Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/LabIk5FAqxFN9-2h0QRFGlVAWZs.roa
File:                     LabIk5FAqxFN9-2h0QRFGlVAWZs.roa (raw, json)
Hash identifier:          g1aIF++7RUIR0+sMIarFEmboCFxIcCYOYgS81Y87k+w=
Subject key identifier:   2D:A6:C8:93:91:40:AB:11:4D:F7:ED:A1:D1:04:45:1A:55:40:59:9B
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01941FFA5DB616E1CCFE828BE4756E04B861
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/LabIk5FAqxFN9-2h0QRFGlVAWZs.roa
Signing time:             Wed 01 Jan 2025 03:48:09 +0000
ROA not before:           Wed 01 Jan 2025 03:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212063
IP address blocks:        87.107.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5d:b6:16:e1:cc:fe:82:8b:e4:75:6e:04:b8:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 03:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2da6c8939140ab114df7eda1d104451a5540599b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c6:07:b2:92:c0:76:43:a2:69:9e:5f:9a:95:
                    61:e2:3f:d3:16:7e:67:6b:e4:b7:64:11:ea:39:ed:
                    bc:da:c0:96:35:14:86:4f:0e:80:39:70:2d:1e:78:
                    eb:ff:55:8e:47:a2:c2:6d:63:8b:1e:75:ef:ce:ca:
                    b1:b1:30:86:75:9f:de:e8:f9:05:b0:c7:4c:79:4a:
                    55:6d:b5:d5:49:3d:fd:12:34:91:07:50:50:63:29:
                    1b:f9:b0:d8:05:30:65:aa:86:5b:09:71:4a:a7:f0:
                    75:83:1b:48:83:ed:fc:49:1d:cf:cf:59:3a:64:c1:
                    1a:49:0a:92:00:a2:cb:08:fd:6c:a3:49:30:29:ff:
                    09:da:86:73:57:88:fa:4e:3c:2d:35:fe:16:04:2d:
                    3a:23:69:ea:d2:cf:7c:99:cd:af:96:55:e1:5f:43:
                    92:f9:bf:c6:a4:ec:58:eb:61:69:e0:f4:ad:67:49:
                    66:38:69:5a:80:e2:d1:2d:e2:b0:97:b8:02:0d:31:
                    08:39:ec:09:b6:72:22:1c:d6:a3:00:e9:fc:c1:aa:
                    6b:6f:f7:a9:3f:ea:ba:56:ed:e8:fe:b4:a7:3a:c1:
                    06:be:51:ab:c1:69:16:08:d9:cc:f6:d6:dd:3c:2f:
                    ab:71:a2:29:04:27:bb:3e:18:3a:5d:19:98:e1:34:
                    8c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:A6:C8:93:91:40:AB:11:4D:F7:ED:A1:D1:04:45:1A:55:40:59:9B
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/LabIk5FAqxFN9-2h0QRFGlVAWZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:74:65:48:65:eb:34:06:60:10:e0:ce:d0:23:f2:5b:19:20:
         9a:81:9f:98:0d:96:fd:1b:ab:15:d3:3f:60:86:a5:09:bc:8c:
         40:6b:d2:99:55:f0:ce:dc:33:bd:a8:b5:0e:4e:1f:10:fb:8d:
         77:88:ef:6b:87:bb:97:c9:79:91:a3:4d:f8:9a:c8:ee:1b:34:
         4d:82:5b:8d:9f:60:49:02:6e:dd:ef:93:a7:0a:e8:d9:62:b8:
         d5:31:74:da:d1:98:c0:00:71:50:41:0f:82:3d:86:ff:18:53:
         b4:bd:83:81:57:9b:d9:e1:89:7d:0d:02:e5:81:42:ce:bc:ff:
         08:2a:b5:92:8e:96:d5:27:d4:55:41:52:5e:7e:53:5e:12:03:
         6e:41:36:88:f5:01:66:05:78:a7:68:0c:07:ad:a1:91:d0:17:
         eb:48:0c:49:f2:c6:82:e7:cd:52:b3:97:37:e5:c1:8d:2b:cd:
         d5:e6:9a:8d:4b:fb:2b:86:f7:7d:d9:4a:20:a5:73:02:d2:cb:
         91:36:7d:eb:d6:33:73:79:4f:f6:0f:1a:f8:c9:e9:fd:7b:eb:
         b9:d9:30:4b:ed:4b:7e:d1:83:c0:f4:f8:9c:e9:22:d5:fb:3f:
         a5:a8:9b:29:5d:81:28:c8:4d:d2:14:40:e5:2a:61:12:f5:fd:
         53:b1:3a:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+l22FuHM/oKL5HVuBLhhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwMTAxMDM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGE2Yzg5MzkxNDBhYjExNGRmN2VkYTFkMTA0NDUxYTU1NDA1OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MYHspLAdkOiaZ5fmpVh4j/TFn5n
a+S3ZBHqOe282sCWNRSGTw6AOXAtHnjr/1WOR6LCbWOLHnXvzsqxsTCGdZ/e6PkF
sMdMeUpVbbXVST39EjSRB1BQYykb+bDYBTBlqoZbCXFKp/B1gxtIg+38SR3Pz1k6
ZMEaSQqSAKLLCP1so0kwKf8J2oZzV4j6TjwtNf4WBC06I2nq0s98mc2vllXhX0OS
+b/GpOxY62Fp4PStZ0lmOGlagOLRLeKwl7gCDTEIOewJtnIiHNajAOn8waprb/ep
P+q6Vu3o/rSnOsEGvlGrwWkWCNnM9tbdPC+rcaIpBCe7Phg6XRmY4TSMMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2myJORQKsRTfftodEERRpVQFmbMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvTGFiSWs1RkFxeEZOOS0yaDBRUkZHbFZBV1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2usMA0G
CSqGSIb3DQEBCwUAA4IBAQCudGVIZes0BmAQ4M7QI/JbGSCagZ+YDZb9G6sV0z9g
hqUJvIxAa9KZVfDO3DO9qLUOTh8Q+413iO9rh7uXyXmRo034msjuGzRNgluNn2BJ
Am7d75OnCujZYrjVMXTa0ZjAAHFQQQ+CPYb/GFO0vYOBV5vZ4Yl9DQLlgULOvP8I
KrWSjpbVJ9RVQVJeflNeEgNuQTaI9QFmBXinaAwHraGR0BfrSAxJ8saC581Ss5c3
5cGNK83V5pqNS/srhvd92UogpXMC0suRNn3r1jNzeU/2Dxr4yen9e+u52TBL7Ut+
0YPA9Pic6SLV+z+lqJspXYEoyE3SFEDlKmES9f1TsTqh
-----END CERTIFICATE-----