227.0/24 maxlen: 24
                          163.5.228.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.230.0/24 maxlen: 24
                          163.5.238.0/24 maxlen: 24
                          163.5.240.0/24 maxlen: 24
                          163.5.243.0/24 maxlen: 24
                          163.5.245.0/24 maxlen: 24
                          163.5.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:3b:25:12:8d:f9:4d:a2:03:da:98:2b:d1:34:41:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 31 15:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b357c45c19f234d9ca44c5cb957ebaf4c9be237b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e4:45:a8:08:fa:45:8d:12:e3:ef:3a:0e:35:
                    b6:2d:39:25:03:1c:0b:28:6f:52:78:d9:6d:14:aa:
                    e8:4e:f0:4f:06:d4:c3:92:e9:e9:67:d3:e3:ec:45:
                    de:8b:35:3a:5b:ba:b6:9e:50:43:15:8a:df:9e:c4:
                    8c:96:81:cd:04:25:b8:44:d6:c9:0b:7d:22:dd:3a:
                    2e:ab:1d:dc:bb:39:15:77:e9:e6:b6:02:87:9b:90:
                    84:e4:0e:3e:33:62:87:48:6a:96:01:8a:1b:96:bc:
                    36:72:16:ac:ee:1b:9f:fc:41:7e:49:a9:16:07:09:
                    0b:96:d5:72:ae:14:a3:18:f6:63:b6:ef:e5:fb:66:
                    37:62:9d:eb:c9:1f:c1:1e:5d:5e:61:1f:4d:45:b9:
                    9e:61:96:38:b4:64:c5:ca:a0:d6:2e:20:40:f4:f1:
                    69:07:48:a2:4e:2e:f5:00:e6:17:4c:52:36:04:5b:
                    34:9b:98:a6:5e:64:5e:cf:59:c5:60:9c:e3:5d:c8:
                    72:39:a7:21:39:c8:ba:92:07:29:7a:8d:22:c1:20:
                    f4:5a:f3:e6:04:68:29:86:a1:b4:8d:0a:92:5b:c0:
                    5c:02:f0:8f:60:a5:b0:a1:c1:eb:ea:48:0c:5d:bd:
                    2f:05:7d:aa:61:dd:a2:1e:fc:93:d9:91:1a:19:18:
                    2e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:57:C4:5C:19:F2:34:D9:CA:44:C5:CB:95:7E:BA:F4:C9:BE:23:7B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/s1fEXBnyNNnKRMXLlX669Mm-I3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.38.0/23
                  163.5.60.0/24
                  163.5.63.0/24
                  163.5.88.0/24
                  163.5.90.0/24
                  163.5.93.0/24
                  163.5.100.0-163.5.102.255
                  163.5.108.0/23
                  163.5.114.0/24
                  163.5.116.0/23
                  163.5.119.0/24
                  163.5.130.0/23
                  163.5.133.0/24
                  163.5.147.0/24
                  163.5.174.0/24
                  163.5.189.0/24
                  163.5.192.0/24
                  163.5.225.0-163.5.230.255
                  163.5.238.0/24
                  163.5.240.0/24
                  163.5.243.0/24
                  163.5.245.0-163.5.246.255

    Signature Algorithm: sha256WithRSAEncryption
         63:39:f2:1f:53:b7:11:2b:da:8b:3d:94:bb:75:92:82:5d:fa:
         a6:be:c8:cb:2b:4b:25:ed:5b:dd:7f:64:58:7c:17:2e:53:88:
         9d:87:f0:52:c8:4e:ea:15:d9:bb:33:c8:a4:1e:9f:21:ef:37:
         eb:41:07:b4:a7:2e:41:0e:7f:2e:9a:23:36:d5:6b:4e:33:4b:
         0c:3c:ee:58:1f:f7:3f:58:64:3c:03:d5:b1:ed:28:06:22:ff:
         3f:83:80:17:b5:a4:7c:ea:a4:1d:c1:ae:37:cf:87:cb:cb:38:
         ba:d2:51:47:e9:94:10:39:51:39:92:8d:4a:a5:a6:8b:b7:3a:
         56:8b:f0:39:89:1e:6a:92:5e:c5:a7:ca:bc:84:8c:dd:47:2a:
         96:f6:d7:c2:2b:e4:db:16:55:23:62:85:82:3f:52:67:15:6f:
         e1:8e:98:89:44:59:b1:62:ab:49:c8:76:17:80:8d:8c:3a:e2:
         f0:31:3c:29:b3:f3:fc:a5:91:cb:08:1d:b1:59:94:9a:8f:f4:
         25:2f:32:f5:02:1b:9e:b0:06:8d:ae:cc:25:e3:c7:01:bf:a4:
         4a:21:1e:10:ae:c7:3f:3f:d1:06:58:ec:f1:7f:59:27:87:6c:
         cd:66:76:4b:b8:cf:af:b8:04:64:9d:1b:75:2c:76:ec:24:80:
         01:53:c2:00
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgISAY6VOyUSjflNogPamCvRNEEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMzMxMTU1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzU3YzQ1YzE5ZjIzNGQ5Y2E0NGM1Y2I5NTdlYmFmNGM5YmUyMzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgORFqAj6RY0S4+86DjW2LTklAxwL
KG9SeNltFKroTvBPBtTDkunpZ9Pj7EXeizU6W7q2nlBDFYrfnsSMloHNBCW4RNbJ
C30i3Touqx3cuzkVd+nmtgKHm5CE5A4+M2KHSGqWAYoblrw2chas7huf/EF+SakW
BwkLltVyrhSjGPZjtu/l+2Y3Yp3ryR/BHl1eYR9NRbmeYZY4tGTFyqDWLiBA9PFp
B0iiTi71AOYXTFI2BFs0m5imXmRez1nFYJzjXchyOachOci6kgcpeo0iwSD0WvPm
BGgphqG0jQqSW8BcAvCPYKWwocHr6kgMXb0vBX2qYd2iHvyT2ZEaGRguZQIDAQAB
o4ICpDCCAqAwHQYDVR0OBBYEFLNXxFwZ8jTZykTFy5V+uvTJviN7MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvczFmRVhCbnlOTm5LUk1YTGxYNjY5TW0tSTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG5BggrBgEFBQcBBwEB/wSBqTCBpjCBowQCAAEwgZwDBAGj
BSYDBACjBTwDBACjBT8DBACjBVgDBACjBVoDBACjBV0wDAMEAqMFZAMEAKMFZgME
AaMFbAMEAKMFcgMEAaMFdAMEAKMFdwMEAaMFggMEAKMFhQMEAKMFkwMEAKMFrgME
AKMFvQMEAKMFwDAMAwQAowXhAwQAowXmAwQAowXuAwQAowXwAwQAowXzMAwDBACj
BfUDBACjBfYwDQYJKoZIhvcNAQELBQADggEBAGM58h9TtxEr2os9lLt1koJd+qa+
yMsrSyXtW91/ZFh8Fy5TiJ2H8FLITuoV2bszyKQenyHvN+tBB7SnLkEOfy6aIzbV
a04zSww87lgf9z9YZDwD1bHtKAYi/z+DgBe1pHzqpB3BrjfPh8vLOLrSUUfplBA5
UTmSjUqlpou3OlaL8DmJHmqSXsWnyryEjN1HKpb218Ir5NsWVSNihYI/UmcVb+GO
mIlEWbFiq0nIdheAjYw64vAxPCmz8/ylkcsIHbFZlJqP9CUvMvUCG56wBo2uzCXj
xwG/pEohHhCuxz8/0QZY7PF/WSeHbM1mdku4z6+4BGSdG3UsduwkgAFTwgA=
-----END CERTIFICATE-----
Generated at Wed Jun 12 16:20:56 2024 by rpki-client on console-ams.rpki-client.org