Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/VrEU9PE5EfCqbrb7nZMyqxga0y4.roa
File:                     VrEU9PE5EfCqbrb7nZMyqxga0y4.roa (raw, json)
Hash identifier:          pCI3583YgOq3CB+JSxU25k69djgvqQV7uPOrhj4rCz8=
Subject key identifier:   56:B1:14:F4:F1:39:11:F0:AA:6E:B6:FB:9D:93:32:AB:18:1A:D3:2E
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019424452C3F35910104240E3BB8406CFEC5
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/VrEU9PE5EfCqbrb7nZMyqxga0y4.roa
Signing time:             Wed 01 Jan 2025 23:48:20 +0000
ROA not before:           Wed 01 Jan 2025 23:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400992
IP address blocks:        87.251.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:2c:3f:35:91:01:04:24:0e:3b:b8:40:6c:fe:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  1 23:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56b114f4f13911f0aa6eb6fb9d9332ab181ad32e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e5:c3:c8:75:b7:7a:c9:8f:b0:76:0a:56:a9:
                    74:ea:de:9c:02:87:d3:2c:88:53:70:b1:e1:95:63:
                    8e:c6:52:02:ef:1a:ab:0e:d1:84:6d:c9:f8:56:4e:
                    9c:f3:5d:71:5f:ef:6c:10:c1:f2:4e:95:98:d8:b2:
                    4a:cf:3e:6a:ff:55:d4:82:91:6e:ef:21:88:b0:7d:
                    64:bc:05:a0:19:b6:1e:eb:e5:ba:30:87:85:f8:bd:
                    d4:2e:2c:7f:ad:f7:76:2e:1d:58:65:25:a5:ec:f6:
                    5c:23:aa:d4:c0:27:42:95:82:8b:21:5c:d7:27:6f:
                    b5:b9:6d:f5:50:a5:80:e1:0a:f5:9f:66:86:c4:01:
                    c6:b9:fa:33:48:20:19:8a:ea:96:db:af:fa:22:25:
                    c8:00:65:33:ae:38:c0:cc:c8:b1:da:9c:18:1c:cd:
                    3f:4a:8f:81:4b:0c:29:6f:2c:20:eb:18:aa:1f:70:
                    e1:c7:87:01:15:f1:12:92:cc:d3:c5:82:6b:3c:7c:
                    3c:59:5b:02:b3:95:11:27:c8:24:ab:fc:4e:74:bd:
                    4e:52:ae:51:56:49:60:0b:5c:46:7e:da:ee:d0:66:
                    fb:0a:de:b6:e0:0c:90:45:18:9c:0c:f7:11:15:1b:
                    29:5c:c5:12:f5:ff:24:c4:f6:f5:28:fd:49:ea:8d:
                    88:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B1:14:F4:F1:39:11:F0:AA:6E:B6:FB:9D:93:32:AB:18:1A:D3:2E
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/VrEU9PE5EfCqbrb7nZMyqxga0y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:59:01:b3:8d:d5:8b:5d:1a:a2:3e:02:7e:a2:ac:aa:44:2b:
         6b:16:e3:44:89:dd:19:ba:96:f6:2d:fb:55:1d:29:ff:55:c4:
         ad:fa:3e:ca:27:2b:3a:f0:d3:a4:c5:9e:52:10:4f:48:81:e0:
         37:7d:49:85:35:63:83:ef:00:65:ed:6b:ea:34:d5:c0:95:8a:
         72:52:49:12:3e:c9:c7:7c:b1:0c:df:c1:fe:ab:7d:15:d0:44:
         bf:63:be:a7:bd:d5:59:e9:f0:3f:3c:db:69:06:29:99:39:09:
         6b:35:7c:5e:80:53:29:92:88:c5:e7:85:3a:8a:9e:ef:8f:d0:
         16:a6:5a:ff:9c:74:5a:3f:30:63:75:11:db:fa:7a:8f:5d:7d:
         68:28:5d:81:20:b6:41:2a:2a:47:15:02:ed:07:93:1f:28:f5:
         f9:d5:84:b0:98:e3:7c:f6:5d:57:79:62:e3:8e:1b:55:26:38:
         7b:92:c6:77:44:50:c1:e7:85:4e:46:ef:19:24:06:d6:3b:74:
         26:c9:c1:5c:47:d5:71:9e:56:e3:52:ac:f9:9c:6e:e2:3b:9a:
         7a:4a:dc:1c:14:31:f2:d3:c1:d1:74:ab:e9:75:a2:2a:1e:96:
         10:ce:0f:ad:32:80:b6:a0:93:a5:2b:c3:33:ab:f2:95:84:b6:
         70:1b:d5:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRSw/NZEBBCQOO7hAbP7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjUwMTAxMjM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmIxMTRmNGYxMzkxMWYwYWE2ZWI2ZmI5ZDkzMzJhYjE4MWFkMzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeXDyHW3esmPsHYKVql06t6cAofT
LIhTcLHhlWOOxlIC7xqrDtGEbcn4Vk6c811xX+9sEMHyTpWY2LJKzz5q/1XUgpFu
7yGIsH1kvAWgGbYe6+W6MIeF+L3ULix/rfd2Lh1YZSWl7PZcI6rUwCdClYKLIVzX
J2+1uW31UKWA4Qr1n2aGxAHGufozSCAZiuqW26/6IiXIAGUzrjjAzMix2pwYHM0/
So+BSwwpbywg6xiqH3Dhx4cBFfESkszTxYJrPHw8WVsCs5URJ8gkq/xOdL1OUq5R
VklgC1xGftru0Gb7Ct624AyQRRicDPcRFRspXMUS9f8kxPb1KP1J6o2IYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaxFPTxORHwqm62+52TMqsYGtMuMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvVnJFVTlQRTVFZkNxYnJiN25aTXlxeGdhMHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tPMA0G
CSqGSIb3DQEBCwUAA4IBAQACWQGzjdWLXRqiPgJ+oqyqRCtrFuNEid0Zupb2LftV
HSn/VcSt+j7KJys68NOkxZ5SEE9IgeA3fUmFNWOD7wBl7WvqNNXAlYpyUkkSPsnH
fLEM38H+q30V0ES/Y76nvdVZ6fA/PNtpBimZOQlrNXxegFMpkojF54U6ip7vj9AW
plr/nHRaPzBjdRHb+nqPXX1oKF2BILZBKipHFQLtB5MfKPX51YSwmON89l1XeWLj
jhtVJjh7ksZ3RFDB54VORu8ZJAbWO3QmycFcR9VxnlbjUqz5nG7iO5p6StwcFDHy
08HRdKvpdaIqHpYQzg+tMoC2oJOlK8Mzq/KVhLZwG9VR
-----END CERTIFICATE-----