Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Q5Vb9PBwr2G3lU38Yc3d28gPrlU.roa
File:                     Q5Vb9PBwr2G3lU38Yc3d28gPrlU.roa (raw, json)
Hash identifier:          vAiJOdYfIkG0dnGX0lYi47BXHMIgCOE1/W4Gnpv/y4c=
Subject key identifier:   43:95:5B:F4:F0:70:AF:61:B7:95:4D:FC:61:CD:DD:DB:C8:0F:AE:55
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       0192FBF8CFC50012D25F59DE7FF46FE348E6
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Q5Vb9PBwr2G3lU38Yc3d28gPrlU.roa
Signing time:             Tue 05 Nov 2024 10:57:20 +0000
ROA not before:           Tue 05 Nov 2024 10:57:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51431
IP address blocks:        87.107.102.0/24 maxlen: 24
                          87.107.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fb:f8:cf:c5:00:12:d2:5f:59:de:7f:f4:6f:e3:48:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Nov  5 10:57:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43955bf4f070af61b7954dfc61cddddbc80fae55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:12:e6:19:af:7a:29:9d:d8:59:ae:e9:4f:bf:
                    8c:43:16:6d:6d:5e:cb:32:ca:f9:33:ca:d3:9a:ee:
                    aa:7a:35:2f:78:a6:c1:17:03:83:d4:75:fb:43:40:
                    7a:12:47:7b:3c:6f:4c:67:75:c3:b9:ef:e9:bc:13:
                    77:6b:89:b6:55:b8:43:a1:7a:ef:83:4b:e1:9f:ca:
                    55:30:21:49:07:eb:92:51:39:5d:f2:65:78:1e:08:
                    76:89:12:b3:f8:fa:d0:9a:b7:4d:6f:9f:93:75:c7:
                    3d:d9:98:eb:5b:45:05:a1:4e:78:de:2b:ad:26:29:
                    73:a6:1e:e3:d4:ca:82:86:f4:c0:6a:e5:58:81:95:
                    1b:64:e0:b3:e0:02:15:54:28:3e:ea:71:d6:e0:3d:
                    89:6c:e7:01:97:a1:d9:6a:32:28:f2:af:08:98:aa:
                    c3:fd:14:45:e3:b6:46:d5:d3:74:9c:4a:75:88:ca:
                    b9:ef:4e:f9:4c:4a:84:4f:c5:3b:db:57:31:b9:ed:
                    81:6a:89:01:de:64:4d:5b:4d:36:8a:d3:51:ac:59:
                    57:4d:4c:b9:e7:3d:8f:82:97:a1:7b:86:3f:bf:c1:
                    77:cb:bd:56:df:5d:31:7f:c6:0e:4e:40:7a:5b:6c:
                    f7:a5:4a:8e:2f:2f:47:15:20:3d:27:25:5b:4f:6e:
                    70:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:95:5B:F4:F0:70:AF:61:B7:95:4D:FC:61:CD:DD:DB:C8:0F:AE:55
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Q5Vb9PBwr2G3lU38Yc3d28gPrlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.102.0/24
                  87.107.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:7d:83:af:96:ba:0a:f5:45:f1:cf:57:8c:9c:09:15:14:a3:
         82:d8:23:9d:2c:3a:bc:37:0a:cc:4b:21:b9:c1:0a:72:87:97:
         0c:38:28:d6:3b:4c:b5:65:28:9a:5f:96:04:1b:ce:9d:3c:16:
         78:9c:65:a2:cc:e8:16:3b:41:4f:d9:0e:e1:6f:5e:3b:d2:c4:
         b2:de:b4:91:a0:6d:07:94:08:62:6a:48:e0:1c:d2:7d:85:59:
         c8:e7:34:61:0a:1a:92:6a:32:c5:89:9c:2e:01:b2:00:c3:eb:
         7f:73:a9:bf:0b:3f:e7:65:9f:ba:d7:5d:78:d3:98:29:66:ac:
         6f:8e:da:64:20:e5:88:04:f3:71:51:25:42:42:c6:5f:73:c2:
         8d:8f:82:39:19:5c:7f:2f:75:3a:c3:9b:36:95:a4:72:4a:8b:
         43:a9:4c:0d:f7:56:ba:07:7e:f9:f6:ee:5f:8b:af:92:26:5f:
         d4:26:c4:8b:71:ec:a6:79:df:9a:6f:b9:2c:8c:e7:c1:ec:01:
         55:0a:8b:18:c9:a2:16:14:12:61:6c:c3:b3:4c:ae:51:77:51:
         c2:3f:14:ba:fb:74:39:11:cb:50:a7:32:a1:ac:5f:8b:15:25:
         70:6d:d7:ac:e7:07:1c:2f:2f:8b:78:5f:81:ca:47:09:9a:1a:
         b8:34:a5:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZL7+M/FABLSX1nef/Rv40jmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQxMTA1MTA1NzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mzk1NWJmNGYwNzBhZjYxYjc5NTRkZmM2MWNkZGRkYmM4MGZhZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBLmGa96KZ3YWa7pT7+MQxZtbV7L
Msr5M8rTmu6qejUveKbBFwOD1HX7Q0B6Ekd7PG9MZ3XDue/pvBN3a4m2VbhDoXrv
g0vhn8pVMCFJB+uSUTld8mV4Hgh2iRKz+PrQmrdNb5+Tdcc92ZjrW0UFoU543iut
Jilzph7j1MqChvTAauVYgZUbZOCz4AIVVCg+6nHW4D2JbOcBl6HZajIo8q8ImKrD
/RRF47ZG1dN0nEp1iMq57075TEqET8U721cxue2BaokB3mRNW002itNRrFlXTUy5
5z2Pgpehe4Y/v8F3y71W310xf8YOTkB6W2z3pUqOLy9HFSA9JyVbT25wvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEOVW/TwcK9ht5VN/GHN3dvID65VMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvUTVWYjlQQndyMkczbFUzOFljM2QyOGdQcmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV2tmAwQA
V2usMA0GCSqGSIb3DQEBCwUAA4IBAQBSfYOvlroK9UXxz1eMnAkVFKOC2COdLDq8
NwrMSyG5wQpyh5cMOCjWO0y1ZSiaX5YEG86dPBZ4nGWizOgWO0FP2Q7hb1470sSy
3rSRoG0HlAhiakjgHNJ9hVnI5zRhChqSajLFiZwuAbIAw+t/c6m/Cz/nZZ+61114
05gpZqxvjtpkIOWIBPNxUSVCQsZfc8KNj4I5GVx/L3U6w5s2laRySotDqUwN91a6
B3759u5fi6+SJl/UJsSLceymed+ab7ksjOfB7AFVCosYyaIWFBJhbMOzTK5Rd1HC
PxS6+3Q5EctQpzKhrF+LFSVwbdes5wccLy+LeF+BykcJmhq4NKUu
-----END CERTIFICATE-----