Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/bf08c8-5057-4831-93f7-ae02e91af8d9/1/63AEQffITmMuVzverixJ_dXu4sk.roa
File:                     63AEQffITmMuVzverixJ_dXu4sk.roa (raw, json)
Hash identifier:          TgLq3yR2u0y44yVL5JjO6SYfl3pTSpzXPQrlJoI/h3U=
Subject key identifier:   EB:70:04:41:F7:C8:4E:63:2E:57:3B:DE:AE:2C:49:FD:D5:EE:E2:C9
Certificate issuer:       /CN=f74799f7f1848d13b0ff25f455f7f3776ae5e09e
Certificate serial:       018CC795898FC86B6C103E86C680AD4C561C
Authority key identifier: F7:47:99:F7:F1:84:8D:13:B0:FF:25:F4:55:F7:F3:77:6A:E5:E0:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/90eZ9_GEjROw_yX0Vffzd2rl4J4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/bf08c8-5057-4831-93f7-ae02e91af8d9/1/63AEQffITmMuVzverixJ_dXu4sk.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42209
IP address blocks:        185.216.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/bf08c8-5057-4831-93f7-ae02e91af8d9/1/90eZ9_GEjROw_yX0Vffzd2rl4J4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/bf08c8-5057-4831-93f7-ae02e91af8d9/1/90eZ9_GEjROw_yX0Vffzd2rl4J4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/90eZ9_GEjROw_yX0Vffzd2rl4J4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:89:8f:c8:6b:6c:10:3e:86:c6:80:ad:4c:56:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f74799f7f1848d13b0ff25f455f7f3776ae5e09e
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb700441f7c84e632e573bdeae2c49fdd5eee2c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:be:77:8c:3a:75:a5:e1:19:5b:e1:36:66:28:
                    08:6c:e6:25:99:e6:a7:b3:79:1d:ff:f5:9d:32:4f:
                    0e:91:b1:ef:0c:b4:97:41:e8:3a:b1:e0:c5:1f:a7:
                    69:d4:bc:ee:7a:b9:41:ec:bd:28:b4:10:91:d9:d1:
                    80:81:43:e6:32:3e:4f:e5:78:d6:6c:2f:a5:60:56:
                    a3:ef:e7:5d:c6:7a:cc:7d:71:68:e6:fd:9b:1a:d0:
                    4d:5b:e9:30:01:6c:16:71:40:92:35:72:53:38:c0:
                    2a:88:f3:26:2f:06:5d:71:21:40:bb:3a:7e:79:b2:
                    b3:db:f8:e6:18:0d:b4:7d:b0:34:2b:ae:59:85:70:
                    d8:d4:4a:36:15:31:b6:95:e1:8c:7a:20:d8:37:27:
                    b2:2c:4c:6e:93:ad:23:eb:6d:fd:f3:5a:9c:f1:ac:
                    fd:3a:d3:1f:96:0f:9a:e4:13:e9:34:d0:13:1e:fc:
                    e0:c5:77:51:6c:c6:1e:26:1e:ab:0e:51:65:ed:e4:
                    2f:8b:6b:6e:a8:02:a4:8d:00:d5:6f:82:3b:20:80:
                    3c:79:9d:15:a5:37:29:e6:44:15:8d:f7:ab:83:49:
                    27:ef:33:3e:08:10:86:74:ea:57:78:b4:1c:a3:2e:
                    b5:05:fe:20:3f:0e:b0:54:e3:64:ac:d7:33:6c:ab:
                    82:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:70:04:41:F7:C8:4E:63:2E:57:3B:DE:AE:2C:49:FD:D5:EE:E2:C9
            X509v3 Authority Key Identifier:
                keyid:F7:47:99:F7:F1:84:8D:13:B0:FF:25:F4:55:F7:F3:77:6A:E5:E0:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/90eZ9_GEjROw_yX0Vffzd2rl4J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bf08c8-5057-4831-93f7-ae02e91af8d9/1/63AEQffITmMuVzverixJ_dXu4sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bf08c8-5057-4831-93f7-ae02e91af8d9/1/90eZ9_GEjROw_yX0Vffzd2rl4J4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:7d:a2:dd:78:09:08:e9:91:c2:12:40:ef:23:da:03:11:8c:
         93:6a:0d:30:61:f1:4d:4d:ac:6d:50:b7:ff:87:52:36:80:dd:
         e5:b0:d7:43:36:a1:a7:c3:6f:af:10:6b:ab:b3:32:94:e9:ae:
         9a:bc:34:69:a3:16:b4:8d:6b:6c:8e:7e:13:8f:56:c2:e3:b6:
         1b:9e:e8:c3:7c:22:31:6b:3f:03:0f:59:86:d6:9f:66:e3:0c:
         c1:c5:96:32:e0:e4:da:91:0d:55:97:3b:60:b5:43:82:51:80:
         c1:5e:37:09:ed:9f:52:75:cf:25:e8:78:1e:da:d0:4b:94:40:
         2f:04:50:41:55:26:00:77:31:67:c8:65:a1:6f:2c:e3:dc:cc:
         f8:7e:4d:79:be:ed:2a:5f:4f:d3:87:2b:96:9c:9d:9f:c0:54:
         2c:94:a1:4c:49:f5:2c:3e:77:1d:37:3e:db:cb:7d:aa:c6:6f:
         aa:36:1f:44:59:05:0c:7b:0b:6b:3c:69:89:bb:e0:45:87:e1:
         eb:01:5d:c7:a6:a7:18:3f:ce:2c:8e:e4:14:c9:fb:bb:db:e5:
         47:a1:72:7e:26:7b:13:08:83:d8:eb:18:7b:df:b1:25:3f:34:
         5a:84:53:23:b3:b9:3c:77:d5:c8:68:49:cf:06:e1:f3:aa:2c:
         3b:8f:b7:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlYmPyGtsED6GxoCtTFYcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NDc5OWY3ZjE4NDhkMTNiMGZmMjVmNDU1ZjdmMzc3NmFl
NWUwOWUwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjcwMDQ0MWY3Yzg0ZTYzMmU1NzNiZGVhZTJjNDlmZGQ1ZWVlMmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiL53jDp1peEZW+E2ZigIbOYlmean
s3kd//WdMk8OkbHvDLSXQeg6seDFH6dp1LzuerlB7L0otBCR2dGAgUPmMj5P5XjW
bC+lYFaj7+ddxnrMfXFo5v2bGtBNW+kwAWwWcUCSNXJTOMAqiPMmLwZdcSFAuzp+
ebKz2/jmGA20fbA0K65ZhXDY1Eo2FTG2leGMeiDYNyeyLExuk60j623981qc8az9
OtMflg+a5BPpNNATHvzgxXdRbMYeJh6rDlFl7eQvi2tuqAKkjQDVb4I7IIA8eZ0V
pTcp5kQVjferg0kn7zM+CBCGdOpXeLQcoy61Bf4gPw6wVONkrNczbKuChQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtwBEH3yE5jLlc73q4sSf3V7uLJMB8GA1UdIwQY
MBaAFPdHmffxhI0TsP8l9FX383dq5eCeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTBlWjlfR0VqUk93X3lYMFZmZnpkMnJsNEo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9iZjA4YzgtNTA1Ny00ODMxLTkzZjct
YWUwMmU5MWFmOGQ5LzEvNjNBRVFmZklUbU11Vnp2ZXJpeEpfZFh1NHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9iZjA4YzgtNTA1Ny00ODMxLTkzZjctYWUwMmU5MWFmOGQ5
LzEvOTBlWjlfR0VqUk93X3lYMFZmZnpkMnJsNEo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudgzMA0G
CSqGSIb3DQEBCwUAA4IBAQBffaLdeAkI6ZHCEkDvI9oDEYyTag0wYfFNTaxtULf/
h1I2gN3lsNdDNqGnw2+vEGurszKU6a6avDRpoxa0jWtsjn4Tj1bC47YbnujDfCIx
az8DD1mG1p9m4wzBxZYy4OTakQ1VlztgtUOCUYDBXjcJ7Z9Sdc8l6Hge2tBLlEAv
BFBBVSYAdzFnyGWhbyzj3Mz4fk15vu0qX0/ThyuWnJ2fwFQslKFMSfUsPncdNz7b
y32qxm+qNh9EWQUMewtrPGmJu+BFh+HrAV3HpqcYP84sjuQUyfu72+VHoXJ+JnsT
CIPY6xh737ElPzRahFMjs7k8d9XIaEnPBuHzqiw7j7dk
-----END CERTIFICATE-----