Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/DhQS4vOYDF6H_8OWg4SHjhbpiRI.roa
File:                     DhQS4vOYDF6H_8OWg4SHjhbpiRI.roa (raw, json)
Hash identifier:          fNK2myED2q9q2doGfvQzo78kwtzYcmHRZJlkYm51Txg=
Subject key identifier:   0E:14:12:E2:F3:98:0C:5E:87:FF:C3:96:83:84:87:8E:16:E9:89:12
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       019428239C9602D592052061D28AFB6788A1
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/DhQS4vOYDF6H_8OWg4SHjhbpiRI.roa
Signing time:             Thu 02 Jan 2025 17:50:10 +0000
ROA not before:           Thu 02 Jan 2025 17:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60631
IP address blocks:        87.248.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:9c:96:02:d5:92:05:20:61:d2:8a:fb:67:88:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  2 17:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e1412e2f3980c5e87ffc3968384878e16e98912
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2b:57:e5:b4:f9:ca:90:da:d3:2a:d9:92:7c:
                    eb:cc:5b:d0:4a:fb:57:84:bf:7b:1d:ef:80:40:27:
                    d6:6a:35:65:10:c1:d4:7a:6e:36:cf:20:77:f4:3e:
                    6c:21:fd:01:19:15:b7:14:86:17:ef:79:8f:d0:f9:
                    3f:1a:01:ae:11:b6:36:b3:57:ec:8d:de:21:3e:0a:
                    0c:23:dd:ee:24:f2:55:d8:e5:49:70:87:40:07:7c:
                    8e:45:94:7e:93:af:c9:39:3d:ab:65:0a:7f:1f:eb:
                    80:07:56:87:79:70:d6:94:6e:5d:23:8f:c8:05:b2:
                    58:54:72:38:18:85:c8:4e:ae:2a:3e:9c:74:5d:2e:
                    b5:34:6f:bd:43:ff:7f:18:a5:58:b7:fb:bc:b6:c2:
                    76:19:46:9e:30:09:7e:40:15:d2:ea:25:5b:c6:5f:
                    c3:95:0a:7a:14:0d:e0:00:35:c0:bc:b8:ee:e1:b8:
                    23:4b:f4:45:25:97:27:c7:bc:b4:53:ca:4b:d7:4c:
                    46:ef:0a:cb:7c:4e:53:70:c3:40:f4:93:d4:24:6f:
                    52:96:a7:d8:f9:af:f0:1f:2c:53:5a:ce:e8:fd:71:
                    a6:27:c3:c6:99:f9:ed:14:88:1d:b5:8d:a6:b0:9a:
                    fc:11:dc:49:14:2b:9b:5c:fd:3b:dd:b2:1a:11:97:
                    b5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:14:12:E2:F3:98:0C:5E:87:FF:C3:96:83:84:87:8E:16:E9:89:12
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/DhQS4vOYDF6H_8OWg4SHjhbpiRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:0a:a5:9c:a2:b8:f5:0a:0f:1b:d0:0b:2d:e8:ca:14:17:0d:
         06:fd:84:e4:4d:71:0c:69:3c:82:a4:87:77:b9:d3:09:7e:7b:
         1d:65:8b:69:33:75:5b:7e:a9:3f:c4:77:c1:2b:c1:54:29:c3:
         43:5c:56:84:9d:9c:5c:23:bc:e1:c0:91:1f:e3:93:49:80:31:
         af:a8:ec:96:34:9e:73:60:44:00:69:09:dd:ee:23:a6:39:da:
         d5:ce:1d:8c:9a:f0:8e:2d:5b:ca:e6:5e:c4:18:ee:b6:06:1e:
         7b:ea:ad:9a:7c:d4:7c:32:6f:d6:0a:75:8d:cc:f2:24:02:1c:
         c1:54:03:52:40:d9:5c:fe:9d:bd:cf:25:b2:4b:9d:fd:00:2a:
         7b:ff:6a:6f:47:8b:01:2b:8d:30:fb:89:ca:47:8b:f9:c3:6d:
         43:f3:4e:84:6d:05:4d:1b:e5:77:0b:e1:78:de:09:37:b3:1a:
         e4:2e:dc:b8:bc:d7:24:7c:54:ad:1d:91:bb:52:96:7c:0b:0b:
         01:37:78:a0:4a:9e:b7:c2:16:b4:9e:aa:da:50:ab:a3:6f:70:
         f4:e8:ae:6b:f4:14:22:66:0d:58:1d:28:c8:48:aa:87:39:1a:
         c8:f2:4f:c0:84:3d:33:03:e6:59:6b:f9:43:25:ec:8b:c0:09:
         9d:30:4a:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI5yWAtWSBSBh0or7Z4ihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMTAyMTc1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE0MTJlMmYzOTgwYzVlODdmZmMzOTY4Mzg0ODc4ZTE2ZTk4OTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnitX5bT5ypDa0yrZknzrzFvQSvtX
hL97He+AQCfWajVlEMHUem42zyB39D5sIf0BGRW3FIYX73mP0Pk/GgGuEbY2s1fs
jd4hPgoMI93uJPJV2OVJcIdAB3yORZR+k6/JOT2rZQp/H+uAB1aHeXDWlG5dI4/I
BbJYVHI4GIXITq4qPpx0XS61NG+9Q/9/GKVYt/u8tsJ2GUaeMAl+QBXS6iVbxl/D
lQp6FA3gADXAvLju4bgjS/RFJZcnx7y0U8pL10xG7wrLfE5TcMNA9JPUJG9SlqfY
+a/wHyxTWs7o/XGmJ8PGmfntFIgdtY2msJr8EdxJFCubXP073bIaEZe12wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4UEuLzmAxeh//DloOEh44W6YkSMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvRGhRUzR2T1lERjZIXzhPV2c0U0hqaGJwaVJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iHMA0G
CSqGSIb3DQEBCwUAA4IBAQCgCqWcorj1Cg8b0Ast6MoUFw0G/YTkTXEMaTyCpId3
udMJfnsdZYtpM3Vbfqk/xHfBK8FUKcNDXFaEnZxcI7zhwJEf45NJgDGvqOyWNJ5z
YEQAaQnd7iOmOdrVzh2MmvCOLVvK5l7EGO62Bh576q2afNR8Mm/WCnWNzPIkAhzB
VANSQNlc/p29zyWyS539ACp7/2pvR4sBK40w+4nKR4v5w21D806EbQVNG+V3C+F4
3gk3sxrkLty4vNckfFStHZG7UpZ8CwsBN3igSp63wha0nqraUKujb3D06K5r9BQi
Zg1YHSjISKqHORrI8k/AhD0zA+ZZa/lDJeyLwAmdMEqr
-----END CERTIFICATE-----