Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/ReT93gD-ZzC80_14bFBxlXpXags.roa
File:                     ReT93gD-ZzC80_14bFBxlXpXags.roa (raw, json)
Hash identifier:          IYQtO6qVt2xmS1CX3fRpbQobh6j5W/sMh9oOFMo1OLw=
Subject key identifier:   45:E4:FD:DE:00:FE:67:30:BC:D3:FD:78:6C:50:71:95:7A:57:6A:0B
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       0190E893496730DBA684C7842081CA1BAB5C
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/ReT93gD-ZzC80_14bFBxlXpXags.roa
Signing time:             Thu 25 Jul 2024 06:28:04 +0000
ROA not before:           Thu 25 Jul 2024 06:28:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        87.248.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e8:93:49:67:30:db:a6:84:c7:84:20:81:ca:1b:ab:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jul 25 06:28:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45e4fdde00fe6730bcd3fd786c5071957a576a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d8:f1:6e:5a:f0:38:9d:2a:29:87:cc:71:9b:
                    90:52:30:3f:df:c3:02:af:e1:f4:89:96:a1:44:27:
                    1a:91:50:7d:ab:20:b1:7b:9a:be:61:f4:f6:d8:45:
                    7b:c5:3a:ba:4a:b9:f6:ca:c7:39:36:67:c8:b4:13:
                    c0:0c:97:ae:65:97:f9:0e:3c:49:6d:c2:fb:1a:86:
                    83:d4:22:4b:b6:6f:8b:10:3b:d8:92:61:92:d8:65:
                    0d:e3:22:f5:85:e3:51:f7:9b:f5:16:5b:d6:f4:c3:
                    37:bc:a5:5b:d7:26:63:49:bb:a4:e4:fc:0e:e5:f9:
                    52:fa:a8:20:8a:af:c7:99:73:6e:a9:42:3b:49:15:
                    5a:d6:b5:f0:9d:1f:5a:96:79:96:bb:0a:12:1f:09:
                    03:80:70:60:97:b9:cc:12:10:6f:1f:cc:92:96:56:
                    e2:c4:2f:7e:12:87:d0:a0:11:e0:7d:cb:f4:1a:14:
                    97:6f:aa:60:14:fd:98:d7:bf:eb:61:6a:36:a6:b5:
                    a8:28:80:b1:f3:26:6f:3e:e3:30:1a:4f:e9:8d:2d:
                    2e:00:9d:bc:f2:ce:cc:fc:f1:8a:92:2c:94:64:f1:
                    20:dc:9e:22:5b:17:f3:19:a0:6c:f8:bd:33:1a:7e:
                    a9:08:ed:20:ab:b5:e9:86:1f:bb:f0:98:11:33:58:
                    e6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E4:FD:DE:00:FE:67:30:BC:D3:FD:78:6C:50:71:95:7A:57:6A:0B
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/ReT93gD-ZzC80_14bFBxlXpXags.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:3b:52:30:90:00:01:b8:44:14:b3:56:84:25:90:0c:61:c6:
         75:25:2d:43:4f:cf:ba:7c:24:d1:2e:89:98:ff:43:62:7a:a1:
         42:a0:45:49:32:3e:74:a7:1d:26:62:b8:41:e4:a0:9d:63:60:
         7b:c1:13:01:df:b7:1d:5f:5d:be:b9:d2:a1:f7:e0:0e:77:18:
         e2:2c:1f:79:00:ef:8c:b5:88:20:ae:ab:05:1c:db:5a:6d:1f:
         89:9d:91:52:bc:c1:85:46:d2:15:ed:f0:4e:92:42:0c:08:a4:
         30:d5:51:6f:df:b4:8b:8c:79:da:6c:6f:52:14:65:7d:91:7a:
         5c:bd:0b:b7:97:5f:e7:1f:6d:9f:50:dc:3f:b6:21:02:0b:05:
         2f:af:d6:fb:a4:f1:4c:03:2f:fc:db:d6:f7:89:ea:15:b4:33:
         e7:38:22:0d:af:42:02:30:8e:22:73:c6:94:33:68:5f:69:31:
         12:97:db:30:76:ea:34:76:f7:2b:96:d6:ae:30:01:42:2f:b9:
         c3:7a:c1:3c:f4:85:9e:d6:25:7d:1c:38:94:91:92:1a:2f:08:
         93:24:27:ff:e6:66:9f:9a:76:51:e4:65:f4:8b:ce:99:d2:ba:
         0a:f0:2a:ac:cf:27:5c:63:e7:be:b4:b4:19:2f:87:c0:64:99:
         74:75:3d:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDok0lnMNumhMeEIIHKG6tcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwNzI1MDYyODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWU0ZmRkZTAwZmU2NzMwYmNkM2ZkNzg2YzUwNzE5NTdhNTc2YTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdjxblrwOJ0qKYfMcZuQUjA/38MC
r+H0iZahRCcakVB9qyCxe5q+YfT22EV7xTq6Srn2ysc5NmfItBPADJeuZZf5DjxJ
bcL7GoaD1CJLtm+LEDvYkmGS2GUN4yL1heNR95v1FlvW9MM3vKVb1yZjSbuk5PwO
5flS+qggiq/HmXNuqUI7SRVa1rXwnR9alnmWuwoSHwkDgHBgl7nMEhBvH8ySllbi
xC9+EofQoBHgfcv0GhSXb6pgFP2Y17/rYWo2prWoKICx8yZvPuMwGk/pjS0uAJ28
8s7M/PGKkiyUZPEg3J4iWxfzGaBs+L0zGn6pCO0gq7Xphh+78JgRM1jmvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXk/d4A/mcwvNP9eGxQcZV6V2oLMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvUmVUOTNnRC1aekM4MF8xNGJGQnhsWHBYYWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iEMA0G
CSqGSIb3DQEBCwUAA4IBAQCzO1IwkAABuEQUs1aEJZAMYcZ1JS1DT8+6fCTRLomY
/0NieqFCoEVJMj50px0mYrhB5KCdY2B7wRMB37cdX12+udKh9+AOdxjiLB95AO+M
tYggrqsFHNtabR+JnZFSvMGFRtIV7fBOkkIMCKQw1VFv37SLjHnabG9SFGV9kXpc
vQu3l1/nH22fUNw/tiECCwUvr9b7pPFMAy/829b3ieoVtDPnOCINr0ICMI4ic8aU
M2hfaTESl9swduo0dvcrltauMAFCL7nDesE89IWe1iV9HDiUkZIaLwiTJCf/5maf
mnZR5GX0i86Z0roK8CqszydcY+e+tLQZL4fAZJl0dT2B
-----END CERTIFICATE-----