Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/FcY_QKqq9c1xfH6rECvdKY1Kcu8.roa
File:                     FcY_QKqq9c1xfH6rECvdKY1Kcu8.roa (raw, json)
Hash identifier:          Ju8mYMjl2LUkVKbzqtiMt1rTH2nwPvl1R7kMAYH3RPc=
Subject key identifier:   15:C6:3F:40:AA:AA:F5:CD:71:7C:7E:AB:10:2B:DD:29:8D:4A:72:EF
Certificate issuer:       /CN=764928a97be955377013d382c62940e950dd212b
Certificate serial:       019422FBB46F2BC5B8F5EEA43E669C827227
Authority key identifier: 76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/FcY_QKqq9c1xfH6rECvdKY1Kcu8.roa
Signing time:             Wed 01 Jan 2025 17:48:28 +0000
ROA not before:           Wed 01 Jan 2025 17:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206813
IP address blocks:        87.253.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b4:6f:2b:c5:b8:f5:ee:a4:3e:66:9c:82:72:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=764928a97be955377013d382c62940e950dd212b
        Validity
            Not Before: Jan  1 17:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15c63f40aaaaf5cd717c7eab102bdd298d4a72ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:97:db:04:b2:d0:dc:53:9f:61:83:7d:55:9a:
                    40:03:8d:8e:47:cf:b8:4b:87:c2:39:c7:d1:69:c9:
                    34:2b:b8:e7:e3:01:6e:78:b5:78:aa:eb:e8:e0:74:
                    79:23:61:72:6a:96:85:9f:4e:1c:a4:57:7a:5c:e0:
                    e8:5a:ab:5c:89:0f:e5:51:f6:5a:87:ee:55:84:9c:
                    f5:63:be:5e:9f:dc:0c:e3:c4:8d:d1:ac:49:4a:63:
                    8a:cd:ee:29:78:47:cb:00:68:3b:34:40:07:1f:40:
                    e3:4d:16:2a:f9:e4:c5:34:f3:f3:3f:a9:d3:cb:c9:
                    db:b9:75:ab:9c:0a:b8:bb:10:75:0a:72:8d:0b:01:
                    a2:cc:7c:2e:f1:6d:ec:f8:05:2a:38:00:50:b8:d0:
                    96:c5:27:14:68:6e:0b:93:76:c2:75:2a:51:9a:ed:
                    63:c6:04:77:9c:ce:a1:52:2b:c5:d0:2a:37:b1:ba:
                    95:7d:65:51:a8:39:9e:4a:e2:e5:63:ef:36:67:f3:
                    c0:40:d7:3b:b7:a8:9f:65:d5:f3:6b:d4:55:c6:fd:
                    65:80:52:5f:5d:ca:22:59:c0:0b:cf:be:c0:9e:04:
                    7e:a6:40:41:db:88:53:83:bc:f5:ed:bb:0e:5e:bd:
                    9d:67:20:2f:c9:78:cc:56:e2:33:62:49:cf:a9:60:
                    4d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C6:3F:40:AA:AA:F5:CD:71:7C:7E:AB:10:2B:DD:29:8D:4A:72:EF
            X509v3 Authority Key Identifier:
                keyid:76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/FcY_QKqq9c1xfH6rECvdKY1Kcu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.253.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:13:7a:39:a4:b1:9a:37:65:cc:13:ad:d2:79:af:ef:22:57:
         1e:b6:20:83:17:5a:43:2c:8d:9a:c4:3c:d3:ed:5b:fd:3e:2f:
         d1:6b:b2:69:2f:cc:49:2c:b5:cf:92:50:80:7b:24:fa:96:2f:
         b7:37:7f:f0:76:91:5d:a0:e2:28:5a:04:2e:5b:8e:38:84:3b:
         92:67:4d:0a:6b:5b:34:14:2f:13:ed:62:02:82:c8:8b:2e:97:
         35:20:57:71:05:16:53:23:1b:a3:7f:be:c2:2a:f0:5e:12:d7:
         c8:7d:b5:a2:f9:21:8f:4d:a5:58:09:95:1b:4a:3b:84:84:fb:
         40:f6:af:db:b2:b8:1b:ff:a9:ce:f9:80:f9:6f:46:99:8a:29:
         3a:e8:d5:7b:8e:01:92:b5:c0:1d:33:9b:0f:70:33:28:81:52:
         8d:c0:9b:89:c6:68:4d:e3:49:ea:77:6b:5e:0a:6c:8c:53:75:
         23:be:93:19:94:0c:e2:05:0a:a4:0f:85:d0:fd:70:06:42:86:
         8a:62:b5:bd:58:b3:d3:2f:6f:5e:85:cd:fd:87:71:8f:f6:2a:
         95:68:bf:5f:c2:ac:e2:de:7d:e5:c1:9a:e7:be:55:7e:17:c2:
         35:9b:49:a8:69:dc:af:ea:38:54:9e:0b:36:6c:21:97:9c:cb:
         96:07:d8:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7RvK8W49e6kPmacgnInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDkyOGE5N2JlOTU1Mzc3MDEzZDM4MmM2Mjk0MGU5NTBk
ZDIxMmIwHhcNMjUwMTAxMTc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWM2M2Y0MGFhYWFmNWNkNzE3YzdlYWIxMDJiZGQyOThkNGE3MmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5fbBLLQ3FOfYYN9VZpAA42OR8+4
S4fCOcfRack0K7jn4wFueLV4quvo4HR5I2FyapaFn04cpFd6XODoWqtciQ/lUfZa
h+5VhJz1Y75en9wM48SN0axJSmOKze4peEfLAGg7NEAHH0DjTRYq+eTFNPPzP6nT
y8nbuXWrnAq4uxB1CnKNCwGizHwu8W3s+AUqOABQuNCWxScUaG4Lk3bCdSpRmu1j
xgR3nM6hUivF0Co3sbqVfWVRqDmeSuLlY+82Z/PAQNc7t6ifZdXza9RVxv1lgFJf
XcoiWcALz77AngR+pkBB24hTg7z17bsOXr2dZyAvyXjMVuIzYknPqWBNJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXGP0CqqvXNcXx+qxAr3SmNSnLvMB8GA1UdIwQY
MBaAFHZJKKl76VU3cBPTgsYpQOlQ3SErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDkt
YmMxNTIyNzg5ZDNiLzEvRmNZX1FLcXE5YzF4Zkg2ckVDdmRLWTFLY3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDktYmMxNTIyNzg5ZDNi
LzEvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/28MA0G
CSqGSIb3DQEBCwUAA4IBAQBFE3o5pLGaN2XME63Sea/vIlcetiCDF1pDLI2axDzT
7Vv9Pi/Ra7JpL8xJLLXPklCAeyT6li+3N3/wdpFdoOIoWgQuW444hDuSZ00Ka1s0
FC8T7WICgsiLLpc1IFdxBRZTIxujf77CKvBeEtfIfbWi+SGPTaVYCZUbSjuEhPtA
9q/bsrgb/6nO+YD5b0aZiik66NV7jgGStcAdM5sPcDMogVKNwJuJxmhN40nqd2te
CmyMU3UjvpMZlAziBQqkD4XQ/XAGQoaKYrW9WLPTL29ehc39h3GP9iqVaL9fwqzi
3n3lwZrnvlV+F8I1m0moadyv6jhUngs2bCGXnMuWB9jH
-----END CERTIFICATE-----