Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/2rZiwDts7WUnSuQU5GlRNFEFxi8.roa
File:                     2rZiwDts7WUnSuQU5GlRNFEFxi8.roa (raw, json)
Hash identifier:          tw70XxwA3XZm399vJ+pcmuBiBrvICeUBeS3Yvj2MuW8=
Subject key identifier:   DA:B6:62:C0:3B:6C:ED:65:27:4A:E4:14:E4:69:51:34:51:05:C6:2F
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       019040ECBBBCE6C70BEDCF7169257D6914EE
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/2rZiwDts7WUnSuQU5GlRNFEFxi8.roa
Signing time:             Sat 22 Jun 2024 17:09:34 +0000
ROA not before:           Sat 22 Jun 2024 17:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47216
IP address blocks:        87.248.154.0/24 maxlen: 24
                          194.60.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:40:ec:bb:bc:e6:c7:0b:ed:cf:71:69:25:7d:69:14:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jun 22 17:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dab662c03b6ced65274ae414e46951345105c62f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a8:65:f0:aa:19:71:82:2e:f2:95:33:ee:1c:
                    e5:fb:dd:d1:50:dd:c3:47:fc:c4:ff:93:59:2e:79:
                    fc:db:52:54:8f:04:3a:78:d8:c2:dc:f9:2a:38:0e:
                    34:cd:58:d1:63:d0:1e:ae:84:48:cb:5d:3b:e5:1d:
                    d9:0b:b9:c5:fc:e1:da:a8:34:07:c0:13:4f:22:01:
                    78:58:af:90:5d:d6:af:dd:de:37:5e:f7:96:82:5d:
                    98:9b:49:6a:7d:d9:a9:de:be:bf:58:f9:a9:a8:55:
                    34:79:5d:07:c9:4a:8e:63:6f:ec:8c:af:ea:5b:7b:
                    9c:5f:78:3d:1a:d8:9b:5d:86:08:fc:67:3b:02:bd:
                    16:83:a6:b3:62:e9:97:49:69:a2:5a:83:5d:e4:8e:
                    89:2d:4a:4c:77:3f:2e:34:52:0b:70:13:b3:e7:51:
                    70:a0:33:43:1b:17:38:8d:82:1d:b3:91:69:c4:86:
                    2a:97:42:f8:ab:ca:74:62:34:0b:57:37:36:94:ca:
                    e4:2b:57:fb:10:80:33:64:5e:5a:39:44:92:5c:3d:
                    dc:db:b0:18:d6:64:c3:8e:be:d2:c9:42:78:7f:e2:
                    56:1f:a7:97:77:8e:0b:e0:40:9e:0d:d9:53:d6:22:
                    d2:be:d4:7f:ce:04:69:26:53:22:bc:fa:1e:c9:26:
                    aa:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B6:62:C0:3B:6C:ED:65:27:4A:E4:14:E4:69:51:34:51:05:C6:2F
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/2rZiwDts7WUnSuQU5GlRNFEFxi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.154.0/24
                  194.60.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1b:ff:73:61:55:e5:da:80:a6:b6:7b:12:0e:17:79:e2:eb:
         6f:22:07:43:60:c5:b1:10:6a:bc:7a:8c:82:89:fe:da:c9:6f:
         3e:a6:4e:ff:ad:a0:62:b5:f9:ac:80:ca:60:bd:de:bc:fb:39:
         4c:bc:6a:23:d6:e6:71:62:fd:9f:83:ff:be:c5:a5:84:da:dd:
         a9:3a:67:33:2a:64:59:94:27:62:4c:dc:57:f0:b3:4b:60:ea:
         5d:eb:0e:f4:0e:32:72:b5:e1:6f:f3:e6:b0:79:7e:be:37:0d:
         85:41:18:da:30:d1:2e:36:f3:8e:b6:5f:c5:0c:18:c8:f9:69:
         e5:38:79:0d:bb:a1:97:e8:f8:f9:0f:7f:ed:d4:07:40:00:2c:
         31:31:f8:1c:e9:cb:df:13:86:2c:6d:43:82:da:69:a7:ea:09:
         20:01:29:8b:ae:56:48:69:dc:d3:f6:04:08:ba:6e:f3:d0:01:
         3d:09:47:13:13:39:35:78:b7:d0:e2:c7:a6:fa:12:af:56:79:
         78:fd:05:8a:95:84:f8:40:4a:7b:c4:d0:e1:37:9a:e3:8c:81:
         9d:82:bd:bf:2a:42:f2:f6:b6:f4:80:1c:de:d8:f4:77:ae:13:
         fe:36:30:c5:c2:16:39:ad:a3:8e:f4:22:ae:41:d1:92:b4:0a:
         36:91:ad:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBA7Lu85scL7c9xaSV9aRTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwNjIyMTcwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWI2NjJjMDNiNmNlZDY1Mjc0YWU0MTRlNDY5NTEzNDUxMDVjNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16hl8KoZcYIu8pUz7hzl+93RUN3D
R/zE/5NZLnn821JUjwQ6eNjC3PkqOA40zVjRY9AeroRIy1075R3ZC7nF/OHaqDQH
wBNPIgF4WK+QXdav3d43XveWgl2Ym0lqfdmp3r6/WPmpqFU0eV0HyUqOY2/sjK/q
W3ucX3g9GtibXYYI/Gc7Ar0Wg6azYumXSWmiWoNd5I6JLUpMdz8uNFILcBOz51Fw
oDNDGxc4jYIds5FpxIYql0L4q8p0YjQLVzc2lMrkK1f7EIAzZF5aOUSSXD3c27AY
1mTDjr7SyUJ4f+JWH6eXd44L4ECeDdlT1iLSvtR/zgRpJlMivPoeySaq9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNq2YsA7bO1lJ0rkFORpUTRRBcYvMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvMnJaaXdEdHM3V1VuU3VRVTVHbFJORkVGeGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/iaAwQA
wjzlMA0GCSqGSIb3DQEBCwUAA4IBAQAmG/9zYVXl2oCmtnsSDhd54utvIgdDYMWx
EGq8eoyCif7ayW8+pk7/raBitfmsgMpgvd68+zlMvGoj1uZxYv2fg/++xaWE2t2p
OmczKmRZlCdiTNxX8LNLYOpd6w70DjJyteFv8+aweX6+Nw2FQRjaMNEuNvOOtl/F
DBjI+WnlOHkNu6GX6Pj5D3/t1AdAACwxMfgc6cvfE4YsbUOC2mmn6gkgASmLrlZI
adzT9gQIum7z0AE9CUcTEzk1eLfQ4sem+hKvVnl4/QWKlYT4QEp7xNDhN5rjjIGd
gr2/KkLy9rb0gBze2PR3rhP+NjDFwhY5raOO9CKuQdGStAo2ka2i
-----END CERTIFICATE-----