Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/yI3kcyJzRggP15m85MpeIq1GwBo.roa
File:                     yI3kcyJzRggP15m85MpeIq1GwBo.roa (raw, json)
Hash identifier:          r/04rAUqk78VwXUr6beqzDxtFmgnHuWo4GBXh8YpN3M=
Subject key identifier:   C8:8D:E4:73:22:73:46:08:0F:D7:99:BC:E4:CA:5E:22:AD:46:C0:1A
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       0192244E5F2DDD4FE0A048EBEE89E417F616
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/yI3kcyJzRggP15m85MpeIq1GwBo.roa
Signing time:             Tue 24 Sep 2024 13:52:48 +0000
ROA not before:           Tue 24 Sep 2024 13:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24631
IP address blocks:        87.107.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:4e:5f:2d:dd:4f:e0:a0:48:eb:ee:89:e4:17:f6:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Sep 24 13:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c88de473227346080fd799bce4ca5e22ad46c01a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4b:0b:fe:08:d4:3d:03:04:b5:a6:86:02:af:
                    4d:e8:06:98:da:e0:6e:51:82:c5:e4:b1:79:52:11:
                    9b:e6:cd:c5:41:4a:9d:0e:34:0e:da:7f:bc:26:ee:
                    be:a1:0c:fb:19:10:0d:02:7b:50:ba:e0:f5:33:85:
                    de:fb:b2:b2:55:0a:17:4c:f8:e3:cb:6c:bb:22:52:
                    57:fe:5f:43:39:a9:27:53:c5:6b:98:85:0b:bd:6c:
                    6f:75:cb:a5:98:97:a3:97:3e:ed:dc:51:55:8f:54:
                    38:a5:18:26:be:c5:32:a1:d2:af:71:f1:5c:07:fb:
                    77:32:09:45:46:5e:f1:72:b0:a3:c8:81:10:62:d0:
                    f2:4b:9b:d8:e8:e7:ea:0c:64:c8:0e:94:71:bf:61:
                    fb:18:fd:b6:46:7a:93:f5:c4:66:dd:3f:5a:a3:d1:
                    b5:78:9e:8e:56:66:78:b3:91:14:6f:f9:e5:07:d1:
                    5f:f1:3e:4b:6d:36:31:dd:41:3a:bf:b6:ed:33:4a:
                    9d:96:e1:33:e9:ae:c7:bd:ca:f3:b5:af:57:5e:b5:
                    fa:64:71:ab:56:42:dc:97:d4:bb:0c:7c:32:0a:03:
                    04:25:28:16:78:29:a4:c6:db:4c:5d:31:33:29:c7:
                    07:84:85:fc:bb:e8:c5:bc:dd:ea:dd:50:8a:3a:7d:
                    85:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:8D:E4:73:22:73:46:08:0F:D7:99:BC:E4:CA:5E:22:AD:46:C0:1A
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/yI3kcyJzRggP15m85MpeIq1GwBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:6c:fc:49:66:0d:af:77:da:e6:ce:f5:b5:3c:f5:9f:81:e9:
         87:0f:84:d8:dd:80:06:46:60:4d:1a:f4:52:c2:14:98:6e:55:
         f2:f3:e1:d3:db:52:79:af:7e:b9:0b:91:2d:25:bf:9e:80:af:
         91:7b:e9:6d:0a:4d:f6:a4:fb:e4:40:f5:3a:8f:b8:6b:32:ec:
         75:96:1e:b0:49:af:a2:36:aa:35:06:55:56:0f:0d:b4:60:40:
         b5:19:4d:a6:94:f3:40:09:88:7d:c0:6d:42:08:47:12:64:42:
         73:bf:32:d5:e9:0e:8b:5a:d1:2c:ab:1f:a2:19:9f:42:88:36:
         2e:55:4a:b9:f8:29:7b:03:c2:62:9f:b2:e8:fc:46:8d:c5:ff:
         71:09:90:f1:cb:8b:d2:66:4a:01:3c:8f:48:14:29:19:d8:47:
         75:a6:3b:80:4d:fc:db:61:40:d2:c9:3c:28:1c:d1:1d:4c:4b:
         fb:b5:d2:cd:a0:84:d5:3a:ac:a5:e0:dc:42:5d:a1:f5:f2:07:
         5a:c8:d4:f8:20:d4:71:4b:30:bb:e8:4c:59:b5:b1:54:a4:f2:
         2a:4a:36:5f:e6:a2:e0:41:fe:e6:31:0a:d3:82:c4:6d:66:15:
         d3:d9:75:96:35:a2:7f:71:66:be:49:2a:64:20:90:a1:f0:a7:
         fd:69:54:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIkTl8t3U/goEjr7onkF/YWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwOTI0MTM1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhkZTQ3MzIyNzM0NjA4MGZkNzk5YmNlNGNhNWUyMmFkNDZjMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20sL/gjUPQMEtaaGAq9N6AaY2uBu
UYLF5LF5UhGb5s3FQUqdDjQO2n+8Ju6+oQz7GRANAntQuuD1M4Xe+7KyVQoXTPjj
y2y7IlJX/l9DOaknU8VrmIULvWxvdculmJejlz7t3FFVj1Q4pRgmvsUyodKvcfFc
B/t3MglFRl7xcrCjyIEQYtDyS5vY6OfqDGTIDpRxv2H7GP22RnqT9cRm3T9ao9G1
eJ6OVmZ4s5EUb/nlB9Ff8T5LbTYx3UE6v7btM0qdluEz6a7Hvcrzta9XXrX6ZHGr
VkLcl9S7DHwyCgMEJSgWeCmkxttMXTEzKccHhIX8u+jFvN3q3VCKOn2F3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiN5HMic0YID9eZvOTKXiKtRsAaMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEveUkza2N5SnpSZ2dQMTVtODVNcGVJcTFHd0JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2tmMA0G
CSqGSIb3DQEBCwUAA4IBAQC9bPxJZg2vd9rmzvW1PPWfgemHD4TY3YAGRmBNGvRS
whSYblXy8+HT21J5r365C5EtJb+egK+Re+ltCk32pPvkQPU6j7hrMux1lh6wSa+i
Nqo1BlVWDw20YEC1GU2mlPNACYh9wG1CCEcSZEJzvzLV6Q6LWtEsqx+iGZ9CiDYu
VUq5+Cl7A8Jin7Lo/EaNxf9xCZDxy4vSZkoBPI9IFCkZ2Ed1pjuATfzbYUDSyTwo
HNEdTEv7tdLNoITVOqyl4NxCXaH18gdayNT4INRxSzC76ExZtbFUpPIqSjZf5qLg
Qf7mMQrTgsRtZhXT2XWWNaJ/cWa+SSpkIJCh8Kf9aVQA
-----END CERTIFICATE-----