Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/3qq6o7e9LSH7mJWTjqi3lyFqw5U.roa
File:                     3qq6o7e9LSH7mJWTjqi3lyFqw5U.roa (raw, json)
Hash identifier:          dho1GYRt0l2Wr3tggGU32gbZxI5GFSZvfLpy8Tsgxo0=
Subject key identifier:   DE:AA:BA:A3:B7:BD:2D:21:FB:98:95:93:8E:A8:B7:97:21:6A:C3:95
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F51E3E0A52DCE44137A9F06B6D8C2
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/3qq6o7e9LSH7mJWTjqi3lyFqw5U.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48080
IP address blocks:        87.251.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:51:e3:e0:a5:2d:ce:44:13:7a:9f:06:b6:d8:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=deaabaa3b7bd2d21fb9895938ea8b797216ac395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8d:8c:b1:98:a3:12:16:ea:ca:69:a8:e4:43:
                    c1:77:0d:01:bc:ab:70:08:64:91:01:2f:08:7e:15:
                    96:5d:0e:25:f3:f9:8b:3b:4b:06:4e:a8:b3:e1:09:
                    4c:53:c6:02:21:54:e5:b5:92:84:2a:97:4a:87:76:
                    89:89:b1:16:59:0b:67:5f:dd:62:7f:63:84:ed:24:
                    1a:85:84:ff:98:7c:5e:46:4d:6e:4d:0e:68:09:d9:
                    0b:b8:97:c5:05:0f:51:20:57:b0:e3:c9:5e:4a:e9:
                    c7:e0:46:cc:0b:1b:0b:e1:33:8e:48:36:65:5c:ec:
                    d1:5f:1a:5b:1c:e4:9d:68:b3:db:e7:2a:67:a7:9c:
                    93:b0:8b:1d:6c:a6:1c:c5:94:41:95:03:8f:85:cc:
                    27:7f:86:34:d9:2c:bb:f2:73:da:3d:62:33:02:1c:
                    ea:9a:6b:73:aa:9d:2e:3b:68:2d:5f:24:23:59:60:
                    46:96:30:0c:df:0e:a4:9d:2b:d2:b6:e9:65:67:41:
                    a1:15:6b:c9:b2:51:4e:f7:cd:53:3e:04:4d:12:5b:
                    91:ff:7d:f2:80:be:bb:a3:a7:ca:0c:59:f8:2a:6e:
                    4a:26:fd:b9:e5:27:96:6d:59:46:3e:73:c0:fd:ca:
                    ee:65:bb:3a:0b:18:38:ac:e6:f4:c6:29:62:c6:a4:
                    e2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AA:BA:A3:B7:BD:2D:21:FB:98:95:93:8E:A8:B7:97:21:6A:C3:95
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/3qq6o7e9LSH7mJWTjqi3lyFqw5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:23:9f:ac:a7:98:32:bd:2a:e3:9b:ee:bf:8b:dd:03:03:02:
         c5:90:8e:c1:1f:57:6d:d1:08:53:07:b3:e4:e9:02:6c:4f:c1:
         a6:22:ec:21:30:32:cf:d2:cf:16:6d:74:af:a5:ba:b5:a4:09:
         46:54:92:0a:b9:89:f5:eb:94:66:92:06:35:a3:88:2b:40:01:
         e7:fd:b5:3c:af:d5:f3:87:62:c2:a6:80:41:9b:bb:21:14:cd:
         1c:da:f0:84:d2:27:08:91:b8:3b:52:73:d8:c5:11:03:30:e3:
         23:1a:0b:95:85:fc:55:96:c2:f5:ad:b4:36:d8:d0:c4:dd:d3:
         97:81:26:0a:49:d3:40:08:82:67:f9:cf:4d:cd:c3:89:be:5d:
         e7:89:14:88:eb:b7:95:38:33:ef:11:2d:0c:62:40:44:fd:41:
         16:bf:4a:f7:df:e1:bf:26:ae:87:b2:f4:a2:e3:a2:d7:27:67:
         9d:03:fc:c8:98:53:f0:c7:6f:de:c6:c0:18:d6:26:ea:1a:74:
         72:d8:4e:69:65:96:96:74:c6:ee:6d:26:d0:8d:5c:52:fe:ff:
         5e:2e:56:15:dd:81:e0:1c:60:79:00:48:2c:92:a0:74:d6:37:
         a1:95:d1:61:00:fd:e9:6b:6d:ce:99:0d:de:ec:66:22:8d:1e:
         08:21:d2:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1Hj4KUtzkQTep8GttjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWFhYmFhM2I3YmQyZDIxZmI5ODk1OTM4ZWE4Yjc5NzIxNmFjMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk42MsZijEhbqymmo5EPBdw0BvKtw
CGSRAS8IfhWWXQ4l8/mLO0sGTqiz4QlMU8YCIVTltZKEKpdKh3aJibEWWQtnX91i
f2OE7SQahYT/mHxeRk1uTQ5oCdkLuJfFBQ9RIFew48leSunH4EbMCxsL4TOOSDZl
XOzRXxpbHOSdaLPb5ypnp5yTsIsdbKYcxZRBlQOPhcwnf4Y02Sy78nPaPWIzAhzq
mmtzqp0uO2gtXyQjWWBGljAM3w6knSvStullZ0GhFWvJslFO981TPgRNEluR/33y
gL67o6fKDFn4Km5KJv255SeWbVlGPnPA/cruZbs6Cxg4rOb0xilixqTiVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6quqO3vS0h+5iVk46ot5chasOVMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvM3FxNm83ZTlMU0g3bUpXVGpxaTNseUZxdzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tAMA0G
CSqGSIb3DQEBCwUAA4IBAQAsI5+sp5gyvSrjm+6/i90DAwLFkI7BH1dt0QhTB7Pk
6QJsT8GmIuwhMDLP0s8WbXSvpbq1pAlGVJIKuYn165RmkgY1o4grQAHn/bU8r9Xz
h2LCpoBBm7shFM0c2vCE0icIkbg7UnPYxREDMOMjGguVhfxVlsL1rbQ22NDE3dOX
gSYKSdNACIJn+c9NzcOJvl3niRSI67eVODPvES0MYkBE/UEWv0r33+G/Jq6HsvSi
46LXJ2edA/zImFPwx2/exsAY1ibqGnRy2E5pZZaWdMbubSbQjVxS/v9eLlYV3YHg
HGB5AEgskqB01jehldFhAP3pa23OmQ3e7GYijR4IIdJJ
-----END CERTIFICATE-----