Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/6eaLu8HvuypgRQzUQk4DhdQNOUc.roa
File:                     6eaLu8HvuypgRQzUQk4DhdQNOUc.roa (raw, json)
Hash identifier:          gZKuYiGZyqQSgY3KYfNK2Gk2aSPTSG4yqAgJ7eVGEu8=
Subject key identifier:   E9:E6:8B:BB:C1:EF:BB:2A:60:45:0C:D4:42:4E:03:85:D4:0D:39:47
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       0192FBF8D09BDE9982153EC61CDD99FC018B
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/6eaLu8HvuypgRQzUQk4DhdQNOUc.roa
Signing time:             Tue 05 Nov 2024 10:57:20 +0000
ROA not before:           Tue 05 Nov 2024 10:57:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212063
IP address blocks:        87.107.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fb:f8:d0:9b:de:99:82:15:3e:c6:1c:dd:99:fc:01:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Nov  5 10:57:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9e68bbbc1efbb2a60450cd4424e0385d40d3947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:72:19:57:b3:0d:e4:7a:9b:da:f7:a8:c5:81:
                    6b:33:ee:1e:7c:a8:81:df:05:0f:dd:1f:d1:73:43:
                    ed:f5:20:70:1b:7a:b0:67:9c:58:7f:79:9f:11:8a:
                    ed:66:af:60:cb:0c:72:36:89:fe:1a:05:af:ff:64:
                    2e:36:c3:a7:95:97:3c:e5:e7:67:5f:44:bb:51:81:
                    45:55:50:d3:00:3b:3b:80:10:c3:ad:2f:84:5b:c4:
                    b2:b3:05:e1:a7:e7:8c:70:dc:8d:67:e2:e2:c5:8e:
                    0b:c6:a6:20:4a:63:78:4a:d8:91:0c:ce:01:40:f0:
                    9b:89:80:81:bc:f0:4b:86:8d:d2:16:8d:41:4a:b8:
                    2e:31:cc:f0:7d:a8:be:ff:33:f5:b8:80:05:d0:d6:
                    83:fd:3d:aa:96:17:89:cd:4e:32:8b:49:43:e5:92:
                    12:46:cd:4b:71:24:7e:bd:78:9e:aa:a5:ce:a2:48:
                    d8:31:54:88:7a:98:75:f6:ec:92:d8:d2:e1:03:a7:
                    e4:c3:4c:4f:cb:be:11:3e:e1:ab:2b:74:72:eb:f8:
                    80:30:bc:e1:52:d4:e8:ae:d9:87:af:48:d8:64:f6:
                    30:f4:66:0b:30:dd:1d:2a:c6:aa:59:9e:d3:87:5d:
                    07:b8:bf:3d:ec:85:31:b5:d5:f7:65:e9:9f:eb:4b:
                    92:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E6:8B:BB:C1:EF:BB:2A:60:45:0C:D4:42:4E:03:85:D4:0D:39:47
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/6eaLu8HvuypgRQzUQk4DhdQNOUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ae:bb:ec:ee:b5:00:16:ec:ca:04:04:d0:05:97:05:b4:12:
         18:93:04:3a:1f:bb:7e:6b:3a:1a:e4:f4:34:9f:6d:73:26:c3:
         71:ab:09:c5:86:35:7f:55:e1:aa:42:8a:b8:c1:bf:64:4e:c7:
         cb:70:b1:16:ac:cc:c2:83:46:cd:11:6f:c9:3b:57:2f:74:f7:
         07:75:7e:10:b2:e4:50:ec:95:e7:21:4d:0b:b6:c1:59:19:bf:
         4c:00:ee:52:c8:8b:29:b7:15:87:df:bf:30:2c:02:f5:37:ba:
         f5:29:61:3d:42:d4:90:58:3d:c6:ac:fd:96:e3:76:a0:a8:ae:
         08:bc:bc:b0:2f:15:23:ef:57:ff:8f:a0:3f:eb:7f:de:a7:6d:
         db:9c:69:50:06:b2:5a:86:d7:c2:91:82:cc:01:a3:55:69:2c:
         83:ab:1b:02:b6:b8:02:d0:6d:2a:6a:b1:64:ce:26:b6:0d:04:
         70:81:10:13:a2:4c:95:a0:6a:7f:06:99:fe:7b:3c:a7:40:4b:
         53:d1:4d:e1:f9:32:83:d3:49:51:12:c6:f4:d5:7f:c3:b7:49:
         06:ba:d1:06:85:e5:4d:27:c1:39:14:a3:1f:be:18:a6:7a:fa:
         88:d1:c6:58:ea:f2:b3:67:7c:4b:18:35:c7:15:b3:21:ff:d9:
         78:fe:96:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL7+NCb3pmCFT7GHN2Z/AGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQxMTA1MTA1NzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWU2OGJiYmMxZWZiYjJhNjA0NTBjZDQ0MjRlMDM4NWQ0MGQzOTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHIZV7MN5Hqb2veoxYFrM+4efKiB
3wUP3R/Rc0Pt9SBwG3qwZ5xYf3mfEYrtZq9gywxyNon+GgWv/2QuNsOnlZc85edn
X0S7UYFFVVDTADs7gBDDrS+EW8SyswXhp+eMcNyNZ+LixY4LxqYgSmN4StiRDM4B
QPCbiYCBvPBLho3SFo1BSrguMczwfai+/zP1uIAF0NaD/T2qlheJzU4yi0lD5ZIS
Rs1LcSR+vXieqqXOokjYMVSIeph19uyS2NLhA6fkw0xPy74RPuGrK3Ry6/iAMLzh
UtTortmHr0jYZPYw9GYLMN0dKsaqWZ7Th10HuL897IUxtdX3Zemf60uSJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnmi7vB77sqYEUM1EJOA4XUDTlHMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvNmVhTHU4SHZ1eXBnUlF6VVFrNERoZFFOT1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2usMA0G
CSqGSIb3DQEBCwUAA4IBAQA/rrvs7rUAFuzKBATQBZcFtBIYkwQ6H7t+azoa5PQ0
n21zJsNxqwnFhjV/VeGqQoq4wb9kTsfLcLEWrMzCg0bNEW/JO1cvdPcHdX4QsuRQ
7JXnIU0LtsFZGb9MAO5SyIsptxWH378wLAL1N7r1KWE9QtSQWD3GrP2W43agqK4I
vLywLxUj71f/j6A/63/ep23bnGlQBrJahtfCkYLMAaNVaSyDqxsCtrgC0G0qarFk
zia2DQRwgRATokyVoGp/Bpn+ezynQEtT0U3h+TKD00lREsb01X/Dt0kGutEGheVN
J8E5FKMfvhimevqI0cZY6vKzZ3xLGDXHFbMh/9l4/pZn
-----END CERTIFICATE-----