Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t9ABgZUzDCaF43szI2ozly89-L4.roa
File:                     t9ABgZUzDCaF43szI2ozly89-L4.roa (raw, json)
Hash identifier:          bKGnlod7QVYGf5NnN0dgDiZJXT+AlxGiiuAsAEHDamc=
Subject key identifier:   B7:D0:01:81:95:33:0C:26:85:E3:7B:33:23:6A:33:97:2F:3D:F8:BE
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019360350EC2AF20774C14B176A10173AD3B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t9ABgZUzDCaF43szI2ozly89-L4.roa
Signing time:             Sun 24 Nov 2024 22:05:09 +0000
ROA not before:           Sun 24 Nov 2024 22:05:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        163.5.178.0/24 maxlen: 24
                          163.5.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:60:35:0e:c2:af:20:77:4c:14:b1:76:a1:01:73:ad:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov 24 22:05:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7d0018195330c2685e37b33236a33972f3df8be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3a:cf:e8:4e:27:7b:4d:fe:03:0f:28:73:1b:
                    e2:8d:1d:a3:78:a6:87:a6:fc:ce:5b:d2:60:97:e7:
                    23:53:3c:d7:0c:6d:b6:6b:72:10:49:93:f1:28:22:
                    f0:61:91:1d:40:ad:7d:cc:ae:db:c5:e1:22:d5:05:
                    ea:7f:75:0e:67:89:51:b1:a8:1e:e9:f9:43:48:51:
                    f7:23:2d:a1:c3:d1:aa:83:d5:30:70:58:1c:40:a5:
                    a9:27:3e:3e:93:2e:ec:19:45:c8:ce:72:2e:db:30:
                    fc:38:1d:1c:6b:ca:ae:7a:b4:03:72:2e:e4:2c:00:
                    0c:c4:c9:c1:b7:17:92:e7:88:d7:5b:36:06:d2:35:
                    1a:31:2a:a2:2e:0c:f6:bf:31:08:df:05:92:06:88:
                    6f:20:61:5b:ec:12:3a:7a:a6:7a:d1:68:ce:a2:c5:
                    85:90:66:0d:3f:3d:de:57:c1:ed:4a:69:ae:3b:cf:
                    c4:bf:6c:9f:d6:44:4e:3f:f7:52:d4:93:76:f9:8c:
                    ac:35:36:5b:19:a6:73:8f:5e:5a:21:a5:e6:44:70:
                    4d:c9:83:94:0e:a4:cd:e7:65:39:c9:43:29:cc:ec:
                    bb:17:b6:d0:b5:06:f9:dd:f0:4f:51:db:f5:68:a3:
                    fc:27:45:71:89:73:3d:74:ae:d0:f0:a1:b1:11:36:
                    fe:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:D0:01:81:95:33:0C:26:85:E3:7B:33:23:6A:33:97:2F:3D:F8:BE
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/t9ABgZUzDCaF43szI2ozly89-L4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.178.0/24
                  163.5.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:4d:c1:7d:7d:b3:92:73:0a:4b:94:93:09:e7:01:d9:15:43:
         e6:a0:17:e3:bc:89:9f:e4:64:24:e8:f6:67:be:c5:9a:48:64:
         46:85:66:f2:3a:2a:d6:5d:2e:2a:ee:be:50:e3:d3:d1:54:0b:
         60:0c:36:bf:7e:68:67:71:5e:ad:ea:30:2b:21:6a:6f:22:18:
         20:20:e8:93:8f:29:05:19:7a:77:fe:53:09:e6:2f:38:d6:17:
         6a:18:cd:27:65:9c:c3:fe:a8:54:46:74:bd:e7:9d:dc:04:97:
         30:c6:19:81:19:5e:4b:f0:63:00:22:d7:83:7a:84:49:df:16:
         21:61:2a:de:84:c3:bb:c8:c7:35:a1:f0:af:42:3c:53:19:77:
         66:a4:c1:a2:6c:65:11:05:c9:e5:34:8d:61:d1:03:18:fb:20:
         42:5c:61:ea:c9:78:46:ec:22:ce:c0:aa:7a:11:7e:fd:a9:e0:
         82:6c:30:55:be:64:8a:7c:56:bc:c0:6c:15:ce:a9:76:bf:80:
         7d:22:c6:20:a6:53:c0:79:e2:a4:fb:d7:a1:f5:eb:a6:a1:9b:
         88:a6:16:1d:60:4e:d8:18:82:46:c2:3b:7b:f8:e5:d9:ee:39:
         dc:72:e0:c9:47:06:35:4d:cc:20:c5:63:3a:e5:ab:b2:28:f0:
         7f:1f:3e:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNgNQ7CryB3TBSxdqEBc607MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMTI0MjIwNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2QwMDE4MTk1MzMwYzI2ODVlMzdiMzMyMzZhMzM5NzJmM2RmOGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjrP6E4ne03+Aw8ocxvijR2jeKaH
pvzOW9Jgl+cjUzzXDG22a3IQSZPxKCLwYZEdQK19zK7bxeEi1QXqf3UOZ4lRsage
6flDSFH3Iy2hw9Gqg9UwcFgcQKWpJz4+ky7sGUXIznIu2zD8OB0ca8querQDci7k
LAAMxMnBtxeS54jXWzYG0jUaMSqiLgz2vzEI3wWSBohvIGFb7BI6eqZ60WjOosWF
kGYNPz3eV8HtSmmuO8/Ev2yf1kROP/dS1JN2+YysNTZbGaZzj15aIaXmRHBNyYOU
DqTN52U5yUMpzOy7F7bQtQb53fBPUdv1aKP8J0VxiXM9dK7Q8KGxETb+iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLfQAYGVMwwmheN7MyNqM5cvPfi+MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdDlBQmdaVXpEQ2FGNDNzekkyb3pseTg5LUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowWyAwQA
owW4MA0GCSqGSIb3DQEBCwUAA4IBAQAlTcF9fbOScwpLlJMJ5wHZFUPmoBfjvImf
5GQk6PZnvsWaSGRGhWbyOirWXS4q7r5Q49PRVAtgDDa/fmhncV6t6jArIWpvIhgg
IOiTjykFGXp3/lMJ5i841hdqGM0nZZzD/qhURnS9553cBJcwxhmBGV5L8GMAIteD
eoRJ3xYhYSrehMO7yMc1ofCvQjxTGXdmpMGibGURBcnlNI1h0QMY+yBCXGHqyXhG
7CLOwKp6EX79qeCCbDBVvmSKfFa8wGwVzql2v4B9IsYgplPAeeKk+9eh9eumoZuI
phYdYE7YGIJGwjt7+OXZ7jnccuDJRwY1TcwgxWM65auyKPB/Hz4q
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:07:35 2024 by rpki-client on console-fra.rpki-client.org