Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/9OH5X962YQixOoypsDyb5hHutjQ.roa
File:                     9OH5X962YQixOoypsDyb5hHutjQ.roa (raw, json)
Hash identifier:          8JmYN4cgbhp7CJdXZW968JxWWoQTBaTS44ZrSknjfVM=
Subject key identifier:   F4:E1:F9:5F:DE:B6:61:08:B1:3A:8C:A9:B0:3C:9B:E6:11:EE:B6:34
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB6AA084FD8A083F7B4693A626A3D8
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/9OH5X962YQixOoypsDyb5hHutjQ.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400040
IP address blocks:        87.248.136.0/24 maxlen: 24
                          87.248.135.0/24 maxlen: 24
                          87.248.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 12:48:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:6a:a0:84:fd:8a:08:3f:7b:46:93:a6:26:a3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4e1f95fdeb66108b13a8ca9b03c9be611eeb634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:dd:04:a7:70:4e:e6:ec:ac:a4:d7:5c:99:0d:
                    fa:fb:38:14:99:1d:f1:cc:06:10:4e:ba:72:6f:c3:
                    d4:96:ca:1e:44:d4:11:5d:44:ab:ee:56:71:cc:3c:
                    29:71:22:4f:c4:ef:82:00:2d:21:5a:3a:ec:39:dc:
                    90:c0:a0:be:33:45:ce:52:d1:85:6c:fc:28:22:9e:
                    83:f1:eb:90:28:68:37:43:94:f5:53:69:52:a9:ec:
                    f7:ba:ed:74:08:44:6c:50:a5:39:95:ea:2c:e1:6c:
                    5b:5f:5a:39:a0:b6:ad:85:c9:7c:79:86:ae:cc:d2:
                    d5:4f:15:c5:71:d5:63:f8:86:3b:b3:65:a5:c1:7a:
                    0b:06:c4:4e:58:e1:46:3c:2b:a9:76:6a:f3:d1:ba:
                    59:44:aa:2a:c7:80:8e:50:87:7b:a8:5b:8d:5f:ab:
                    b7:52:d7:b2:2c:1e:aa:73:8f:10:cb:ca:dd:9a:d1:
                    b4:8f:3c:b9:0f:90:42:d6:a7:c9:a1:9d:5a:4e:12:
                    ef:02:2c:74:df:dc:cb:e0:23:a9:8f:37:12:a7:e6:
                    44:d4:d3:5e:e9:28:d9:0b:60:85:75:d3:83:0a:d1:
                    42:40:6c:54:f5:a2:c1:06:71:b5:ba:e4:99:f2:6f:
                    d5:bf:17:5d:77:8e:74:cf:69:73:97:37:66:b4:e8:
                    70:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:E1:F9:5F:DE:B6:61:08:B1:3A:8C:A9:B0:3C:9B:E6:11:EE:B6:34
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/9OH5X962YQixOoypsDyb5hHutjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.135.0-87.248.136.255
                  87.248.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d4:1c:67:66:c3:08:95:5e:bb:73:f6:4c:46:87:6b:97:ac:
         44:24:f7:a0:e5:3d:85:15:b8:ec:11:9f:9f:9b:cd:b3:bf:a1:
         80:e7:ca:9d:0e:12:94:b5:ad:bb:a2:de:e4:00:dc:d8:3e:bc:
         c2:c5:6b:7a:0c:b4:6c:b4:34:94:b6:6b:74:7a:0e:ed:53:fe:
         10:d3:08:a1:cb:bd:b2:4d:26:87:de:7d:3b:af:60:a4:7a:36:
         94:de:fc:72:63:38:00:66:cb:5b:3d:e7:ef:6c:b0:09:17:00:
         5b:bb:71:51:43:31:87:0b:48:98:b1:8c:30:8a:ff:14:a1:53:
         d3:f4:0d:31:7c:6f:86:0d:e9:5d:2e:c4:64:bd:71:fe:1a:2e:
         82:65:07:ba:20:f9:83:cc:ea:33:77:53:97:26:bc:2c:c4:40:
         e5:e4:cc:8d:29:f0:21:4e:a5:9e:8d:cf:7d:d4:8f:4b:9d:99:
         6f:9e:f0:e3:8f:25:18:7a:a7:14:e5:c8:ae:57:eb:bb:08:9e:
         ad:b8:fb:6a:c6:fc:95:72:0f:68:e2:62:1e:82:f8:8d:a2:53:
         14:c5:62:41:01:19:8c:b3:ed:38:68:40:d4:08:fb:83:54:a8:
         36:1c:4d:e2:27:38:16:bc:24:a5:3d:3f:1d:d4:09:f7:dc:e0:
         a8:88:da:6f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzC22qghP2KCD97RpOmJqPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGUxZjk1ZmRlYjY2MTA4YjEzYThjYTliMDNjOWJlNjExZWViNjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAht0Ep3BO5uyspNdcmQ36+zgUmR3x
zAYQTrpyb8PUlsoeRNQRXUSr7lZxzDwpcSJPxO+CAC0hWjrsOdyQwKC+M0XOUtGF
bPwoIp6D8euQKGg3Q5T1U2lSqez3uu10CERsUKU5leos4WxbX1o5oLathcl8eYau
zNLVTxXFcdVj+IY7s2WlwXoLBsROWOFGPCupdmrz0bpZRKoqx4COUId7qFuNX6u3
UteyLB6qc48Qy8rdmtG0jzy5D5BC1qfJoZ1aThLvAix039zL4COpjzcSp+ZE1NNe
6SjZC2CFddODCtFCQGxU9aLBBnG1uuSZ8m/Vvxddd450z2lzlzdmtOhwvQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPTh+V/etmEIsTqMqbA8m+YR7rY0MB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvOU9INVg5NjJZUWl4T295cHNEeWI1aEh1dGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABX+IcD
BABX+IgDBABX+JAwDQYJKoZIhvcNAQELBQADggEBADjUHGdmwwiVXrtz9kxGh2uX
rEQk96DlPYUVuOwRn5+bzbO/oYDnyp0OEpS1rbui3uQA3Ng+vMLFa3oMtGy0NJS2
a3R6Du1T/hDTCKHLvbJNJofefTuvYKR6NpTe/HJjOABmy1s95+9ssAkXAFu7cVFD
MYcLSJixjDCK/xShU9P0DTF8b4YN6V0uxGS9cf4aLoJlB7og+YPM6jN3U5cmvCzE
QOXkzI0p8CFOpZ6Nz33Uj0udmW+e8OOPJRh6pxTlyK5X67sInq24+2rG/JVyD2ji
Yh6C+I2iUxTFYkEBGYyz7ThoQNQI+4NUqDYcTeInOBa8JKU9Px3UCffc4KiI2m8=
-----END CERTIFICATE-----