Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/a8OQkvKCwaalzHJV8ZnmdhdEec8.roa
File:                     a8OQkvKCwaalzHJV8ZnmdhdEec8.roa (raw, json)
Hash identifier:          u0BT7utTh1usGrC4FywgdWEqhgBE9AVHaQJlUIGy4U4=
Subject key identifier:   6B:C3:90:92:F2:82:C1:A6:A5:CC:72:55:F1:99:E6:76:17:44:79:CF
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F51208AFC97B4D1D6EEC2BCC881CF
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/a8OQkvKCwaalzHJV8ZnmdhdEec8.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16262
IP address blocks:        87.251.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:51:20:8a:fc:97:b4:d1:d6:ee:c2:bc:c8:81:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bc39092f282c1a6a5cc7255f199e676174479cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:32:50:f0:7e:86:32:e8:14:98:3f:97:4f:a7:
                    fb:6e:85:8b:9a:05:85:3c:41:aa:fc:7c:85:2a:37:
                    86:05:c8:9b:a8:a3:a2:d8:28:16:71:2d:32:72:ac:
                    0e:a0:91:38:b8:09:f5:4f:90:82:94:80:30:04:80:
                    c8:51:8c:36:b9:2c:3d:f8:e9:b4:f2:fb:3c:7f:0a:
                    b6:f1:e1:9e:d0:ab:6a:dd:a2:4b:d4:90:09:e9:2b:
                    fe:c1:df:0f:6e:06:ec:f8:cf:7a:80:a6:62:13:a9:
                    44:10:73:2b:ab:bd:5d:6e:14:79:56:2f:5a:3b:3c:
                    47:44:c7:10:46:f9:e7:32:fa:db:39:20:5d:d4:6d:
                    9c:54:ed:26:9f:dc:04:32:9e:0f:47:ba:73:65:27:
                    10:0f:18:1f:31:6d:11:f7:86:f1:75:8e:2d:67:2a:
                    36:e8:97:94:d6:50:74:b1:53:37:ec:cd:39:b7:f5:
                    53:5e:27:e5:ae:97:78:56:09:5d:e9:66:33:8f:f7:
                    c7:f5:cc:50:7d:73:22:df:eb:36:ff:96:12:f5:c3:
                    66:82:d7:97:63:41:4f:13:b3:a2:91:2d:5d:a5:99:
                    30:48:37:22:79:90:92:3c:19:8c:4e:35:07:13:ee:
                    a2:dd:7c:2c:cd:50:7f:fd:2e:cb:e2:98:d6:a6:09:
                    96:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:C3:90:92:F2:82:C1:A6:A5:CC:72:55:F1:99:E6:76:17:44:79:CF
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/a8OQkvKCwaalzHJV8ZnmdhdEec8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:df:81:e1:df:df:e2:c0:23:80:46:b9:1a:3f:79:5b:4e:36:
         81:3d:e5:78:f0:c3:13:10:96:89:e6:69:d4:7f:71:70:a7:ee:
         22:88:9a:89:c9:51:49:88:61:34:52:26:c2:e7:19:b9:27:ce:
         83:45:44:9e:a2:33:0d:1d:f6:2e:c5:31:0f:d4:d3:82:29:7a:
         d1:26:e2:a6:dd:e5:c0:4b:88:5a:13:0d:ad:b9:cc:6b:01:f9:
         98:de:79:0b:94:96:05:76:f9:69:c3:01:51:36:37:41:66:b3:
         33:8d:a7:81:41:f3:e9:0a:ff:db:dc:41:7b:eb:e8:f2:e9:a7:
         9b:61:4d:c1:01:75:08:73:36:93:1e:fc:91:00:30:b6:af:7d:
         ce:65:7d:46:90:f4:5d:00:4b:a0:f7:06:03:ae:43:7d:1f:e2:
         2c:c4:9e:4d:3e:b1:4d:46:22:7e:9c:07:8c:28:c4:37:b9:79:
         3e:0c:2a:8f:5c:a2:4f:78:b0:1c:0c:75:0c:3f:44:ce:63:3a:
         b6:3b:5c:1f:1f:9b:12:02:2a:44:6d:47:4a:40:4f:13:ea:2d:
         6c:e2:e6:d4:36:69:a2:10:64:07:79:c4:e7:3a:f6:b0:65:ed:
         f1:b7:c9:ef:e6:a7:93:fe:55:af:9d:3f:3f:97:b7:26:29:cb:
         39:81:70:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1EgivyXtNHW7sK8yIHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmMzOTA5MmYyODJjMWE2YTVjYzcyNTVmMTk5ZTY3NjE3NDQ3OWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDJQ8H6GMugUmD+XT6f7boWLmgWF
PEGq/HyFKjeGBcibqKOi2CgWcS0ycqwOoJE4uAn1T5CClIAwBIDIUYw2uSw9+Om0
8vs8fwq28eGe0Ktq3aJL1JAJ6Sv+wd8Pbgbs+M96gKZiE6lEEHMrq71dbhR5Vi9a
OzxHRMcQRvnnMvrbOSBd1G2cVO0mn9wEMp4PR7pzZScQDxgfMW0R94bxdY4tZyo2
6JeU1lB0sVM37M05t/VTXiflrpd4Vgld6WYzj/fH9cxQfXMi3+s2/5YS9cNmgteX
Y0FPE7OikS1dpZkwSDcieZCSPBmMTjUHE+6i3XwszVB//S7L4pjWpgmW4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvDkJLygsGmpcxyVfGZ5nYXRHnPMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvYThPUWt2S0N3YWFsekhKVjhabm1kaGRFZWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tJMA0G
CSqGSIb3DQEBCwUAA4IBAQBU34Hh39/iwCOARrkaP3lbTjaBPeV48MMTEJaJ5mnU
f3Fwp+4iiJqJyVFJiGE0UibC5xm5J86DRUSeojMNHfYuxTEP1NOCKXrRJuKm3eXA
S4haEw2tucxrAfmY3nkLlJYFdvlpwwFRNjdBZrMzjaeBQfPpCv/b3EF76+jy6aeb
YU3BAXUIczaTHvyRADC2r33OZX1GkPRdAEug9wYDrkN9H+IsxJ5NPrFNRiJ+nAeM
KMQ3uXk+DCqPXKJPeLAcDHUMP0TOYzq2O1wfH5sSAipEbUdKQE8T6i1s4ubUNmmi
EGQHecTnOvawZe3xt8nv5qeT/lWvnT8/l7cmKcs5gXDO
-----END CERTIFICATE-----