Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/wSEfPAomuVv66ROBOQh7GkyZOeQ.roa
File:                     wSEfPAomuVv66ROBOQh7GkyZOeQ.roa (raw, json)
Hash identifier:          PmOV+z+rCWXNn/Vh2k/XpmdSE1NxBPZ83KCn3DNE3m8=
Subject key identifier:   C1:21:1F:3C:0A:26:B9:5B:FA:E9:13:81:39:08:7B:1A:4C:99:39:E4
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F532D2AD4FE2F7B105BA4C2A610A2
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/wSEfPAomuVv66ROBOQh7GkyZOeQ.roa
Signing time:             Tue 02 Jan 2024 04:29:48 +0000
ROA not before:           Tue 02 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198587
IP address blocks:        87.251.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:53:2d:2a:d4:fe:2f:7b:10:5b:a4:c2:a6:10:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1211f3c0a26b95bfae9138139087b1a4c9939e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f0:f1:e0:fe:22:81:53:5d:9e:a2:7e:10:de:
                    ee:ad:5b:55:f6:70:6d:86:39:6d:50:c9:a2:90:4d:
                    8e:8f:eb:10:45:4c:4d:b8:a4:a7:b8:f0:b3:0f:39:
                    9f:a7:dd:e4:a5:85:25:e5:c4:de:b2:57:1b:da:60:
                    b3:b6:86:a7:7f:d9:77:ea:bb:2b:f5:83:85:11:39:
                    f0:19:e3:f4:19:34:fd:2d:70:40:b9:f1:ac:d5:73:
                    d1:d3:2b:a9:d8:ca:1b:6e:1b:cb:20:de:9a:03:43:
                    5b:85:17:f3:81:7e:e6:9e:c5:63:e8:c6:fe:91:35:
                    2c:17:bb:43:71:ef:12:da:ca:28:11:94:16:02:0d:
                    f8:2b:04:28:d5:fb:3e:94:c4:6a:19:3f:fe:b5:d9:
                    75:de:ea:d9:f6:e6:2a:ab:fc:be:03:f2:10:87:d8:
                    6e:eb:ea:03:cb:ce:8a:bc:19:1d:fc:83:99:fb:c9:
                    81:06:04:64:0f:2a:d6:94:bf:da:12:f6:a7:73:c1:
                    2c:d7:99:33:a5:ff:a3:df:8c:2d:8b:15:fe:87:eb:
                    56:9c:fe:52:e8:99:0e:ec:04:fc:60:5e:2d:24:37:
                    64:a0:96:dd:de:60:3f:f0:3d:2b:6e:38:c5:41:51:
                    c1:51:9f:3d:60:c4:98:c3:16:a1:6e:33:d0:d2:1c:
                    d9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:21:1F:3C:0A:26:B9:5B:FA:E9:13:81:39:08:7B:1A:4C:99:39:E4
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/wSEfPAomuVv66ROBOQh7GkyZOeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f3:5b:4f:47:d8:1a:8c:22:03:34:1e:37:31:ab:47:f6:aa:
         ff:b3:e6:c4:b3:f9:c0:bb:33:0a:ce:20:9c:c6:6a:b7:76:99:
         24:00:18:79:c3:b8:49:f3:50:4b:c5:28:bc:4d:0b:87:73:1c:
         2a:5c:bf:5b:5c:b6:33:98:7d:17:63:b3:36:b2:17:0b:b7:03:
         c1:7f:cd:a1:2e:f4:62:90:5f:d5:d9:5f:09:5b:37:78:a2:15:
         73:4b:4a:91:bb:18:2c:b4:4d:b0:97:7a:d3:d7:84:9a:8b:cd:
         fd:10:e9:34:89:dc:46:35:bc:1f:22:93:e4:3a:4f:42:32:0f:
         65:eb:91:82:71:d6:80:a2:ec:f4:80:6f:81:5c:b4:39:0b:99:
         b5:15:01:5a:8b:ef:b6:e6:e1:06:9a:d3:f0:c2:e4:ca:03:b4:
         46:b8:0b:68:34:41:3b:cf:d8:86:6c:96:be:cb:4f:0f:37:de:
         38:60:9d:5c:99:63:20:99:ab:57:79:c7:03:4d:6d:45:40:8f:
         5b:dc:b2:8f:46:59:81:b7:1e:ef:97:db:a3:0d:c2:d6:4e:8a:
         f8:c6:21:de:1e:a5:8f:6f:38:d7:17:d2:6f:58:db:79:c2:2f:
         37:cc:28:cf:d0:ae:41:e3:41:d9:db:d0:98:3b:a6:d9:e3:5e:
         19:ca:ec:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1MtKtT+L3sQW6TCphCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTIxMWYzYzBhMjZiOTViZmFlOTEzODEzOTA4N2IxYTRjOTkzOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/Dx4P4igVNdnqJ+EN7urVtV9nBt
hjltUMmikE2Oj+sQRUxNuKSnuPCzDzmfp93kpYUl5cTeslcb2mCztoanf9l36rsr
9YOFETnwGeP0GTT9LXBAufGs1XPR0yup2MobbhvLIN6aA0NbhRfzgX7mnsVj6Mb+
kTUsF7tDce8S2sooEZQWAg34KwQo1fs+lMRqGT/+tdl13urZ9uYqq/y+A/IQh9hu
6+oDy86KvBkd/IOZ+8mBBgRkDyrWlL/aEvanc8Es15kzpf+j34wtixX+h+tWnP5S
6JkO7AT8YF4tJDdkoJbd3mA/8D0rbjjFQVHBUZ89YMSYwxahbjPQ0hzZkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEhHzwKJrlb+ukTgTkIexpMmTnkMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvd1NFZlBBb211VnY2NlJPQk9RaDdHa3laT2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tKMA0G
CSqGSIb3DQEBCwUAA4IBAQAK81tPR9gajCIDNB43MatH9qr/s+bEs/nAuzMKziCc
xmq3dpkkABh5w7hJ81BLxSi8TQuHcxwqXL9bXLYzmH0XY7M2shcLtwPBf82hLvRi
kF/V2V8JWzd4ohVzS0qRuxgstE2wl3rT14Sai839EOk0idxGNbwfIpPkOk9CMg9l
65GCcdaAouz0gG+BXLQ5C5m1FQFai++25uEGmtPwwuTKA7RGuAtoNEE7z9iGbJa+
y08PN944YJ1cmWMgmatXeccDTW1FQI9b3LKPRlmBtx7vl9ujDcLWTor4xiHeHqWP
bzjXF9JvWNt5wi83zCjP0K5B40HZ29CYO6bZ414ZyuzE
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:06:24 2024 by rpki-client on console-ams.rpki-client.org