Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Apgp14VUjYCkW-QV78hbmB9gpB4.roa
File:                     Apgp14VUjYCkW-QV78hbmB9gpB4.roa (raw, json)
Hash identifier:          hOPvfuTvjF3q3IU1CLoUxiCLwokBshJVS7UrGFsBp48=
Subject key identifier:   02:98:29:D7:85:54:8D:80:A4:5B:E4:15:EF:C8:5B:98:1F:60:A4:1E
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA9932FB9E0137511441B25620185812
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Apgp14VUjYCkW-QV78hbmB9gpB4.roa
Signing time:             Tue 02 Jan 2024 14:34:46 +0000
ROA not before:           Tue 02 Jan 2024 14:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49207
IP address blocks:        87.107.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:32:fb:9e:01:37:51:14:41:b2:56:20:18:58:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=029829d785548d80a45be415efc85b981f60a41e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3d:04:4c:96:ba:95:34:fe:8d:fb:52:8a:01:
                    14:f0:a4:67:b7:de:45:a2:b9:07:d5:85:7d:ce:1c:
                    e1:08:68:af:3f:0a:f7:07:56:09:47:ec:32:af:7e:
                    db:0d:6f:82:8d:f6:0e:89:3a:ec:cd:5e:c3:4a:7b:
                    1e:bb:51:35:b2:d8:90:8c:f6:9c:8c:2f:24:be:45:
                    af:68:87:e5:01:72:9a:70:a3:1c:0e:d6:21:e9:8f:
                    26:5c:99:6e:a6:04:af:ff:f3:97:3e:1b:97:3c:de:
                    dc:dd:ad:2d:48:b0:d2:61:57:38:1d:ce:ed:d6:28:
                    28:d8:7d:75:56:a4:f0:40:b7:6b:a4:14:80:fe:37:
                    17:f2:e7:df:fd:6a:5a:57:92:55:2d:ca:8a:79:41:
                    56:9b:97:05:df:20:54:d0:9c:25:aa:df:9c:b1:11:
                    1e:43:65:fe:b7:af:42:4f:67:99:e5:a8:b8:2c:f7:
                    d9:ff:a6:8c:70:e1:49:75:86:98:bd:0e:81:72:95:
                    da:5f:1d:0a:6f:5b:9d:ed:b8:3c:53:34:9d:b4:7a:
                    8f:78:1b:5c:48:3a:4e:7e:23:59:82:2d:be:49:64:
                    53:62:00:25:8c:0d:d7:ea:9c:22:57:c2:d7:44:de:
                    6d:6c:f6:e0:7e:3f:47:14:75:e5:a7:ee:19:e6:34:
                    9c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:98:29:D7:85:54:8D:80:A4:5B:E4:15:EF:C8:5B:98:1F:60:A4:1E
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Apgp14VUjYCkW-QV78hbmB9gpB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:14:22:8a:66:bf:2f:d9:04:3d:d0:71:00:ff:95:29:48:bb:
         db:f5:11:90:ae:30:50:c1:f7:f7:79:5a:f8:c2:fd:9a:7c:db:
         37:7f:25:f1:dc:f8:fb:40:df:c7:c2:13:5a:2b:61:05:18:03:
         e7:07:7a:12:76:c0:80:09:d3:3d:73:5a:a3:0b:23:fa:b6:90:
         bf:da:e3:13:8c:e7:e8:55:2f:8a:6d:17:f8:f4:b1:06:bd:5b:
         6e:14:a8:bb:18:48:e6:46:94:5c:e4:b1:a4:bb:02:6a:e6:42:
         27:5a:e3:ce:f2:0b:c9:44:6d:d5:e8:d4:c6:38:ea:0f:68:78:
         fd:66:11:68:29:ef:1b:a2:75:ee:8a:64:f7:15:a1:a4:dd:8f:
         80:50:f8:45:77:fd:1b:17:ba:7f:bc:a1:e4:60:46:3e:44:07:
         b9:15:fd:1a:9e:52:88:89:99:de:09:83:3f:91:41:5c:5c:3b:
         d9:d7:9a:24:15:b5:c7:1d:83:7f:be:df:da:88:6f:07:87:cc:
         72:0d:5e:cf:41:41:7c:bb:7d:86:c9:bd:d7:b7:63:5f:ab:c5:
         be:18:ae:5c:4b:8a:be:09:b9:a8:17:4e:4f:4e:ab:7f:27:6b:
         b9:0e:e2:54:d2:79:1b:2c:cc:9f:6c:64:86:ce:70:6e:bd:8f:
         22:eb:14:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmTL7ngE3URRBslYgGFgSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjk4MjlkNzg1NTQ4ZDgwYTQ1YmU0MTVlZmM4NWI5ODFmNjBhNDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD0ETJa6lTT+jftSigEU8KRnt95F
orkH1YV9zhzhCGivPwr3B1YJR+wyr37bDW+CjfYOiTrszV7DSnseu1E1stiQjPac
jC8kvkWvaIflAXKacKMcDtYh6Y8mXJlupgSv//OXPhuXPN7c3a0tSLDSYVc4Hc7t
1igo2H11VqTwQLdrpBSA/jcX8uff/WpaV5JVLcqKeUFWm5cF3yBU0Jwlqt+csREe
Q2X+t69CT2eZ5ai4LPfZ/6aMcOFJdYaYvQ6BcpXaXx0Kb1ud7bg8UzSdtHqPeBtc
SDpOfiNZgi2+SWRTYgAljA3X6pwiV8LXRN5tbPbgfj9HFHXlp+4Z5jSccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKYKdeFVI2ApFvkFe/IW5gfYKQeMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvQXBncDE0VlVqWUNrVy1RVjc4aGJtQjlncEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2teMA0G
CSqGSIb3DQEBCwUAA4IBAQCaFCKKZr8v2QQ90HEA/5UpSLvb9RGQrjBQwff3eVr4
wv2afNs3fyXx3Pj7QN/HwhNaK2EFGAPnB3oSdsCACdM9c1qjCyP6tpC/2uMTjOfo
VS+KbRf49LEGvVtuFKi7GEjmRpRc5LGkuwJq5kInWuPO8gvJRG3V6NTGOOoPaHj9
ZhFoKe8bonXuimT3FaGk3Y+AUPhFd/0bF7p/vKHkYEY+RAe5Ff0anlKIiZneCYM/
kUFcXDvZ15okFbXHHYN/vt/aiG8Hh8xyDV7PQUF8u32Gyb3Xt2Nfq8W+GK5cS4q+
CbmoF05PTqt/J2u5DuJU0nkbLMyfbGSGznBuvY8i6xRo
-----END CERTIFICATE-----