Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Z9ln1zHGg4dXPHdYUCwUEGik6Z4.roa
File:                     Z9ln1zHGg4dXPHdYUCwUEGik6Z4.roa (raw, json)
Hash identifier:          8BnER/mvx0nzyN/lQ+wslvkmwX7mangYsFUR9zE4o60=
Subject key identifier:   67:D9:67:D7:31:C6:83:87:57:3C:77:58:50:2C:14:10:68:A4:E9:9E
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F59113D69419C87B37428777E3139
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Z9ln1zHGg4dXPHdYUCwUEGik6Z4.roa
Signing time:             Tue 02 Jan 2024 04:29:49 +0000
ROA not before:           Tue 02 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215881
IP address blocks:        87.251.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:59:11:3d:69:41:9c:87:b3:74:28:77:7e:31:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67d967d731c68387573c7758502c141068a4e99e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ea:fe:68:6a:9e:aa:72:64:af:d1:bf:32:9e:
                    ca:96:d6:0c:72:fe:27:f2:a8:5b:ef:06:a8:b0:e9:
                    c0:75:56:b8:bd:01:ff:e1:ea:e8:bb:ba:3c:f1:18:
                    9b:f3:8b:83:27:88:27:90:4e:9b:59:ad:34:47:f9:
                    ac:a2:13:fd:d1:93:3a:2d:22:e6:02:a1:5f:5b:ec:
                    da:3e:f9:06:7c:2c:e7:5f:83:c8:bc:63:5e:13:29:
                    93:bc:52:cc:65:9c:bf:ad:e0:c9:6f:dc:7c:ac:92:
                    6f:c3:6c:66:d2:9e:07:67:98:6b:c2:f2:4d:a3:10:
                    fc:6f:3d:9f:8a:1d:49:98:0c:db:37:2c:97:cb:63:
                    f9:40:a9:31:26:3f:d7:0f:4d:eb:cb:4f:d9:4c:87:
                    6e:c8:c7:1a:fd:12:8f:b3:4b:50:f7:a3:9e:74:c8:
                    73:53:94:37:89:4e:dc:05:e3:ff:eb:70:c3:45:1f:
                    18:53:8a:76:aa:a5:8e:ba:d0:66:ca:ec:44:3b:f8:
                    03:c2:ee:1d:f4:33:46:7d:3a:35:01:f8:69:b9:d4:
                    08:f8:bc:1f:20:ac:ca:d3:90:15:b4:bb:06:63:4d:
                    66:81:28:88:93:4c:08:af:db:19:e0:29:34:d9:98:
                    f1:53:42:be:e9:71:b2:6e:58:23:0e:ab:5e:f4:77:
                    f7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D9:67:D7:31:C6:83:87:57:3C:77:58:50:2C:14:10:68:A4:E9:9E
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Z9ln1zHGg4dXPHdYUCwUEGik6Z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f4:7b:50:6e:60:dd:ba:89:16:07:d1:1d:d1:26:6e:a9:92:
         e3:40:5d:f5:ee:39:23:d5:c8:8e:92:e9:e3:08:86:0d:6a:9e:
         22:0a:a1:c7:d9:5b:d9:7d:f3:b3:3c:47:5d:1d:a4:39:c9:07:
         85:d5:10:ad:ff:9f:e1:26:44:98:85:e9:05:72:d1:78:ed:44:
         63:48:2e:a7:20:91:8b:fc:9e:d4:c5:39:eb:b0:90:cb:5c:17:
         e0:97:bc:31:e1:60:89:3e:98:2a:34:b5:57:fc:2a:6b:78:51:
         25:fa:e6:6d:53:47:5b:d6:5d:82:77:ad:b8:c2:b7:84:7d:4c:
         6b:60:e5:cb:33:68:3c:ad:2a:ca:38:f1:01:0d:e9:ed:ce:47:
         7b:a8:e7:d7:cb:43:64:a7:6f:b5:1d:95:41:ba:7f:a5:14:7f:
         61:b4:d3:8c:e7:30:2a:5e:3b:f9:a6:4f:d7:69:8a:84:d8:a9:
         d3:9e:54:eb:73:f4:bc:6d:19:72:88:c7:82:17:9b:77:fb:17:
         d5:ea:c1:81:e7:72:c0:1a:3b:94:64:a2:94:d1:7b:40:ac:e2:
         ca:2b:9e:82:53:66:f3:93:e9:48:4b:af:b3:fa:2a:cd:74:84:
         17:75:2e:82:7a:a7:5b:02:24:0c:25:ff:a7:96:2a:12:21:4a:
         9d:23:f6:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1kRPWlBnIezdCh3fjE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q5NjdkNzMxYzY4Mzg3NTczYzc3NTg1MDJjMTQxMDY4YTRlOTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgur+aGqeqnJkr9G/Mp7KltYMcv4n
8qhb7waosOnAdVa4vQH/4erou7o88Rib84uDJ4gnkE6bWa00R/msohP90ZM6LSLm
AqFfW+zaPvkGfCznX4PIvGNeEymTvFLMZZy/reDJb9x8rJJvw2xm0p4HZ5hrwvJN
oxD8bz2fih1JmAzbNyyXy2P5QKkxJj/XD03ry0/ZTIduyMca/RKPs0tQ96OedMhz
U5Q3iU7cBeP/63DDRR8YU4p2qqWOutBmyuxEO/gDwu4d9DNGfTo1AfhpudQI+Lwf
IKzK05AVtLsGY01mgSiIk0wIr9sZ4Ck02ZjxU0K+6XGyblgjDqte9Hf3ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfZZ9cxxoOHVzx3WFAsFBBopOmeMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvWjlsbjF6SEdnNGRYUEhkWVVDd1VFR2lrNlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tKMA0G
CSqGSIb3DQEBCwUAA4IBAQA39HtQbmDduokWB9Ed0SZuqZLjQF317jkj1ciOkunj
CIYNap4iCqHH2VvZffOzPEddHaQ5yQeF1RCt/5/hJkSYhekFctF47URjSC6nIJGL
/J7UxTnrsJDLXBfgl7wx4WCJPpgqNLVX/CpreFEl+uZtU0db1l2Cd624wreEfUxr
YOXLM2g8rSrKOPEBDentzkd7qOfXy0Nkp2+1HZVBun+lFH9htNOM5zAqXjv5pk/X
aYqE2KnTnlTrc/S8bRlyiMeCF5t3+xfV6sGB53LAGjuUZKKU0XtArOLKK56CU2bz
k+lIS6+z+irNdIQXdS6CeqdbAiQMJf+nlioSIUqdI/bC
-----END CERTIFICATE-----