Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uoTdATFokJmUufYqmJAzPotEgO0.roa
File:                     uoTdATFokJmUufYqmJAzPotEgO0.roa (raw, json)
Hash identifier:          4BSABGkz1T8w/jHgKOU9jSNFf4if83xpxDssdeI2TI8=
Subject key identifier:   BA:84:DD:01:31:68:90:99:94:B9:F6:2A:98:90:33:3E:8B:44:80:ED
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CC4256A4317E1B8465F9CCD2B6A2F17AD
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uoTdATFokJmUufYqmJAzPotEgO0.roa
Signing time:             Mon 01 Jan 2024 08:30:35 +0000
ROA not before:           Mon 01 Jan 2024 08:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        163.5.113.0/24 maxlen: 24
                          163.5.224.0/24 maxlen: 24
                          163.5.236.0/24 maxlen: 24
                          163.5.234.0/24 maxlen: 24
                          163.5.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6a:43:17:e1:b8:46:5f:9c:cd:2b:6a:2f:17:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 08:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba84dd013168909994b9f62a9890333e8b4480ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0c:f1:54:8b:1e:ca:dd:f6:be:78:59:dd:fb:
                    a4:7f:d7:86:ec:bd:fd:91:71:93:40:6d:9b:ee:c2:
                    23:a7:2d:2e:92:69:40:b7:13:0a:0d:1e:66:90:98:
                    90:80:cb:12:01:4e:0c:0a:5d:95:5c:eb:80:5c:40:
                    30:37:77:a4:ba:5e:d7:b2:7c:03:ca:43:1c:47:33:
                    7e:15:6b:56:78:bf:3b:fe:6f:26:43:ba:aa:3f:d1:
                    50:70:dd:e5:d9:17:a3:30:99:4a:9f:b7:0a:f3:79:
                    cf:ec:a9:79:2b:61:f8:d8:61:77:93:30:6c:27:2e:
                    0b:d3:d5:61:cd:3f:1c:9a:e5:34:26:6e:aa:d7:7e:
                    db:6a:b4:2e:56:95:82:de:3f:a8:d2:86:19:fd:c4:
                    54:a6:30:a0:90:a8:44:8f:86:e1:ad:09:32:8d:c2:
                    90:ec:bd:96:f8:6a:5d:49:91:11:3e:a9:84:73:6d:
                    9b:40:e2:c5:57:2b:3c:7e:80:57:cb:79:ce:9b:29:
                    0b:53:31:30:76:9c:b6:9e:2e:3b:fe:fe:93:59:13:
                    0f:5f:2c:21:a0:d5:e0:0b:dc:bf:d5:2e:73:21:3c:
                    2c:db:d7:8e:4e:60:04:72:0a:96:63:2b:88:af:db:
                    e5:bd:27:d0:df:84:ff:fc:ec:46:3a:a3:c1:8e:fa:
                    9d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:84:DD:01:31:68:90:99:94:B9:F6:2A:98:90:33:3E:8B:44:80:ED
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/uoTdATFokJmUufYqmJAzPotEgO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.113.0/24
                  163.5.146.0/24
                  163.5.224.0/24
                  163.5.234.0/24
                  163.5.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:71:5a:ef:ac:6b:21:d0:e8:a5:c3:ac:e4:27:5d:dd:71:0d:
         38:a2:9c:19:fb:5f:92:e5:df:d3:9f:b3:03:9d:ba:c1:82:2f:
         e8:3b:f2:cf:53:14:a5:5f:f4:76:4e:85:b3:b0:90:9d:eb:28:
         78:1f:f5:48:1f:d1:8b:89:e5:3c:6c:21:07:6c:c2:21:b6:a5:
         a8:ad:8e:98:35:c9:fa:3f:eb:11:b3:00:79:4f:c1:97:c6:d1:
         37:05:30:c8:ec:87:22:0e:41:c7:b6:a0:a1:aa:b8:ed:89:54:
         14:f9:00:e3:fb:f3:be:22:53:ed:26:f6:ed:36:0e:6d:87:a7:
         23:93:4f:69:e6:df:11:2b:97:23:c1:e4:6f:ce:8a:32:a9:dc:
         ba:8f:0c:ae:a8:ac:8c:bf:d6:70:23:fd:8d:bd:7e:2f:ac:a6:
         67:1e:63:75:59:90:3c:e2:e4:c5:94:76:aa:4b:70:e2:2d:93:
         09:83:ed:a8:d6:2c:bf:78:d1:d0:71:b0:69:b6:1a:aa:af:66:
         e9:5f:ad:79:00:1c:17:16:f1:7f:75:58:82:a2:31:9f:37:52:
         f5:5d:62:8a:f6:bf:1f:71:e8:31:24:6f:22:11:8e:ed:2f:3e:
         10:39:13:b7:1c:3c:35:8b:ef:0e:da:e1:13:6a:82:6c:74:03:
         2f:3c:ed:ea
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzEJWpDF+G4Rl+czStqLxetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTg0ZGQwMTMxNjg5MDk5OTRiOWY2MmE5ODkwMzMzZThiNDQ4MGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQzxVIseyt32vnhZ3fukf9eG7L39
kXGTQG2b7sIjpy0ukmlAtxMKDR5mkJiQgMsSAU4MCl2VXOuAXEAwN3ekul7XsnwD
ykMcRzN+FWtWeL87/m8mQ7qqP9FQcN3l2RejMJlKn7cK83nP7Kl5K2H42GF3kzBs
Jy4L09VhzT8cmuU0Jm6q137barQuVpWC3j+o0oYZ/cRUpjCgkKhEj4bhrQkyjcKQ
7L2W+GpdSZERPqmEc22bQOLFVys8foBXy3nOmykLUzEwdpy2ni47/v6TWRMPXywh
oNXgC9y/1S5zITws29eOTmAEcgqWYyuIr9vlvSfQ34T//OxGOqPBjvqd+wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLqE3QExaJCZlLn2KpiQMz6LRIDtMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdW9UZEFURm9rSm1VdWZZcW1KQXpQb3RFZ08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAowVxAwQA
owWSAwQAowXgAwQAowXqAwQAowXsMA0GCSqGSIb3DQEBCwUAA4IBAQBmcVrvrGsh
0Oilw6zkJ13dcQ04opwZ+1+S5d/Tn7MDnbrBgi/oO/LPUxSlX/R2ToWzsJCd6yh4
H/VIH9GLieU8bCEHbMIhtqWorY6YNcn6P+sRswB5T8GXxtE3BTDI7IciDkHHtqCh
qrjtiVQU+QDj+/O+IlPtJvbtNg5th6cjk09p5t8RK5cjweRvzooyqdy6jwyuqKyM
v9ZwI/2NvX4vrKZnHmN1WZA84uTFlHaqS3DiLZMJg+2o1iy/eNHQcbBpthqqr2bp
X615ABwXFvF/dViCojGfN1L1XWKK9r8fcegxJG8iEY7tLz4QORO3HDw1i+8O2uET
aoJsdAMvPO3q
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:47:09 2024 by rpki-client on console-fra.rpki-client.org