Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/aA3Wc6FdIQRBGV-CVjQvKlREFUY.roa
File:                     aA3Wc6FdIQRBGV-CVjQvKlREFUY.roa (raw, json)
Hash identifier:          nCauzRVxbwRaMjsofeKLnZvG6FX8RhNG0vZ3Rm607cI=
Subject key identifier:   68:0D:D6:73:A1:5D:21:04:41:19:5F:82:56:34:2F:2A:54:44:15:46
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F53030F25E59CB6853D20EE93A193
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/aA3Wc6FdIQRBGV-CVjQvKlREFUY.roa
Signing time:             Tue 02 Jan 2024 04:29:48 +0000
ROA not before:           Tue 02 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197414
IP address blocks:        87.251.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:53:03:0f:25:e5:9c:b6:85:3d:20:ee:93:a1:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=680dd673a15d210441195f8256342f2a54441546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ae:02:75:47:5d:c3:e9:63:c7:c0:a9:d1:9c:
                    01:7f:49:ad:c7:b5:cb:dc:02:43:dc:56:8d:80:ea:
                    55:5a:fa:ac:52:ab:11:ac:08:b0:f0:5c:f6:28:19:
                    f2:14:27:af:52:86:2c:be:6f:73:c7:95:c4:d1:37:
                    f0:0b:f4:7d:c2:cb:22:92:75:29:b6:2c:66:e6:76:
                    e8:9a:ca:3e:1d:d4:e7:27:52:46:cf:2e:61:ad:41:
                    0a:97:4d:42:d6:c2:b9:66:8a:6b:b0:07:1b:f8:98:
                    24:18:09:95:32:83:85:2f:8e:54:7c:98:96:3f:6b:
                    16:2a:15:06:fa:d5:5a:ff:46:d8:97:5c:40:ab:cb:
                    a4:39:57:97:ba:69:29:99:5d:0a:15:83:3a:7d:42:
                    9c:d5:b6:7f:62:59:e1:62:ce:bd:d4:ca:02:a0:04:
                    2f:38:21:a6:91:01:55:9a:1e:88:4a:07:cb:ff:b2:
                    36:a5:49:9a:94:7b:15:bc:6f:0b:a2:74:f9:77:86:
                    0e:97:bb:4e:12:d4:ce:af:49:26:d0:87:9e:db:38:
                    8c:72:34:35:b0:3f:fd:a2:e5:be:33:54:47:47:03:
                    a2:c9:43:ee:5f:27:d9:9b:ab:e6:3e:11:81:ef:c5:
                    7a:bb:81:f1:3e:e0:94:ce:27:c8:ee:b5:26:50:c1:
                    24:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:0D:D6:73:A1:5D:21:04:41:19:5F:82:56:34:2F:2A:54:44:15:46
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/aA3Wc6FdIQRBGV-CVjQvKlREFUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:d4:2c:a9:1b:36:20:7c:a9:06:da:46:e6:b1:7b:aa:81:87:
         ca:29:09:2c:c5:51:c2:cc:15:11:b5:49:8e:95:2c:73:74:7c:
         c0:9f:5c:d5:49:e2:62:5d:66:7e:f8:fd:5e:4a:3a:f9:90:7a:
         5a:ae:d3:31:98:a7:44:62:71:55:a2:4f:a0:06:7e:03:26:3f:
         bf:85:20:ab:6f:ce:dc:5a:3d:f4:ed:58:19:55:a2:2a:51:dc:
         fa:9e:a0:47:7f:5f:9f:db:da:4f:44:69:96:f2:b0:a9:ce:63:
         47:a5:d0:0a:eb:df:db:d4:47:e7:ca:a8:0f:cc:dc:45:45:77:
         af:8a:a2:df:ff:b6:50:d0:8a:a8:df:6d:2c:4b:55:de:7a:d3:
         80:5e:a1:ff:8a:1b:75:76:11:77:21:b1:24:ce:27:44:30:f0:
         15:f8:5a:7f:84:ff:aa:5e:b6:72:60:cb:3c:13:29:1e:4a:3f:
         c9:4c:87:3d:a5:5e:bb:4c:ed:85:ec:2d:7c:2a:b7:23:9a:46:
         da:49:4b:71:0e:35:ba:69:54:25:83:65:e4:41:49:e8:14:b8:
         9c:c1:2e:1a:5c:6e:0b:8e:3a:46:11:83:d1:f7:20:c8:d1:9d:
         7c:34:0d:62:0c:e2:6b:d9:d2:5b:ca:4c:91:b3:6f:1e:cc:65:
         f7:88:92:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1MDDyXlnLaFPSDuk6GTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODBkZDY3M2ExNWQyMTA0NDExOTVmODI1NjM0MmYyYTU0NDQxNTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3a4CdUddw+ljx8Cp0ZwBf0mtx7XL
3AJD3FaNgOpVWvqsUqsRrAiw8Fz2KBnyFCevUoYsvm9zx5XE0TfwC/R9wssiknUp
tixm5nbomso+HdTnJ1JGzy5hrUEKl01C1sK5ZoprsAcb+JgkGAmVMoOFL45UfJiW
P2sWKhUG+tVa/0bYl1xAq8ukOVeXumkpmV0KFYM6fUKc1bZ/YlnhYs691MoCoAQv
OCGmkQFVmh6ISgfL/7I2pUmalHsVvG8LonT5d4YOl7tOEtTOr0km0Iee2ziMcjQ1
sD/9ouW+M1RHRwOiyUPuXyfZm6vmPhGB78V6u4HxPuCUzifI7rUmUMEkzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgN1nOhXSEEQRlfglY0LypURBVGMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvYUEzV2M2RmRJUVJCR1YtQ1ZqUXZLbFJFRlVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tAMA0G
CSqGSIb3DQEBCwUAA4IBAQBq1CypGzYgfKkG2kbmsXuqgYfKKQksxVHCzBURtUmO
lSxzdHzAn1zVSeJiXWZ++P1eSjr5kHpartMxmKdEYnFVok+gBn4DJj+/hSCrb87c
Wj307VgZVaIqUdz6nqBHf1+f29pPRGmW8rCpzmNHpdAK69/b1EfnyqgPzNxFRXev
iqLf/7ZQ0Iqo320sS1XeetOAXqH/iht1dhF3IbEkzidEMPAV+Fp/hP+qXrZyYMs8
EykeSj/JTIc9pV67TO2F7C18KrcjmkbaSUtxDjW6aVQlg2XkQUnoFLicwS4aXG4L
jjpGEYPR9yDI0Z18NA1iDOJr2dJbykyRs28ezGX3iJIx
-----END CERTIFICATE-----