Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/VxBsqFGxcDEfNjHagUUZc5Jh8g0.roa
File:                     VxBsqFGxcDEfNjHagUUZc5Jh8g0.roa (raw, json)
Hash identifier:          gVXRksRNAdHlVeqqAZ0LTldX0AaTe+Vfm96NUBj6yiA=
Subject key identifier:   57:10:6C:A8:51:B1:70:31:1F:36:31:DA:81:45:19:73:92:61:F2:0D
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0192DC4932044D9C56D8ADBED3521967BA04
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/VxBsqFGxcDEfNjHagUUZc5Jh8g0.roa
Signing time:             Wed 30 Oct 2024 07:17:17 +0000
ROA not before:           Wed 30 Oct 2024 07:17:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        78.143.224.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dc:49:32:04:4d:9c:56:d8:ad:be:d3:52:19:67:ba:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Oct 30 07:17:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57106ca851b170311f3631da814519739261f20d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cc:81:f6:70:15:1c:6b:91:df:36:de:a5:25:
                    d1:fe:67:4c:af:34:eb:c5:9d:ba:2e:48:53:8c:9e:
                    18:be:0f:b0:59:4e:10:63:e3:18:28:e3:ac:2c:f7:
                    b2:2b:20:4d:ea:b3:e4:1b:8d:8c:94:33:e4:4e:7b:
                    f7:8b:0e:e7:c1:f3:02:56:f7:83:42:d5:bf:be:4a:
                    d7:90:38:ed:06:c2:e0:47:b6:de:8a:12:40:92:9d:
                    46:13:71:ab:23:94:48:db:99:0e:06:21:e5:3b:8c:
                    1f:e5:1c:88:26:95:03:bb:a1:94:2b:40:08:cb:b2:
                    c8:63:17:53:bd:8c:76:29:3d:39:b7:78:bb:35:6f:
                    84:e7:02:06:3a:33:f0:75:7f:eb:f4:da:46:59:63:
                    09:12:cf:57:76:18:fe:ae:f0:64:91:28:74:e1:84:
                    59:3a:cb:65:bb:50:34:50:b8:52:94:03:e2:24:22:
                    b4:6e:7e:b3:98:d2:85:60:95:e5:7c:2f:09:c2:30:
                    80:71:00:6b:0f:c8:62:af:b9:11:a4:79:c6:8e:da:
                    72:95:f9:bb:31:b1:c3:0d:eb:47:cf:bb:e7:95:d7:
                    04:7b:6f:25:34:25:7e:79:f2:93:71:c2:f0:8c:8e:
                    1d:31:47:3f:73:97:42:c5:66:47:d6:b4:17:ee:31:
                    aa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:10:6C:A8:51:B1:70:31:1F:36:31:DA:81:45:19:73:92:61:F2:0D
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/VxBsqFGxcDEfNjHagUUZc5Jh8g0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:a2:36:80:69:87:97:78:5b:fb:40:04:82:5d:6f:3a:e8:63:
         d1:fe:3d:84:1c:fa:70:29:f2:a7:4b:f8:85:3f:b7:96:f6:65:
         f1:1e:c7:4f:e9:86:85:8b:eb:9e:ba:d6:83:9e:49:b9:fa:66:
         8c:bd:0c:bc:15:ee:ed:9a:78:54:21:e5:c8:80:6d:55:8e:4d:
         4b:31:a1:71:b5:99:29:bc:34:d0:d3:96:fc:be:d2:03:52:f1:
         bc:55:91:f7:98:84:85:44:f8:8f:c7:75:d8:4f:f7:6c:6e:d1:
         dc:c0:50:fc:cf:7d:37:21:b4:a6:86:86:1c:30:22:fb:0e:39:
         77:96:8d:19:51:82:48:39:d8:5f:84:53:cc:da:a0:5a:4f:61:
         0d:f2:00:4a:e1:63:06:1c:d1:a9:8e:f5:60:68:79:8d:9f:a5:
         16:5b:d7:05:63:5d:75:ac:76:f3:e4:64:e2:93:63:e0:22:5c:
         47:f3:60:22:a8:36:ab:37:72:30:2c:00:08:45:cc:51:89:d3:
         d1:9a:4e:a1:e7:d1:aa:63:17:ee:f6:18:b0:ef:d2:b3:f2:93:
         d9:e0:10:04:f3:c0:e3:d3:e3:1d:6e:41:69:37:52:8e:3b:99:
         6f:e0:ce:02:2b:aa:f6:ca:17:21:ba:87:66:b0:91:db:bb:17:
         cc:13:08:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLcSTIETZxW2K2+01IZZ7oEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQxMDMwMDcxNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzEwNmNhODUxYjE3MDMxMWYzNjMxZGE4MTQ1MTk3MzkyNjFmMjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMyB9nAVHGuR3zbepSXR/mdMrzTr
xZ26LkhTjJ4Yvg+wWU4QY+MYKOOsLPeyKyBN6rPkG42MlDPkTnv3iw7nwfMCVveD
QtW/vkrXkDjtBsLgR7beihJAkp1GE3GrI5RI25kOBiHlO4wf5RyIJpUDu6GUK0AI
y7LIYxdTvYx2KT05t3i7NW+E5wIGOjPwdX/r9NpGWWMJEs9Xdhj+rvBkkSh04YRZ
Ostlu1A0ULhSlAPiJCK0bn6zmNKFYJXlfC8JwjCAcQBrD8hir7kRpHnGjtpylfm7
MbHDDetHz7vnldcEe28lNCV+efKTccLwjI4dMUc/c5dCxWZH1rQX7jGqVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcQbKhRsXAxHzYx2oFFGXOSYfINMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvVnhCc3FGR3hjREVmTmpIYWdVVVpjNUpoOGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTo/gMA0G
CSqGSIb3DQEBCwUAA4IBAQAfojaAaYeXeFv7QASCXW866GPR/j2EHPpwKfKnS/iF
P7eW9mXxHsdP6YaFi+ueutaDnkm5+maMvQy8Fe7tmnhUIeXIgG1Vjk1LMaFxtZkp
vDTQ05b8vtIDUvG8VZH3mISFRPiPx3XYT/dsbtHcwFD8z303IbSmhoYcMCL7Djl3
lo0ZUYJIOdhfhFPM2qBaT2EN8gBK4WMGHNGpjvVgaHmNn6UWW9cFY111rHbz5GTi
k2PgIlxH82AiqDarN3IwLAAIRcxRidPRmk6h59GqYxfu9hiw79Kz8pPZ4BAE88Dj
0+MdbkFpN1KOO5lv4M4CK6r2yhchuodmsJHbuxfMEwjt
-----END CERTIFICATE-----