Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/XHgWcdgiF6OT-5UTQ3RXeJVj7Hk.roa
File:                     XHgWcdgiF6OT-5UTQ3RXeJVj7Hk.roa (raw, json)
Hash identifier:          QDB2vUqc8UGGS3i0XOSWM8X9BPgcotRpYF+dKhbrNTM=
Subject key identifier:   5C:78:16:71:D8:22:17:A3:93:FB:95:13:43:74:57:78:95:63:EC:79
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019154B9AABE0D625FD01A239FC263FF19B9
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/XHgWcdgiF6OT-5UTQ3RXeJVj7Hk.roa
Signing time:             Thu 15 Aug 2024 06:28:59 +0000
ROA not before:           Thu 15 Aug 2024 06:28:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49993
IP address blocks:        87.251.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:54:b9:aa:be:0d:62:5f:d0:1a:23:9f:c2:63:ff:19:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Aug 15 06:28:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c781671d82217a393fb9513437457789563ec79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d5:44:b4:aa:a1:e2:fc:bd:19:90:0e:98:a5:
                    e7:9e:db:4d:95:e1:b3:f5:0d:5b:36:32:42:24:f7:
                    af:ef:59:fd:63:58:63:00:40:83:8d:52:cc:41:7f:
                    9d:b3:fa:3f:4e:d1:23:a7:6d:67:99:29:63:c1:60:
                    7f:6b:89:21:10:c7:35:59:b4:96:5e:2a:d9:05:c1:
                    af:53:b5:5f:e0:1b:fe:18:fa:ff:2d:93:9e:3d:93:
                    87:c7:5f:cf:0d:26:6a:f4:7e:6a:da:df:11:b1:4b:
                    4f:79:26:70:b0:38:a6:af:20:34:85:19:63:f3:bd:
                    bd:e6:c5:37:e2:84:58:93:65:86:bc:2e:d0:97:ee:
                    ce:0d:5f:d5:eb:f5:b5:50:6f:55:d9:26:8f:b8:65:
                    8e:90:82:00:34:47:3b:9d:3a:4f:46:6a:01:65:69:
                    7d:86:40:d4:f2:e3:52:c9:a1:31:26:7b:91:45:50:
                    8f:67:4b:63:26:88:02:f4:bd:7f:8c:29:db:a3:c9:
                    ec:a5:de:fe:8a:fb:f3:06:c0:b4:b3:c0:17:42:ee:
                    04:d1:ac:fa:18:f9:49:a6:57:86:3e:0f:ca:fb:33:
                    33:b7:8e:39:90:11:17:1f:bb:5f:a7:18:fe:be:6e:
                    c8:e9:09:18:e0:47:54:ed:96:a7:88:0e:60:81:d8:
                    15:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:78:16:71:D8:22:17:A3:93:FB:95:13:43:74:57:78:95:63:EC:79
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/XHgWcdgiF6OT-5UTQ3RXeJVj7Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:f8:40:29:1e:be:d4:e0:4b:ea:9d:e7:67:aa:f3:0c:87:ce:
         10:9a:ff:e2:9d:e9:f8:f7:3f:aa:3a:ae:11:53:4d:77:d6:b5:
         d9:bf:d6:ed:8f:b9:9f:5b:86:d4:e2:18:07:fe:ea:42:2c:95:
         f1:a0:c7:07:57:df:11:85:e9:03:10:de:fb:93:7c:c4:0b:8c:
         b8:1b:f4:fd:18:38:a7:14:a9:13:2c:bd:bf:3d:73:31:90:0a:
         b9:c8:12:d7:88:2a:fd:ba:f5:f0:82:44:0c:65:ef:ec:46:6c:
         92:be:ca:6a:ab:5d:69:e3:d8:91:18:81:79:a3:b9:d0:bd:5b:
         6b:37:ab:fd:cc:36:ad:16:94:e8:b0:02:43:1e:e6:d3:26:30:
         db:30:f2:76:2c:34:fc:d6:2d:c4:68:98:9e:74:b1:de:77:90:
         e4:79:ee:e3:9e:9c:98:60:b9:d9:4c:2b:67:42:43:37:9f:09:
         d9:83:a4:78:ca:78:79:11:ce:7d:da:93:e1:70:61:38:81:42:
         87:b7:b6:3f:70:cc:fe:b3:17:09:ef:61:8d:ed:43:7b:7f:c8:
         2d:39:8f:1e:f3:5f:27:82:d0:04:ee:0f:64:25:52:a1:82:d4:
         1b:60:69:7a:21:05:de:a9:a3:d0:63:eb:d1:63:28:b4:12:af:
         fb:31:ed:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFUuaq+DWJf0Bojn8Jj/xm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwODE1MDYyODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzc4MTY3MWQ4MjIxN2EzOTNmYjk1MTM0Mzc0NTc3ODk1NjNlYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNVEtKqh4vy9GZAOmKXnnttNleGz
9Q1bNjJCJPev71n9Y1hjAECDjVLMQX+ds/o/TtEjp21nmSljwWB/a4khEMc1WbSW
XirZBcGvU7Vf4Bv+GPr/LZOePZOHx1/PDSZq9H5q2t8RsUtPeSZwsDimryA0hRlj
87295sU34oRYk2WGvC7Ql+7ODV/V6/W1UG9V2SaPuGWOkIIANEc7nTpPRmoBZWl9
hkDU8uNSyaExJnuRRVCPZ0tjJogC9L1/jCnbo8nspd7+ivvzBsC0s8AXQu4E0az6
GPlJpleGPg/K+zMzt445kBEXH7tfpxj+vm7I6QkY4EdU7ZaniA5ggdgVBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx4FnHYIhejk/uVE0N0V3iVY+x5MB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvWEhnV2NkZ2lGNk9ULTVVVFEzUlhlSlZqN0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tMMA0G
CSqGSIb3DQEBCwUAA4IBAQBC+EApHr7U4EvqnednqvMMh84Qmv/inen49z+qOq4R
U0131rXZv9btj7mfW4bU4hgH/upCLJXxoMcHV98RhekDEN77k3zEC4y4G/T9GDin
FKkTLL2/PXMxkAq5yBLXiCr9uvXwgkQMZe/sRmySvspqq11p49iRGIF5o7nQvVtr
N6v9zDatFpTosAJDHubTJjDbMPJ2LDT81i3EaJiedLHed5Dkee7jnpyYYLnZTCtn
QkM3nwnZg6R4ynh5Ec592pPhcGE4gUKHt7Y/cMz+sxcJ72GN7UN7f8gtOY8e818n
gtAE7g9kJVKhgtQbYGl6IQXeqaPQY+vRYyi0Eq/7Me0T
-----END CERTIFICATE-----