Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/awDEAjc-vsUA8PFN4mikXx3QtXo.roa
File:                     awDEAjc-vsUA8PFN4mikXx3QtXo.roa (raw, json)
Hash identifier:          x6QRS39zUaIqgQ6Fa+3uC6hdw20sHPfHEbtVFExHXi8=
Subject key identifier:   6B:00:C4:02:37:3E:BE:C5:00:F0:F1:4D:E2:68:A4:5F:1D:D0:B5:7A
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01941FFA55E6AB773FE79B584BD76356860C
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/awDEAjc-vsUA8PFN4mikXx3QtXo.roa
Signing time:             Wed 01 Jan 2025 03:48:07 +0000
ROA not before:           Wed 01 Jan 2025 03:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61209
IP address blocks:        87.107.186.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:55:e6:ab:77:3f:e7:9b:58:4b:d7:63:56:86:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 03:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b00c402373ebec500f0f14de268a45f1dd0b57a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:59:4c:84:11:af:1d:e3:51:aa:31:fe:02:37:
                    16:ec:11:be:16:7f:01:ce:79:79:ff:db:ff:36:53:
                    27:bf:fa:bf:d5:c4:5b:f1:c3:48:e0:da:48:73:22:
                    10:c0:10:58:25:52:04:fb:9b:c6:14:68:ec:1a:bd:
                    a1:50:8c:b9:b5:66:6c:6a:85:31:df:47:f1:8b:cb:
                    d2:fa:db:66:a5:cf:55:9c:d8:82:1e:20:09:b0:42:
                    fc:86:84:af:38:68:3b:ef:c0:ee:29:15:45:1c:ad:
                    f5:01:da:6a:eb:71:26:0a:96:98:ca:4a:ff:61:d7:
                    96:37:6c:23:8d:65:fd:e7:a6:50:f0:85:ee:6f:7e:
                    89:e8:c9:e9:9c:9c:23:71:74:37:30:f0:37:6b:1f:
                    7e:a2:d4:2c:cb:a2:46:ef:b5:f6:6e:d0:fb:a4:80:
                    78:19:96:cd:2d:fa:fa:e7:0c:22:7f:a8:86:8a:90:
                    9a:14:9e:69:a4:b9:aa:e4:a0:4b:d0:c6:dd:ec:8b:
                    38:22:96:cd:09:25:fe:7a:4d:fe:83:0e:72:dd:b0:
                    7b:49:87:2e:c0:55:53:e3:b3:68:2f:4a:a1:c8:ee:
                    cf:a2:ae:5c:e4:11:1f:f6:49:cd:a4:31:cf:a6:15:
                    a3:a0:f7:3f:3a:7e:80:97:c8:34:c5:12:cb:c0:5e:
                    6b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:00:C4:02:37:3E:BE:C5:00:F0:F1:4D:E2:68:A4:5F:1D:D0:B5:7A
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/awDEAjc-vsUA8PFN4mikXx3QtXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:e6:f9:b5:c2:96:01:fd:ca:a1:74:88:00:fe:c3:0d:58:2b:
         74:25:7c:d3:d1:83:ca:af:d9:76:38:25:41:60:dd:dd:4e:ef:
         90:44:fb:65:88:a7:99:98:d5:61:0b:bf:cd:a9:d3:00:90:94:
         49:7c:3d:e7:96:63:fe:fc:12:e9:64:ba:3f:57:e6:cd:fb:da:
         8a:46:08:52:4a:3c:31:3a:08:8c:50:26:a1:2d:84:47:e6:bb:
         eb:f9:8f:c2:38:e7:52:11:94:dd:93:a9:f5:be:56:74:9c:07:
         08:6d:ce:5d:3e:86:62:47:3d:76:c2:ee:80:75:b9:18:4d:46:
         c5:2c:67:1f:68:f3:05:55:4d:4d:d4:68:98:8f:37:33:84:a4:
         e7:3b:10:0e:9f:f3:54:d9:d8:6d:7f:ff:94:07:76:c8:d2:12:
         ae:28:db:87:8c:64:e4:85:11:d8:81:da:b0:14:32:40:8d:ed:
         7b:cf:54:00:2d:c0:21:b8:dc:e3:19:42:9c:94:8c:c3:4b:47:
         d5:cc:76:8f:e1:35:3c:21:b2:4b:98:da:71:6c:44:71:a8:e5:
         1d:fe:94:31:99:c8:76:de:51:9e:ac:c5:7a:d5:35:5d:9d:dd:
         1c:1c:15:64:cc:3f:a2:37:e2:7a:19:cd:d4:89:85:e7:43:0f:
         03:ee:c5:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lXmq3c/55tYS9djVoYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwMTAxMDM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjAwYzQwMjM3M2ViZWM1MDBmMGYxNGRlMjY4YTQ1ZjFkZDBiNTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FlMhBGvHeNRqjH+AjcW7BG+Fn8B
znl5/9v/NlMnv/q/1cRb8cNI4NpIcyIQwBBYJVIE+5vGFGjsGr2hUIy5tWZsaoUx
30fxi8vS+ttmpc9VnNiCHiAJsEL8hoSvOGg778DuKRVFHK31Adpq63EmCpaYykr/
YdeWN2wjjWX956ZQ8IXub36J6MnpnJwjcXQ3MPA3ax9+otQsy6JG77X2btD7pIB4
GZbNLfr65wwif6iGipCaFJ5ppLmq5KBL0Mbd7Is4IpbNCSX+ek3+gw5y3bB7SYcu
wFVT47NoL0qhyO7Poq5c5BEf9knNpDHPphWjoPc/On6Al8g0xRLLwF5rAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsAxAI3Pr7FAPDxTeJopF8d0LV6MB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvYXdERUFqYy12c1VBOFBGTjRtaWtYeDNRdFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV2u6MA0G
CSqGSIb3DQEBCwUAA4IBAQCK5vm1wpYB/cqhdIgA/sMNWCt0JXzT0YPKr9l2OCVB
YN3dTu+QRPtliKeZmNVhC7/NqdMAkJRJfD3nlmP+/BLpZLo/V+bN+9qKRghSSjwx
OgiMUCahLYRH5rvr+Y/COOdSEZTdk6n1vlZ0nAcIbc5dPoZiRz12wu6AdbkYTUbF
LGcfaPMFVU1N1GiYjzczhKTnOxAOn/NU2dhtf/+UB3bI0hKuKNuHjGTkhRHYgdqw
FDJAje17z1QALcAhuNzjGUKclIzDS0fVzHaP4TU8IbJLmNpxbERxqOUd/pQxmch2
3lGerMV61TVdnd0cHBVkzD+iN+J6Gc3UiYXnQw8D7sWY
-----END CERTIFICATE-----