Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/GbLhCb7LtppG03iqg1JrQPxPGik.roa
File:                     GbLhCb7LtppG03iqg1JrQPxPGik.roa (raw, json)
Hash identifier:          Nhpdg3evar8Wgs90fQIra7qhNWc+KSECGcaKhukai1s=
Subject key identifier:   19:B2:E1:09:BE:CB:B6:9A:46:D3:78:AA:83:52:6B:40:FC:4F:1A:29
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       019428239B88416A9F9353D4477C41A503E5
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/GbLhCb7LtppG03iqg1JrQPxPGik.roa
Signing time:             Thu 02 Jan 2025 17:50:09 +0000
ROA not before:           Thu 02 Jan 2025 17:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48147
IP address blocks:        87.248.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:9b:88:41:6a:9f:93:53:d4:47:7c:41:a5:03:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  2 17:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19b2e109becbb69a46d378aa83526b40fc4f1a29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:bf:78:4a:e4:c9:f3:91:15:47:ba:08:95:df:
                    c2:38:22:07:f9:27:e5:80:84:d4:c1:83:3b:61:64:
                    98:4c:a1:f7:3b:8f:c6:9a:07:28:c0:af:fe:c1:00:
                    9b:b2:a5:e8:70:7a:15:c0:8d:f2:f0:78:dd:1b:4e:
                    73:9d:10:a0:fe:a0:b4:b2:a5:59:b3:c3:cf:d0:b5:
                    f9:25:5f:8d:fa:e3:58:ca:39:cc:de:95:d0:0b:96:
                    10:d3:71:12:fe:c4:0e:ce:f8:72:89:3c:5b:66:59:
                    b4:c6:43:92:8f:29:a3:16:ba:86:21:c3:19:68:52:
                    d8:9a:ad:4f:20:47:e9:0d:38:a5:3e:55:ed:e8:7a:
                    e9:2f:de:d4:30:24:f3:2e:e2:c3:2a:96:0b:15:a1:
                    eb:b0:e7:42:de:01:11:03:da:a4:6a:f2:36:c9:24:
                    05:f5:fd:93:ea:ed:ba:a5:36:0f:59:bd:e6:c9:74:
                    f1:8d:32:a7:4a:53:d4:79:ef:04:0d:4c:33:45:4d:
                    65:f0:dd:6b:48:cb:62:ce:f4:57:1c:1c:bd:1d:58:
                    e4:38:eb:9f:8e:b5:2b:3a:2b:fb:e7:04:2b:9b:91:
                    af:80:13:9a:25:52:0d:ce:8a:78:5c:1a:d6:4c:1c:
                    c8:eb:94:77:3e:57:58:cd:af:19:61:ef:b3:b5:b9:
                    ad:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:B2:E1:09:BE:CB:B6:9A:46:D3:78:AA:83:52:6B:40:FC:4F:1A:29
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/GbLhCb7LtppG03iqg1JrQPxPGik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:60:70:4d:47:66:6e:f4:cc:b4:de:85:b8:f2:09:2f:5c:29:
         21:14:cd:7d:e4:85:e1:40:a8:ce:6c:98:0e:70:91:03:a0:3b:
         b5:9c:71:1d:55:0b:1f:f6:ad:f3:5d:5d:87:c9:b3:7a:d2:b7:
         80:5b:a8:96:bf:ee:84:21:52:73:59:88:2a:75:b0:cf:31:dc:
         a8:74:86:94:b8:0c:f4:fe:e7:38:62:b5:72:6c:67:5f:d7:3e:
         36:9f:4a:cd:4e:f3:7f:2a:2b:01:91:13:67:4d:e7:e4:98:ad:
         1f:67:1b:f3:85:fc:56:48:72:9c:2c:46:87:ba:c5:d5:cf:4d:
         55:6c:aa:8d:1d:08:4a:7c:02:48:4c:b2:c3:6f:24:96:f3:fd:
         fd:50:96:a9:1b:af:d2:ff:a3:c9:ad:fb:fc:65:51:f3:37:67:
         29:fb:d4:0e:4e:fb:ef:fc:aa:ee:4d:0c:31:3d:9b:a3:73:8a:
         e9:9f:93:6e:11:ce:e5:36:50:0e:1c:09:cc:a6:d0:e9:45:ed:
         7b:7d:63:cd:cf:44:a1:1b:42:52:48:c9:2e:18:d4:52:e7:83:
         f6:9b:37:5f:94:15:b0:dc:d3:42:5a:7b:2b:b5:c7:ee:4e:4e:
         60:d4:4b:2d:8c:57:b9:c7:79:d9:d7:77:c5:e8:67:65:72:9c:
         e0:fd:c8:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI5uIQWqfk1PUR3xBpQPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMTAyMTc1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWIyZTEwOWJlY2JiNjlhNDZkMzc4YWE4MzUyNmI0MGZjNGYxYTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt794SuTJ85EVR7oIld/COCIH+Sfl
gITUwYM7YWSYTKH3O4/GmgcowK/+wQCbsqXocHoVwI3y8HjdG05znRCg/qC0sqVZ
s8PP0LX5JV+N+uNYyjnM3pXQC5YQ03ES/sQOzvhyiTxbZlm0xkOSjymjFrqGIcMZ
aFLYmq1PIEfpDTilPlXt6HrpL97UMCTzLuLDKpYLFaHrsOdC3gERA9qkavI2ySQF
9f2T6u26pTYPWb3myXTxjTKnSlPUee8EDUwzRU1l8N1rSMtizvRXHBy9HVjkOOuf
jrUrOiv75wQrm5GvgBOaJVINzop4XBrWTBzI65R3PldYza8ZYe+ztbmtkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmy4Qm+y7aaRtN4qoNSa0D8TxopMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvR2JMaENiN0x0cHBHMDNpcWcxSnJRUHhQR2lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iTMA0G
CSqGSIb3DQEBCwUAA4IBAQC3YHBNR2Zu9My03oW48gkvXCkhFM195IXhQKjObJgO
cJEDoDu1nHEdVQsf9q3zXV2HybN60reAW6iWv+6EIVJzWYgqdbDPMdyodIaUuAz0
/uc4YrVybGdf1z42n0rNTvN/KisBkRNnTefkmK0fZxvzhfxWSHKcLEaHusXVz01V
bKqNHQhKfAJITLLDbySW8/39UJapG6/S/6PJrfv8ZVHzN2cp+9QOTvvv/KruTQwx
PZujc4rpn5NuEc7lNlAOHAnMptDpRe17fWPNz0ShG0JSSMkuGNRS54P2mzdflBWw
3NNCWnsrtcfuTk5g1EstjFe5x3nZ13fF6Gdlcpzg/ch3
-----END CERTIFICATE-----