Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/578nhKomOnjdOIg4tuq39WyEgHw.roa
File:                     578nhKomOnjdOIg4tuq39WyEgHw.roa (raw, json)
Hash identifier:          gCARJ683Nk3toGdh0tY327HqB3AYAVFTT8MJy+xK6Bw=
Subject key identifier:   E7:BF:27:84:AA:26:3A:78:DD:38:88:38:B6:EA:B7:F5:6C:84:80:7C
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA993734BFEAB957A000CE38F0375260
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/578nhKomOnjdOIg4tuq39WyEgHw.roa
Signing time:             Tue 02 Jan 2024 14:34:47 +0000
ROA not before:           Tue 02 Jan 2024 14:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61209
IP address blocks:        87.107.186.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:37:34:bf:ea:b9:57:a0:00:ce:38:f0:37:52:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7bf2784aa263a78dd388838b6eab7f56c84807c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3f:6e:c5:2c:6f:d3:d3:98:5d:28:c1:7a:88:
                    87:45:e5:c9:10:27:29:e2:b0:e8:0a:da:ef:17:1c:
                    df:2b:7b:e3:b7:49:82:1b:c4:47:1c:f3:53:78:2a:
                    8f:91:1d:a8:31:2a:79:8f:c1:91:c1:dc:9f:ec:11:
                    8c:57:79:2c:06:16:0f:10:96:24:b3:52:4b:47:aa:
                    b8:3d:e8:bd:48:4d:c2:02:b7:ca:6b:dc:3c:51:bc:
                    88:a4:50:d7:b0:26:50:8d:c1:d8:3c:16:0e:c0:4f:
                    f1:2c:33:d5:f0:33:06:a0:68:0c:b0:a4:ee:b6:c8:
                    52:23:85:42:7d:80:24:13:3f:9b:0e:11:a2:a4:06:
                    89:0a:69:7c:66:01:30:7a:25:c5:14:a4:1a:0a:4a:
                    5d:82:1e:22:05:28:d7:2b:16:cf:58:ef:eb:ce:80:
                    55:d6:49:2e:25:ed:9e:5b:fd:b4:a3:9f:93:79:1c:
                    5c:3c:a5:58:e3:ec:dd:f3:0b:b9:11:1e:e3:53:e5:
                    bb:71:87:eb:f7:e5:77:d0:64:1a:35:38:98:e0:f4:
                    ad:1f:19:eb:01:63:f2:3a:8c:9b:18:9b:72:45:d7:
                    c8:ae:bb:56:40:f7:49:d3:ab:1d:1a:9b:59:ca:98:
                    d0:1a:c2:30:75:65:90:ea:26:ae:54:28:c2:cc:c0:
                    1a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:BF:27:84:AA:26:3A:78:DD:38:88:38:B6:EA:B7:F5:6C:84:80:7C
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/578nhKomOnjdOIg4tuq39WyEgHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:66:4c:e8:9a:bf:fa:4a:6f:c1:b5:74:81:67:8a:74:09:d3:
         7e:3b:36:87:fe:f1:1a:63:8e:e5:9f:4c:f9:31:36:38:c0:16:
         c4:bc:c5:24:40:2a:60:ac:08:94:3f:83:4a:44:80:29:91:56:
         cf:23:cf:ab:12:5d:55:07:5a:ac:b0:a3:cf:84:94:ac:77:d3:
         d5:fb:dd:f5:03:2d:34:8e:37:88:f6:ea:5c:11:c7:60:f2:28:
         99:ca:16:88:47:25:d3:fc:4a:af:92:29:3e:cd:75:27:34:89:
         c6:29:0b:cb:95:dd:af:97:a9:2e:8e:95:ce:f6:ad:06:46:d0:
         79:b3:3b:9f:3c:f0:87:43:f3:6c:7f:9e:b7:e9:a1:31:60:5e:
         0c:cd:9f:b6:62:32:a3:b1:73:41:b0:d1:6a:69:d5:32:15:1c:
         5f:ec:e7:ad:ce:d2:5d:5f:95:63:1e:c0:0b:ea:58:0b:ee:63:
         8a:ce:fe:b9:9f:d5:97:9f:65:e3:e4:a5:e6:3f:6a:bd:0f:51:
         4f:21:e5:40:ac:6c:65:80:c2:48:29:3f:9f:0d:8e:48:77:11:
         ce:0d:34:d5:ef:c7:b2:18:da:03:e5:a1:63:4a:1a:52:42:cb:
         64:59:7d:bd:c9:54:a2:26:86:97:6c:32:ea:72:3a:89:d5:42:
         43:af:01:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmTc0v+q5V6AAzjjwN1JgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2JmMjc4NGFhMjYzYTc4ZGQzODg4MzhiNmVhYjdmNTZjODQ4MDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoj9uxSxv09OYXSjBeoiHReXJECcp
4rDoCtrvFxzfK3vjt0mCG8RHHPNTeCqPkR2oMSp5j8GRwdyf7BGMV3ksBhYPEJYk
s1JLR6q4Pei9SE3CArfKa9w8UbyIpFDXsCZQjcHYPBYOwE/xLDPV8DMGoGgMsKTu
tshSI4VCfYAkEz+bDhGipAaJCml8ZgEweiXFFKQaCkpdgh4iBSjXKxbPWO/rzoBV
1kkuJe2eW/20o5+TeRxcPKVY4+zd8wu5ER7jU+W7cYfr9+V30GQaNTiY4PStHxnr
AWPyOoybGJtyRdfIrrtWQPdJ06sdGptZypjQGsIwdWWQ6iauVCjCzMAaMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOe/J4SqJjp43TiIOLbqt/VshIB8MB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvNTc4bmhLb21PbmpkT0lnNHR1cTM5V3lFZ0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV2u6MA0G
CSqGSIb3DQEBCwUAA4IBAQBqZkzomr/6Sm/BtXSBZ4p0CdN+OzaH/vEaY47ln0z5
MTY4wBbEvMUkQCpgrAiUP4NKRIApkVbPI8+rEl1VB1qssKPPhJSsd9PV+931Ay00
jjeI9upcEcdg8iiZyhaIRyXT/Eqvkik+zXUnNInGKQvLld2vl6kujpXO9q0GRtB5
szufPPCHQ/Nsf5636aExYF4MzZ+2YjKjsXNBsNFqadUyFRxf7OetztJdX5VjHsAL
6lgL7mOKzv65n9WXn2Xj5KXmP2q9D1FPIeVArGxlgMJIKT+fDY5IdxHODTTV78ey
GNoD5aFjShpSQstkWX29yVSiJoaXbDLqcjqJ1UJDrwEc
-----END CERTIFICATE-----