Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/D25zhQzai8agFUS_KW3gEEdqROM.roa
File:                     D25zhQzai8agFUS_KW3gEEdqROM.roa (raw, json)
Hash identifier:          Vnhfh2I9dXZanO+LBrIWf3BGqPx8Rg0Qf8c8TdfgnhU=
Subject key identifier:   0F:6E:73:85:0C:DA:8B:C6:A0:15:44:BF:29:6D:E0:10:47:6A:44:E3
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018F9ABE76C168777FF1DF93E4C0B249D71F
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/D25zhQzai8agFUS_KW3gEEdqROM.roa
Signing time:             Tue 21 May 2024 10:42:04 +0000
ROA not before:           Tue 21 May 2024 10:42:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209079
IP address blocks:        87.107.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:be:76:c1:68:77:7f:f1:df:93:e4:c0:b2:49:d7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: May 21 10:42:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f6e73850cda8bc6a01544bf296de010476a44e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d6:d1:78:d9:a9:db:59:c8:c3:e6:30:57:67:
                    cc:6f:a8:52:82:58:31:13:d9:bf:42:19:2a:bc:68:
                    bc:df:5a:e9:c2:f3:36:86:a8:09:25:a9:81:f4:09:
                    0a:ca:bc:87:d1:08:9b:75:f9:01:49:20:91:4c:be:
                    cf:95:bd:aa:b8:ec:b8:7a:a8:09:b0:c2:07:c3:2c:
                    a5:00:42:65:4f:af:ad:1d:d8:b5:33:27:ef:f7:56:
                    45:d4:c8:70:5a:31:ad:92:d2:8c:e5:b7:ae:f9:5b:
                    e3:ee:40:ad:f9:ba:e2:e1:98:98:d3:db:9f:a6:b8:
                    d4:7b:05:86:0a:0d:c4:69:94:25:30:29:d0:9b:7d:
                    d7:13:f5:8d:70:e8:c1:86:77:d3:ee:5a:9e:ed:b1:
                    0b:44:de:3a:9f:07:9a:9b:06:ac:3b:9c:d0:c4:f7:
                    01:88:d7:52:f9:27:7f:6d:44:d4:ff:ff:52:fc:03:
                    e7:7b:c8:1a:a9:9f:04:19:6d:9b:6b:58:eb:eb:21:
                    ec:5f:f7:c8:13:31:2b:2b:f4:e3:ae:42:83:3b:a5:
                    4f:58:ad:6a:8a:d4:c0:88:29:cf:c7:a6:a2:59:a6:
                    75:15:97:50:17:67:4d:d4:7a:26:c8:ff:3b:60:6f:
                    25:4d:b4:0c:61:31:99:2b:c0:aa:18:ee:ca:7b:23:
                    fb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:6E:73:85:0C:DA:8B:C6:A0:15:44:BF:29:6D:E0:10:47:6A:44:E3
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/D25zhQzai8agFUS_KW3gEEdqROM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:04:45:3a:77:d8:4f:d4:6e:12:6a:9f:8c:0b:c1:c0:d5:47:
         4c:c9:18:d3:48:b9:44:7f:40:83:5c:af:b2:5b:6d:b4:a4:2c:
         8a:8a:9a:34:ab:67:e1:1f:e0:12:bb:7b:66:00:39:27:00:54:
         e3:ce:82:49:57:12:0f:0e:d6:af:c9:03:66:61:8d:6f:61:34:
         7b:5d:8d:ea:e7:dc:4a:95:45:a1:f3:e4:fc:76:79:99:a4:96:
         38:dc:f9:1a:c7:33:90:8f:4b:94:4e:34:02:4a:01:58:61:3b:
         a5:aa:8c:74:eb:a0:2d:ec:03:88:a9:b3:0b:9b:07:be:5a:4a:
         33:6a:4f:6d:64:f7:86:cd:3c:01:7a:84:c9:a2:df:05:90:d7:
         0a:58:a3:0b:c3:74:1d:ac:0e:a2:fb:7d:c6:a7:30:05:96:a3:
         2d:22:4a:c2:22:ac:0a:0e:94:c0:66:70:74:39:9d:a1:40:3e:
         8a:16:b8:44:33:33:18:d0:12:2b:1d:9f:fc:cf:05:dc:b6:c9:
         da:9e:f6:bb:f7:7a:7b:0e:b3:a4:5a:0d:a6:52:e4:44:25:d3:
         b5:3e:23:dd:bb:26:48:85:95:59:75:2d:c1:d3:3a:53:4d:da:
         6c:d7:7a:dd:89:66:d8:9f:39:64:36:68:9f:be:be:92:f5:b5:
         f2:31:4b:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+avnbBaHd/8d+T5MCySdcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwNTIxMTA0MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjZlNzM4NTBjZGE4YmM2YTAxNTQ0YmYyOTZkZTAxMDQ3NmE0NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9bReNmp21nIw+YwV2fMb6hSglgx
E9m/QhkqvGi831rpwvM2hqgJJamB9AkKyryH0QibdfkBSSCRTL7Plb2quOy4eqgJ
sMIHwyylAEJlT6+tHdi1Myfv91ZF1MhwWjGtktKM5beu+Vvj7kCt+bri4ZiY09uf
prjUewWGCg3EaZQlMCnQm33XE/WNcOjBhnfT7lqe7bELRN46nweamwasO5zQxPcB
iNdS+Sd/bUTU//9S/APne8gaqZ8EGW2ba1jr6yHsX/fIEzErK/TjrkKDO6VPWK1q
itTAiCnPx6aiWaZ1FZdQF2dN1HomyP87YG8lTbQMYTGZK8CqGO7KeyP7rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9uc4UM2ovGoBVEvylt4BBHakTjMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvRDI1emhRemFpOGFnRlVTX0tXM2dFRWRxUk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCV2sUMA0G
CSqGSIb3DQEBCwUAA4IBAQCmBEU6d9hP1G4Sap+MC8HA1UdMyRjTSLlEf0CDXK+y
W220pCyKipo0q2fhH+ASu3tmADknAFTjzoJJVxIPDtavyQNmYY1vYTR7XY3q59xK
lUWh8+T8dnmZpJY43PkaxzOQj0uUTjQCSgFYYTulqox066At7AOIqbMLmwe+Wkoz
ak9tZPeGzTwBeoTJot8FkNcKWKMLw3QdrA6i+33GpzAFlqMtIkrCIqwKDpTAZnB0
OZ2hQD6KFrhEMzMY0BIrHZ/8zwXctsnanva793p7DrOkWg2mUuREJdO1PiPduyZI
hZVZdS3B0zpTTdps13rdiWbYnzlkNmifvr6S9bXyMUs3
-----END CERTIFICATE-----