Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/0PHJqZMPWrLCjh9UMaNUcrBnmQ0.roa
File:                     0PHJqZMPWrLCjh9UMaNUcrBnmQ0.roa (raw, json)
Hash identifier:          10skCxFhSxBVEdh+ATFzqRt8dllHs383Py/mC7s9bXw=
Subject key identifier:   D0:F1:C9:A9:93:0F:5A:B2:C2:8E:1F:54:31:A3:54:72:B0:67:99:0D
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB65E3A1BCB9EB41377B4129C20652
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/0PHJqZMPWrLCjh9UMaNUcrBnmQ0.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        87.248.131.0/24 maxlen: 24
                          87.248.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:65:e3:a1:bc:b9:eb:41:37:7b:41:29:c2:06:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0f1c9a9930f5ab2c28e1f5431a35472b067990d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ad:66:d0:18:d6:b6:ea:3f:20:9f:da:fe:d0:
                    ad:06:51:3e:7a:75:83:96:23:57:47:58:25:3a:42:
                    6f:d0:f3:07:0d:22:64:c2:47:c7:7d:67:0f:99:9a:
                    bb:1f:24:fa:1a:60:dd:bb:b2:92:37:d0:4d:76:8f:
                    bc:fe:82:37:3e:7e:7c:e8:1f:7f:84:8b:08:e0:9a:
                    84:9e:2e:aa:f5:58:68:39:f0:3f:ef:a0:58:1e:f3:
                    31:ef:a8:62:76:7f:6e:88:8b:11:84:94:8b:7e:14:
                    ce:e6:c9:44:b5:fa:a3:54:ea:0b:eb:a0:5b:0f:1e:
                    a7:ac:fa:e6:54:14:ad:bf:85:67:91:3a:f9:2a:53:
                    cd:05:8d:9a:50:d4:79:1c:97:95:d7:16:ee:af:1b:
                    92:bc:8b:5b:e3:37:58:1e:c9:4b:6c:83:49:36:dd:
                    2e:92:90:1c:b4:e8:13:da:27:e9:91:81:29:9b:2e:
                    6b:7a:22:23:4a:ea:20:7e:e3:c3:5e:73:13:42:27:
                    ce:c7:e4:ea:fb:7b:61:7a:dd:f6:45:c5:13:f3:30:
                    79:d9:b7:8e:83:b4:30:80:41:10:5a:dc:21:8c:24:
                    52:2c:29:2a:28:20:dc:58:19:7c:57:3a:9a:e8:93:
                    fb:01:46:7e:e1:9a:de:12:f5:9d:61:cb:16:d8:ab:
                    cd:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F1:C9:A9:93:0F:5A:B2:C2:8E:1F:54:31:A3:54:72:B0:67:99:0D
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/0PHJqZMPWrLCjh9UMaNUcrBnmQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.131.0/24
                  87.248.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:4a:67:79:d8:96:ce:2b:dc:59:57:95:01:79:99:ca:d9:9f:
         50:0a:82:da:c0:05:45:71:4f:49:81:13:79:c7:52:81:52:14:
         3c:16:64:40:28:43:d8:b4:14:ff:44:2d:ba:f8:0f:43:b3:8a:
         b5:3c:2b:4a:e1:58:d1:07:9a:9a:31:64:20:32:95:9b:2a:58:
         0d:00:60:f2:29:70:c3:b0:96:2b:f6:c0:7b:25:52:a7:1c:25:
         ac:8f:12:da:b5:df:06:fb:1c:2d:a9:d1:86:8a:c9:c3:2d:d3:
         e9:51:6b:11:16:fb:d1:8d:af:10:23:8c:f4:d8:ca:cb:3d:1f:
         c0:b6:e5:00:69:37:5a:0e:30:c8:9c:ac:68:98:f1:d6:3c:a9:
         ce:32:fc:4f:83:c6:82:e5:c5:4d:ae:c7:97:22:fc:e6:27:14:
         ed:d8:e7:8b:4b:9b:f6:11:2e:81:2e:24:e7:5e:25:b9:6a:a0:
         86:0d:c6:85:c5:b6:a7:f8:6c:e4:fc:60:90:d4:64:7a:6e:82:
         45:2b:37:94:00:45:66:45:c1:7e:ce:a7:2f:48:42:ee:8e:3b:
         e1:e6:7d:c8:a8:c4:c8:67:08:e0:2b:3c:3e:e0:9e:57:af:b3:
         0a:24:9d:84:69:af:3a:89:81:48:36:e7:ee:73:eb:cb:6f:93:
         2b:e1:02:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC22Xjoby560E3e0EpwgZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGYxYzlhOTkzMGY1YWIyYzI4ZTFmNTQzMWEzNTQ3MmIwNjc5OTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K1m0BjWtuo/IJ/a/tCtBlE+enWD
liNXR1glOkJv0PMHDSJkwkfHfWcPmZq7HyT6GmDdu7KSN9BNdo+8/oI3Pn586B9/
hIsI4JqEni6q9VhoOfA/76BYHvMx76hidn9uiIsRhJSLfhTO5slEtfqjVOoL66Bb
Dx6nrPrmVBStv4VnkTr5KlPNBY2aUNR5HJeV1xburxuSvItb4zdYHslLbINJNt0u
kpActOgT2ifpkYEpmy5reiIjSuogfuPDXnMTQifOx+Tq+3thet32RcUT8zB52beO
g7QwgEEQWtwhjCRSLCkqKCDcWBl8Vzqa6JP7AUZ+4ZreEvWdYcsW2KvNEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNDxyamTD1qywo4fVDGjVHKwZ5kNMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvMFBISnFaTVBXckxDamg5VU1hTlVjckJubVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/iDAwQA
V/ieMA0GCSqGSIb3DQEBCwUAA4IBAQBOSmd52JbOK9xZV5UBeZnK2Z9QCoLawAVF
cU9JgRN5x1KBUhQ8FmRAKEPYtBT/RC26+A9Ds4q1PCtK4VjRB5qaMWQgMpWbKlgN
AGDyKXDDsJYr9sB7JVKnHCWsjxLatd8G+xwtqdGGisnDLdPpUWsRFvvRja8QI4z0
2MrLPR/AtuUAaTdaDjDInKxomPHWPKnOMvxPg8aC5cVNrseXIvzmJxTt2OeLS5v2
ES6BLiTnXiW5aqCGDcaFxban+Gzk/GCQ1GR6boJFKzeUAEVmRcF+zqcvSELujjvh
5n3IqMTIZwjgKzw+4J5Xr7MKJJ2Eaa86iYFINufuc+vLb5Mr4QIT
-----END CERTIFICATE-----