Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/FOzUWVBUQB_yvYUFZ78FWvWpveI.roa
File:                     FOzUWVBUQB_yvYUFZ78FWvWpveI.roa (raw, json)
Hash identifier:          d1GxHFNhz9ldhBmOdKCZ4i1P6fC+kmHIjVf7G6ek78w=
Subject key identifier:   14:EC:D4:59:50:54:40:1F:F2:BD:85:05:67:BF:05:5A:F5:A9:BD:E2
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA99376E62AF0DF8F4169FCDCBF43E4A
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/FOzUWVBUQB_yvYUFZ78FWvWpveI.roa
Signing time:             Tue 02 Jan 2024 14:34:48 +0000
ROA not before:           Tue 02 Jan 2024 14:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62367
IP address blocks:        87.107.134.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:37:6e:62:af:0d:f8:f4:16:9f:cd:cb:f4:3e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14ecd4595054401ff2bd850567bf055af5a9bde2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:2e:74:30:31:56:36:3e:7d:99:9f:2c:7f:57:
                    73:17:46:53:61:30:ec:14:b6:04:ad:1e:23:96:c6:
                    63:a1:5c:9b:b9:9b:90:45:ca:ec:e7:16:b4:04:f1:
                    f8:27:c2:26:be:76:86:ca:ac:b9:2a:b0:10:df:c8:
                    a1:8e:86:85:4a:b2:a0:47:74:b6:a9:bd:45:4c:e3:
                    6b:e6:8e:31:86:cc:76:3b:d4:ab:bd:19:db:d8:fd:
                    95:38:18:ab:0a:9a:2d:06:45:3b:55:f3:a8:de:96:
                    b3:70:3f:f3:8d:82:c4:16:07:10:66:0b:b8:5a:28:
                    d3:bb:d0:99:84:f6:64:b6:73:a8:cd:b1:6b:8c:8d:
                    55:aa:d3:0e:a2:f1:aa:e2:85:02:36:ef:5e:47:ca:
                    2b:1b:67:24:f1:53:03:0f:b9:4d:10:b4:f2:7f:2c:
                    54:04:75:1e:74:82:67:c9:82:2a:e3:73:ff:64:5f:
                    8a:b2:f5:78:74:2f:8a:10:e9:7f:2c:b0:bd:33:62:
                    8d:4f:0e:6e:5c:be:09:08:d8:e4:a2:6b:62:b8:6f:
                    5b:ab:fe:d7:f2:7e:fc:ec:21:eb:d8:25:32:87:78:
                    f7:8f:d8:74:7b:b1:9a:bf:87:00:f0:ad:56:b0:30:
                    b8:71:f2:13:c2:84:08:8b:09:52:69:03:da:21:db:
                    e0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:EC:D4:59:50:54:40:1F:F2:BD:85:05:67:BF:05:5A:F5:A9:BD:E2
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/FOzUWVBUQB_yvYUFZ78FWvWpveI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:37:78:29:6d:36:08:1c:8b:c1:2c:33:5a:03:c8:76:5f:96:
         d1:8e:09:60:56:ba:3f:19:15:fd:6b:50:95:4a:c9:df:af:02:
         f3:a2:ea:01:f3:f1:80:24:ae:fe:6b:b7:a7:aa:3a:1a:2d:40:
         7b:15:c9:fc:0a:7b:bf:14:c3:0b:5c:43:47:e0:ec:03:d7:50:
         97:28:3e:d6:cd:25:3e:a5:bf:92:5c:c5:bf:ed:32:de:75:dc:
         f5:4d:f6:51:d0:bb:33:d8:28:34:1c:1b:a6:f6:f7:84:57:df:
         1d:04:b4:ba:78:e8:03:c7:69:59:23:96:e3:e2:26:4c:fb:67:
         98:38:5e:e6:e8:93:4a:a7:75:8f:f6:0a:60:06:b0:65:35:11:
         b7:36:82:92:6d:29:56:57:b6:7a:15:40:d8:9c:3e:ad:68:c2:
         71:d1:e2:28:38:35:b1:f3:9d:dc:d5:62:40:ea:86:d2:1e:c0:
         95:0c:c8:52:e7:11:b7:2c:4f:70:a3:ee:4e:00:bb:40:30:dc:
         39:4e:53:e3:ca:46:7b:93:ef:c9:1e:8f:67:e5:ce:fe:84:9e:
         74:11:27:05:5a:f8:86:a7:db:d6:99:db:9e:b3:21:8a:ec:5f:
         7f:d4:8f:48:6f:10:c6:f7:ad:f8:3e:84:fd:7d:af:7b:71:64:
         f6:99:1b:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmTduYq8N+PQWn83L9D5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGVjZDQ1OTUwNTQ0MDFmZjJiZDg1MDU2N2JmMDU1YWY1YTliZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgy50MDFWNj59mZ8sf1dzF0ZTYTDs
FLYErR4jlsZjoVybuZuQRcrs5xa0BPH4J8ImvnaGyqy5KrAQ38ihjoaFSrKgR3S2
qb1FTONr5o4xhsx2O9SrvRnb2P2VOBirCpotBkU7VfOo3pazcD/zjYLEFgcQZgu4
WijTu9CZhPZktnOozbFrjI1VqtMOovGq4oUCNu9eR8orG2ck8VMDD7lNELTyfyxU
BHUedIJnyYIq43P/ZF+KsvV4dC+KEOl/LLC9M2KNTw5uXL4JCNjkomtiuG9bq/7X
8n787CHr2CUyh3j3j9h0e7Gav4cA8K1WsDC4cfITwoQIiwlSaQPaIdvgIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTs1FlQVEAf8r2FBWe/BVr1qb3iMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvRk96VVdWQlVRQl95dllVRlo3OEZXdldwdmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV2uGMA0G
CSqGSIb3DQEBCwUAA4IBAQBmN3gpbTYIHIvBLDNaA8h2X5bRjglgVro/GRX9a1CV
SsnfrwLzouoB8/GAJK7+a7enqjoaLUB7Fcn8Cnu/FMMLXENH4OwD11CXKD7WzSU+
pb+SXMW/7TLeddz1TfZR0Lsz2Cg0HBum9veEV98dBLS6eOgDx2lZI5bj4iZM+2eY
OF7m6JNKp3WP9gpgBrBlNRG3NoKSbSlWV7Z6FUDYnD6taMJx0eIoODWx853c1WJA
6obSHsCVDMhS5xG3LE9wo+5OALtAMNw5TlPjykZ7k+/JHo9n5c7+hJ50EScFWviG
p9vWmduesyGK7F9/1I9IbxDG9634PoT9fa97cWT2mRsA
-----END CERTIFICATE-----