Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Sf5MtSRfpud-Rj7gXlfDQovo9VA.roa
File:                     Sf5MtSRfpud-Rj7gXlfDQovo9VA.roa (raw, json)
Hash identifier:          DztTJ+PmNoJjtlD/fM0OJRI9qPdiLEutbyjPYOfl4ss=
Subject key identifier:   49:FE:4C:B5:24:5F:A6:E7:7E:46:3E:E0:5E:57:C3:42:8B:E8:F5:50
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01941FFA51727AF25198C9EB08AA0C981CA7
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Sf5MtSRfpud-Rj7gXlfDQovo9VA.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51889
IP address blocks:        87.107.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:51:72:7a:f2:51:98:c9:eb:08:aa:0c:98:1c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49fe4cb5245fa6e77e463ee05e57c3428be8f550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:22:98:9e:6f:84:f2:4c:90:d7:d5:92:47:45:
                    8e:8d:1d:ab:1d:70:4e:76:de:f0:30:f3:42:69:b4:
                    b9:27:33:da:3e:af:0c:ef:38:a8:24:e4:fb:e8:26:
                    91:57:17:d1:96:14:d1:4d:01:48:b4:e7:7c:1a:7b:
                    64:83:27:7d:68:bc:2c:62:61:9f:db:f3:84:4c:d7:
                    24:78:8e:d0:48:7f:bb:f0:77:f2:09:3a:64:14:41:
                    33:69:0d:2e:a7:6f:de:a1:5d:10:81:26:b4:93:d0:
                    66:56:19:06:42:4d:a6:51:6f:07:4b:30:77:35:8f:
                    dc:6b:88:e7:b7:99:21:84:62:d3:b1:d4:c5:02:f5:
                    94:4b:c9:9f:20:7a:71:f4:08:2c:1c:70:72:5d:d3:
                    f5:f3:6f:1d:43:f5:6d:78:0c:e1:e7:b3:9b:f4:d2:
                    60:c8:22:28:a6:42:d3:6d:81:35:51:e0:bb:86:dd:
                    8b:54:04:34:7b:d1:7a:3a:2a:d6:79:18:df:f1:5a:
                    c4:48:4d:f2:87:a0:f7:cd:cf:b6:b9:10:49:19:ab:
                    9f:93:d6:35:b0:db:00:d3:e7:81:0f:17:cb:e2:05:
                    4e:58:4b:1a:9c:ef:6e:04:cd:71:71:b0:92:2a:09:
                    3c:9c:34:c3:ef:7d:6d:f1:e2:92:84:d4:db:14:8e:
                    54:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FE:4C:B5:24:5F:A6:E7:7E:46:3E:E0:5E:57:C3:42:8B:E8:F5:50
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Sf5MtSRfpud-Rj7gXlfDQovo9VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:29:ae:01:2d:cc:ec:c9:ad:4f:80:b2:34:7e:40:17:d3:79:
         f0:8f:a4:ad:7d:5b:98:b9:c1:c2:5c:93:d6:b4:cf:83:65:15:
         70:e8:03:a9:83:9d:11:ec:34:14:df:78:57:a6:46:83:a4:69:
         b1:42:34:33:14:9a:c5:38:9b:74:94:e4:00:2a:86:11:17:a9:
         a7:57:55:50:e4:ac:23:6c:4f:12:b2:76:5d:ed:20:36:f4:0d:
         19:02:ec:ac:8d:91:96:13:c4:94:85:d1:9a:aa:9d:30:c1:4f:
         e0:69:ab:0c:4b:44:7a:eb:ae:3e:7f:7e:20:c2:57:4c:bb:a5:
         1f:95:35:c5:7a:41:02:73:9c:99:cb:51:3b:fd:27:60:73:2d:
         c4:5a:c8:81:e3:25:6d:f6:97:84:91:b6:d5:9c:94:8e:86:56:
         c1:b1:56:5c:17:f6:eb:4a:0c:ef:88:d2:14:ca:d9:c6:30:46:
         33:78:1b:35:1c:5c:4b:41:8f:c6:21:79:6a:16:c8:38:0f:73:
         0e:f7:95:27:dd:c6:bf:04:4c:63:17:6c:30:37:03:b0:e8:8c:
         63:26:7b:fe:76:a7:9e:fc:26:82:70:57:12:e5:79:94:bf:3f:
         e3:ad:ec:c4:82:25:58:76:f2:32:72:9b:1b:3f:41:92:f3:1c:
         e6:d6:99:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lFyevJRmMnrCKoMmBynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZlNGNiNTI0NWZhNmU3N2U0NjNlZTA1ZTU3YzM0MjhiZThmNTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSKYnm+E8kyQ19WSR0WOjR2rHXBO
dt7wMPNCabS5JzPaPq8M7zioJOT76CaRVxfRlhTRTQFItOd8Gntkgyd9aLwsYmGf
2/OETNckeI7QSH+78HfyCTpkFEEzaQ0up2/eoV0QgSa0k9BmVhkGQk2mUW8HSzB3
NY/ca4jnt5khhGLTsdTFAvWUS8mfIHpx9AgsHHByXdP1828dQ/VteAzh57Ob9NJg
yCIopkLTbYE1UeC7ht2LVAQ0e9F6OirWeRjf8VrESE3yh6D3zc+2uRBJGaufk9Y1
sNsA0+eBDxfL4gVOWEsanO9uBM1xcbCSKgk8nDTD731t8eKShNTbFI5UPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEn+TLUkX6bnfkY+4F5Xw0KL6PVQMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvU2Y1TXRTUmZwdWQtUmo3Z1hsZkRRb3ZvOVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2ufMA0G
CSqGSIb3DQEBCwUAA4IBAQChKa4BLczsya1PgLI0fkAX03nwj6StfVuYucHCXJPW
tM+DZRVw6AOpg50R7DQU33hXpkaDpGmxQjQzFJrFOJt0lOQAKoYRF6mnV1VQ5Kwj
bE8SsnZd7SA29A0ZAuysjZGWE8SUhdGaqp0wwU/gaasMS0R6664+f34gwldMu6Uf
lTXFekECc5yZy1E7/Sdgcy3EWsiB4yVt9peEkbbVnJSOhlbBsVZcF/brSgzviNIU
ytnGMEYzeBs1HFxLQY/GIXlqFsg4D3MO95Un3ca/BExjF2wwNwOw6IxjJnv+dqee
/CaCcFcS5XmUvz/jrezEgiVYdvIycpsbP0GS8xzm1pl8
-----END CERTIFICATE-----