Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/RodzSko_vmyzPqCKuCKq3cJkGq0.roa
File:                     RodzSko_vmyzPqCKuCKq3cJkGq0.roa (raw, json)
Hash identifier:          UPyFlyEqZNcFpcK848BEBEE7TBg3Ypn/rHLne1CII1k=
Subject key identifier:   46:87:73:4A:4A:3F:BE:6C:B3:3E:A0:8A:B8:22:AA:DD:C2:64:1A:AD
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       01942823971DACAEA77A6FA08F4D73A54D22
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/RodzSko_vmyzPqCKuCKq3cJkGq0.roa
Signing time:             Thu 02 Jan 2025 17:50:08 +0000
ROA not before:           Thu 02 Jan 2025 17:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        87.248.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:97:1d:ac:ae:a7:7a:6f:a0:8f:4d:73:a5:4d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  2 17:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4687734a4a3fbe6cb33ea08ab822aaddc2641aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:86:c9:e5:c8:91:55:28:69:76:fd:ab:a4:e8:
                    fc:fe:d3:b0:4d:6f:f0:45:e5:95:fb:bb:97:ab:df:
                    7d:3d:a1:66:ed:1a:0d:a1:b7:b6:90:75:3d:94:5b:
                    1c:2d:19:d7:1a:9e:cb:7c:08:9d:db:08:27:76:be:
                    a4:1c:71:b3:7a:70:05:ff:a5:ba:e2:d6:52:a2:fa:
                    46:95:07:89:96:21:21:33:d4:04:fd:cd:4b:f5:62:
                    3e:2d:1a:b7:76:54:60:9b:4f:d7:c2:56:63:89:d4:
                    61:e2:9c:03:fe:b3:0d:e9:70:99:e0:39:6f:ae:34:
                    1d:56:37:4f:57:9f:be:c8:e7:cf:ec:6f:bd:58:b8:
                    a2:c9:66:99:68:2d:91:e0:87:ff:63:a4:34:f0:4b:
                    c0:04:9a:0f:3e:38:d9:f4:0b:94:a1:67:8e:2a:d5:
                    94:95:c9:fc:0a:1b:18:97:7b:b4:28:bd:3f:4f:0d:
                    82:6d:96:86:cb:8e:de:5f:0e:2e:7c:d9:c1:2a:23:
                    82:01:ee:18:ab:2a:47:65:f4:d1:55:19:2c:96:e5:
                    4b:48:92:f1:6f:ad:3a:59:0f:86:9d:cf:75:21:39:
                    24:01:77:d1:2d:f5:d1:c3:f7:1a:17:52:49:8a:a4:
                    1a:e3:7d:52:66:25:ee:d8:90:48:f0:2f:27:b0:69:
                    c8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:87:73:4A:4A:3F:BE:6C:B3:3E:A0:8A:B8:22:AA:DD:C2:64:1A:AD
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/RodzSko_vmyzPqCKuCKq3cJkGq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:bf:55:1b:31:4e:d0:c6:c3:23:3c:5d:1c:a0:54:ee:34:31:
         80:b4:50:3a:c0:2a:10:9c:68:dc:c0:97:74:68:d8:7b:c2:3a:
         42:54:28:96:1f:ad:71:35:65:49:c3:2c:21:39:3d:ac:81:f2:
         f6:99:07:52:73:b9:b8:51:9e:72:27:4a:d4:2f:51:c7:d4:72:
         8d:42:9c:3d:4b:13:d9:a6:9c:bf:59:bd:12:91:9c:6f:e8:ba:
         0d:94:04:2a:03:1d:b3:a6:47:f2:4a:e2:58:27:1a:4c:f3:3b:
         d0:5a:f4:e2:9b:56:b4:6f:a5:6d:0e:e7:2f:e1:3b:89:14:e7:
         e2:33:af:36:47:94:b6:24:a5:6c:72:c3:19:ed:cb:23:8f:91:
         2f:9c:3e:bb:a5:7f:ac:e0:58:e7:2e:aa:9f:f9:a2:e2:0c:6f:
         49:2e:e4:93:03:b0:a5:9b:78:bc:a4:21:28:42:8e:e0:dd:71:
         b6:eb:8a:0a:01:c0:99:b9:5d:cf:04:17:19:57:d4:c3:4a:56:
         ed:1b:2b:80:11:3d:48:7a:c5:35:da:43:fe:06:14:b2:c7:23:
         25:b9:51:5f:17:fd:d5:28:7d:79:e8:93:79:6e:78:97:67:91:
         a0:46:0f:89:1c:4e:90:f0:9d:48:71:88:12:aa:7a:ca:18:dd:
         bf:80:9a:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI5cdrK6nem+gj01zpU0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMTAyMTc1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njg3NzM0YTRhM2ZiZTZjYjMzZWEwOGFiODIyYWFkZGMyNjQxYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIbJ5ciRVShpdv2rpOj8/tOwTW/w
ReWV+7uXq999PaFm7RoNobe2kHU9lFscLRnXGp7LfAid2wgndr6kHHGzenAF/6W6
4tZSovpGlQeJliEhM9QE/c1L9WI+LRq3dlRgm0/XwlZjidRh4pwD/rMN6XCZ4Dlv
rjQdVjdPV5++yOfP7G+9WLiiyWaZaC2R4If/Y6Q08EvABJoPPjjZ9AuUoWeOKtWU
lcn8ChsYl3u0KL0/Tw2CbZaGy47eXw4ufNnBKiOCAe4YqypHZfTRVRksluVLSJLx
b606WQ+Gnc91ITkkAXfRLfXRw/caF1JJiqQa431SZiXu2JBI8C8nsGnIcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaHc0pKP75ssz6girgiqt3CZBqtMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvUm9kelNrb192bXl6UHFDS3VDS3EzY0prR3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iUMA0G
CSqGSIb3DQEBCwUAA4IBAQB2v1UbMU7QxsMjPF0coFTuNDGAtFA6wCoQnGjcwJd0
aNh7wjpCVCiWH61xNWVJwywhOT2sgfL2mQdSc7m4UZ5yJ0rUL1HH1HKNQpw9SxPZ
ppy/Wb0SkZxv6LoNlAQqAx2zpkfySuJYJxpM8zvQWvTim1a0b6VtDucv4TuJFOfi
M682R5S2JKVscsMZ7csjj5EvnD67pX+s4FjnLqqf+aLiDG9JLuSTA7Clm3i8pCEo
Qo7g3XG264oKAcCZuV3PBBcZV9TDSlbtGyuAET1IesU12kP+BhSyxyMluVFfF/3V
KH156JN5bniXZ5GgRg+JHE6Q8J1IcYgSqnrKGN2/gJrv
-----END CERTIFICATE-----