Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/LwcwiecPlTPLucOhr4CZh4GdNzo.roa
File:                     LwcwiecPlTPLucOhr4CZh4GdNzo.roa (raw, json)
Hash identifier:          jxzgyQvX325Pr5NOWPUMaoMTuI4obe5Rnr9D7cqhzmE=
Subject key identifier:   2F:07:30:89:E7:0F:95:33:CB:B9:C3:A1:AF:80:99:87:81:9D:37:3A
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB63824A14A81619821CC54C6D7C2C
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/LwcwiecPlTPLucOhr4CZh4GdNzo.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44400
IP address blocks:        87.248.142.0/24 maxlen: 24
                          87.248.141.0/24 maxlen: 24
                          87.248.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 15:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:63:82:4a:14:a8:16:19:82:1c:c5:4c:6d:7c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f073089e70f9533cbb9c3a1af809987819d373a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5e:93:19:5b:14:0a:45:f3:4a:48:86:50:c9:
                    fc:38:33:f1:fd:16:58:1e:58:63:bd:22:19:1e:d4:
                    62:b0:4b:24:b8:a3:ec:86:06:ed:2c:06:7f:d5:d0:
                    4d:dc:2d:48:5a:9e:68:a3:7b:58:3a:e2:e3:71:07:
                    1b:be:eb:82:c8:56:9d:17:30:ce:5d:be:0c:01:34:
                    0c:0a:ea:79:61:d3:c0:31:70:0f:ee:8e:06:97:9b:
                    9c:b5:2a:6a:9c:d7:13:b4:a1:e4:d0:71:5b:12:5d:
                    c7:6b:d1:65:07:c5:4a:98:6e:93:7c:5f:fb:36:9d:
                    c8:a7:90:61:e6:eb:96:ca:a2:7b:25:c4:4b:fd:26:
                    f6:7f:1d:32:16:14:37:5a:b4:ac:54:27:f3:60:93:
                    ab:6c:72:5f:07:b7:17:c9:91:0d:21:5f:e8:97:77:
                    d8:59:31:bc:61:cf:70:47:7f:e6:21:be:f7:b2:eb:
                    ee:17:d0:29:32:68:66:c5:1b:1d:71:c1:57:48:05:
                    82:fd:d8:bd:d4:c9:cb:5f:d3:08:ed:6b:7c:20:f0:
                    4d:82:64:f2:44:7c:3f:45:47:43:05:71:80:ec:58:
                    6c:78:15:02:35:78:fd:fa:85:00:f2:a2:df:bc:ef:
                    1d:68:9c:c9:9e:30:96:5e:cc:67:2d:6a:5d:a7:70:
                    2c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:07:30:89:E7:0F:95:33:CB:B9:C3:A1:AF:80:99:87:81:9D:37:3A
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/LwcwiecPlTPLucOhr4CZh4GdNzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.140.0-87.248.142.255

    Signature Algorithm: sha256WithRSAEncryption
         06:c3:f2:99:e9:c9:0c:ab:48:b5:43:ec:a8:dd:43:fd:eb:c0:
         2a:c6:f8:05:80:ee:d8:11:a1:3c:73:c3:e5:3e:57:99:da:a7:
         1e:6d:c2:94:74:0d:b3:00:eb:f7:11:49:c8:0f:1b:8b:6f:25:
         78:15:ef:cf:d9:3d:3b:e5:fd:dd:b2:82:e5:01:67:16:ba:f9:
         47:3e:bb:18:7d:fb:9e:ab:7c:b8:b2:bf:f4:0a:00:fc:c1:d9:
         ac:9d:d3:a4:6b:83:a3:ec:16:34:49:1f:0f:3d:20:56:70:67:
         d1:57:39:8a:b5:83:77:95:48:92:f0:9d:87:58:c7:5d:c9:e8:
         fc:a1:50:2c:3c:a9:6f:15:7a:37:16:ca:66:b9:b6:bd:ec:c7:
         8f:32:da:a4:ec:94:a5:d2:44:bf:de:aa:68:80:93:c2:6e:24:
         8d:68:9e:24:22:7f:97:8f:83:29:39:86:33:e6:36:1e:a6:f7:
         b2:20:78:85:09:d0:f5:5c:21:b8:a4:52:a0:5d:b7:44:ac:5f:
         55:09:ba:de:1f:a1:9e:b1:64:82:31:e1:ff:83:ee:1d:47:c3:
         b2:c5:3e:a1:7b:03:ab:dd:e6:fe:d4:77:8f:ce:f5:e5:48:98:
         90:d4:6a:61:71:24:19:43:24:70:52:72:09:20:e2:94:3c:c2:
         26:ae:26:3b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC22OCShSoFhmCHMVMbXwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjA3MzA4OWU3MGY5NTMzY2JiOWMzYTFhZjgwOTk4NzgxOWQzNzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAll6TGVsUCkXzSkiGUMn8ODPx/RZY
HlhjvSIZHtRisEskuKPshgbtLAZ/1dBN3C1IWp5oo3tYOuLjcQcbvuuCyFadFzDO
Xb4MATQMCup5YdPAMXAP7o4Gl5uctSpqnNcTtKHk0HFbEl3Ha9FlB8VKmG6TfF/7
Np3Ip5Bh5uuWyqJ7JcRL/Sb2fx0yFhQ3WrSsVCfzYJOrbHJfB7cXyZENIV/ol3fY
WTG8Yc9wR3/mIb73suvuF9ApMmhmxRsdccFXSAWC/di91MnLX9MI7Wt8IPBNgmTy
RHw/RUdDBXGA7FhseBUCNXj9+oUA8qLfvO8daJzJnjCWXsxnLWpdp3As3wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC8HMInnD5Uzy7nDoa+AmYeBnTc6MB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvTHdjd2llY1BsVFBMdWNPaHI0Q1poNEdkTnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJX+IwD
BABX+I4wDQYJKoZIhvcNAQELBQADggEBAAbD8pnpyQyrSLVD7KjdQ/3rwCrG+AWA
7tgRoTxzw+U+V5napx5twpR0DbMA6/cRScgPG4tvJXgV78/ZPTvl/d2yguUBZxa6
+Uc+uxh9+56rfLiyv/QKAPzB2ayd06Rrg6PsFjRJHw89IFZwZ9FXOYq1g3eVSJLw
nYdYx13J6PyhUCw8qW8VejcWyma5tr3sx48y2qTslKXSRL/eqmiAk8JuJI1oniQi
f5ePgyk5hjPmNh6m97IgeIUJ0PVcIbikUqBdt0SsX1UJut4foZ6xZIIx4f+D7h1H
w7LFPqF7A6vd5v7Ud4/O9eVImJDUamFxJBlDJHBScgkg4pQ8wiauJjs=
-----END CERTIFICATE-----