Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LErV8nfxsWpT9ezFw3FbLjFWDA0.roa
File:                     LErV8nfxsWpT9ezFw3FbLjFWDA0.roa (raw, json)
Hash identifier:          GFdZ+U74Y4GTc+lpJIuPWrD8+5tzbAYvpdHEJL7dJXM=
Subject key identifier:   2C:4A:D5:F2:77:F1:B1:6A:53:F5:EC:C5:C3:71:5B:2E:31:56:0C:0D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019755FAA3342EB131FEB423D85F3973F93D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LErV8nfxsWpT9ezFw3FbLjFWDA0.roa
Signing time:             Mon 09 Jun 2025 18:36:18 +0000
ROA not before:           Mon 09 Jun 2025 18:36:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211439
IP address blocks:        163.5.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 04:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:55:fa:a3:34:2e:b1:31:fe:b4:23:d8:5f:39:73:f9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  9 18:36:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c4ad5f277f1b16a53f5ecc5c3715b2e31560c0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:57:db:a4:7f:c4:ad:57:82:ab:e9:7f:46:aa:
                    ec:4b:1d:ea:2a:49:d6:66:d1:b5:cc:6b:e6:96:13:
                    27:32:84:65:2d:a1:a0:d3:b5:39:3b:e0:99:6f:30:
                    af:3c:b0:8c:f4:b8:91:61:31:92:d4:ba:9d:f1:52:
                    73:24:68:d8:73:99:27:41:93:ca:ac:83:16:76:22:
                    b7:d6:f4:fa:1b:b2:06:d4:9f:7c:21:0e:b4:5d:66:
                    b3:d1:af:26:9c:1f:79:50:7c:32:ad:fa:66:1a:03:
                    21:8e:c3:ed:9b:e7:87:a5:26:47:bf:af:68:b7:87:
                    dc:af:60:37:92:77:c5:7d:a4:00:80:db:8c:19:c6:
                    e0:b8:e4:39:9f:ee:c5:78:a2:2e:8e:01:92:c5:ae:
                    4e:65:c9:45:e7:f6:6b:fa:2e:45:23:34:7d:3f:d4:
                    f9:94:14:43:04:2d:bb:f3:14:cf:e7:3b:55:8f:7c:
                    c6:ad:ce:81:b6:cf:68:e1:b6:24:c7:bc:52:28:17:
                    36:53:de:1e:8d:c6:91:0a:ec:aa:2e:51:b7:97:af:
                    e3:54:9c:25:25:cc:b5:94:fe:98:07:7f:28:45:a4:
                    67:36:73:08:c8:2b:bb:07:2b:ff:6f:a0:3d:9e:ca:
                    91:d9:8c:6e:08:77:96:96:b0:2b:50:a1:7d:55:5c:
                    38:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4A:D5:F2:77:F1:B1:6A:53:F5:EC:C5:C3:71:5B:2E:31:56:0C:0D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LErV8nfxsWpT9ezFw3FbLjFWDA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:2f:25:ef:56:f5:5b:35:0d:3e:73:75:65:89:70:f7:44:2b:
         95:22:a8:70:d9:d8:13:d6:29:5c:0a:ce:ea:20:94:87:4a:bd:
         de:db:d5:1c:ca:ed:70:70:74:d4:17:07:1b:fd:0d:02:ba:f8:
         1a:8b:df:4f:f2:96:1e:eb:7f:24:54:e7:dd:82:47:c7:05:fe:
         c4:0c:d4:0f:88:ab:84:75:cc:6d:03:19:95:83:da:e0:a7:33:
         85:6e:96:e6:4a:5f:62:dd:84:b7:64:0f:c5:cf:80:3d:44:27:
         e7:08:19:19:14:a9:bd:73:61:ef:89:c1:05:c2:01:98:00:71:
         85:cb:db:75:75:8c:be:e7:1d:91:14:fe:24:8a:36:12:ab:a2:
         63:31:1d:37:fb:d9:2c:49:0b:44:40:0c:cf:fb:c1:7a:4a:ca:
         60:3b:92:4d:4d:ed:93:a5:d0:ee:9d:a6:a1:f7:f1:fd:a2:d1:
         d3:7c:f7:47:1a:f1:22:b7:c8:16:d8:ca:72:be:29:18:5b:15:
         5a:a0:b8:53:55:66:04:b7:14:fa:1e:22:4c:5a:cf:c4:17:45:
         d9:b6:75:4b:da:0c:99:8f:3e:45:48:39:b8:ce:d6:c4:04:b9:
         8f:b1:8c:7a:55:74:ac:09:3e:c8:45:0a:5a:a5:9e:8d:3c:31:
         6d:38:74:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdV+qM0LrEx/rQj2F85c/k9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNjA5MTgzNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzRhZDVmMjc3ZjFiMTZhNTNmNWVjYzVjMzcxNWIyZTMxNTYwYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFfbpH/ErVeCq+l/RqrsSx3qKknW
ZtG1zGvmlhMnMoRlLaGg07U5O+CZbzCvPLCM9LiRYTGS1Lqd8VJzJGjYc5knQZPK
rIMWdiK31vT6G7IG1J98IQ60XWaz0a8mnB95UHwyrfpmGgMhjsPtm+eHpSZHv69o
t4fcr2A3knfFfaQAgNuMGcbguOQ5n+7FeKIujgGSxa5OZclF5/Zr+i5FIzR9P9T5
lBRDBC278xTP5ztVj3zGrc6Bts9o4bYkx7xSKBc2U94ejcaRCuyqLlG3l6/jVJwl
Jcy1lP6YB38oRaRnNnMIyCu7Byv/b6A9nsqR2YxuCHeWlrArUKF9VVw48wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxK1fJ38bFqU/XsxcNxWy4xVgwNMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTEVyVjhuZnhzV3BUOWV6RnczRmJMakZXREEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVxMA0G
CSqGSIb3DQEBCwUAA4IBAQBDLyXvVvVbNQ0+c3VliXD3RCuVIqhw2dgT1ilcCs7q
IJSHSr3e29Ucyu1wcHTUFwcb/Q0Cuvgai99P8pYe638kVOfdgkfHBf7EDNQPiKuE
dcxtAxmVg9rgpzOFbpbmSl9i3YS3ZA/Fz4A9RCfnCBkZFKm9c2HvicEFwgGYAHGF
y9t1dYy+5x2RFP4kijYSq6JjMR03+9ksSQtEQAzP+8F6SspgO5JNTe2TpdDunaah
9/H9otHTfPdHGvEit8gW2MpyvikYWxVaoLhTVWYEtxT6HiJMWs/EF0XZtnVL2gyZ
jz5FSDm4ztbEBLmPsYx6VXSsCT7IRQpapZ6NPDFtOHRu
-----END CERTIFICATE-----