Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/GD61enfpRYvZEiGqUYA5W5_jcWc.roa
File:                     GD61enfpRYvZEiGqUYA5W5_jcWc.roa (raw, json)
Hash identifier:          vwVzq9U3p/G+fT7ZKkQZH564SI3qfd7TtRq01U3JgsQ=
Subject key identifier:   18:3E:B5:7A:77:E9:45:8B:D9:12:21:AA:51:80:39:5B:9F:E3:71:67
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB6A30B754DA847EFD40AA1951DE13
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/GD61enfpRYvZEiGqUYA5W5_jcWc.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        87.248.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:6a:30:b7:54:da:84:7e:fd:40:aa:19:51:de:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=183eb57a77e9458bd91221aa5180395b9fe37167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4b:92:f7:96:14:bd:19:86:e0:74:90:ae:94:
                    c5:ad:4a:28:44:2d:f8:9c:69:04:33:2c:20:bf:b0:
                    3c:8b:94:8d:78:0f:19:65:49:a7:2c:db:20:29:4d:
                    53:e1:eb:43:a5:86:41:e9:51:a3:5b:d7:f7:ac:24:
                    45:4f:75:7d:a7:1e:d3:10:c3:06:8d:67:92:cf:00:
                    e0:e3:15:07:92:71:1e:cd:7d:0f:aa:4b:86:0b:17:
                    5a:1e:e5:c8:94:88:d8:30:54:03:6b:fe:4d:94:4a:
                    cf:36:b1:75:77:38:6c:cb:f7:39:0c:de:72:4d:5f:
                    6f:6a:95:1c:b1:f1:1d:f0:a2:52:bd:3d:49:02:f8:
                    42:64:dc:9f:c1:95:8c:97:4a:84:7f:b4:94:dc:4c:
                    52:01:61:4a:c5:c6:58:81:2b:55:7b:8c:af:e0:d2:
                    62:aa:09:39:e8:4e:b2:7f:0c:c9:87:27:16:87:ae:
                    56:0b:60:b9:e5:63:b2:70:bd:e1:f0:2f:2d:73:c3:
                    19:32:d4:f8:bf:c3:af:b3:a2:8c:3a:22:1a:3e:7c:
                    cf:54:fa:eb:f5:bd:ff:37:37:c6:7a:ca:07:6d:8a:
                    94:74:1c:a1:7b:ae:0c:8e:af:e7:b2:4f:b6:8b:ac:
                    d2:7c:01:6a:0d:3a:15:c2:f6:b9:72:35:f5:d1:6b:
                    ff:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:3E:B5:7A:77:E9:45:8B:D9:12:21:AA:51:80:39:5B:9F:E3:71:67
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/GD61enfpRYvZEiGqUYA5W5_jcWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d7:52:9e:a7:98:76:4d:f8:64:58:eb:16:14:f0:64:b0:a6:
         89:7b:46:b9:e6:7d:bc:be:fa:cd:fd:bf:85:3b:8d:26:c2:97:
         c1:ac:b5:ee:b1:67:09:db:7c:89:60:77:bf:26:51:f4:bb:e2:
         15:bb:0b:c5:25:17:00:1f:d1:43:80:af:38:b6:d0:5b:cc:ed:
         43:e9:d4:b6:0a:da:6f:ac:28:06:e7:04:fd:3b:27:d4:10:bf:
         c9:00:02:22:f3:53:60:81:b0:76:df:87:a1:b7:0e:0f:ff:ba:
         1a:25:0e:e0:d5:f5:ca:b3:c8:43:09:83:64:39:78:8e:a0:32:
         75:66:03:6d:d0:e7:1e:98:d3:f3:ac:4b:be:08:d7:cd:a9:95:
         79:a6:05:12:a0:8a:34:e2:f2:43:aa:68:92:e0:a9:b1:1c:a5:
         51:20:11:e7:f6:e1:0d:0b:98:8c:59:18:80:f8:fe:67:ec:53:
         3b:40:77:e3:80:24:6f:3f:40:ff:41:f9:99:52:5e:80:3e:83:
         01:01:96:e5:bf:a4:7e:18:20:ed:9f:b2:1b:fd:a3:bb:21:33:
         5e:90:2b:ba:3c:5d:80:68:84:fa:61:e7:64:ba:c7:17:a7:5c:
         8a:59:9e:07:60:cb:48:f8:ea:ea:74:74:ab:87:fb:59:da:0a:
         7a:24:ef:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22owt1TahH79QKoZUd4TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODNlYjU3YTc3ZTk0NThiZDkxMjIxYWE1MTgwMzk1YjlmZTM3MTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUuS95YUvRmG4HSQrpTFrUooRC34
nGkEMywgv7A8i5SNeA8ZZUmnLNsgKU1T4etDpYZB6VGjW9f3rCRFT3V9px7TEMMG
jWeSzwDg4xUHknEezX0PqkuGCxdaHuXIlIjYMFQDa/5NlErPNrF1dzhsy/c5DN5y
TV9vapUcsfEd8KJSvT1JAvhCZNyfwZWMl0qEf7SU3ExSAWFKxcZYgStVe4yv4NJi
qgk56E6yfwzJhycWh65WC2C55WOycL3h8C8tc8MZMtT4v8Ovs6KMOiIaPnzPVPrr
9b3/NzfGesoHbYqUdByhe64Mjq/nsk+2i6zSfAFqDToVwva5cjX10Wv/NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBg+tXp36UWL2RIhqlGAOVuf43FnMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvR0Q2MWVuZnBSWXZaRWlHcVVZQTVXNV9qY1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iVMA0G
CSqGSIb3DQEBCwUAA4IBAQCU11Kep5h2TfhkWOsWFPBksKaJe0a55n28vvrN/b+F
O40mwpfBrLXusWcJ23yJYHe/JlH0u+IVuwvFJRcAH9FDgK84ttBbzO1D6dS2Ctpv
rCgG5wT9OyfUEL/JAAIi81NggbB234ehtw4P/7oaJQ7g1fXKs8hDCYNkOXiOoDJ1
ZgNt0OcemNPzrEu+CNfNqZV5pgUSoIo04vJDqmiS4KmxHKVRIBHn9uENC5iMWRiA
+P5n7FM7QHfjgCRvP0D/QfmZUl6APoMBAZblv6R+GCDtn7Ib/aO7ITNekCu6PF2A
aIT6YedkuscXp1yKWZ4HYMtI+OrqdHSrh/tZ2gp6JO+V
-----END CERTIFICATE-----