Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/Xug-JWqIvU_cGZO2X23AwQGwo1E.roa
File:                     Xug-JWqIvU_cGZO2X23AwQGwo1E.roa (raw, json)
Hash identifier:          yZB0hX1SHdmsQw8VPl7LdiQvKzJkBdYGo5TH1U0pXwc=
Subject key identifier:   5E:E8:3E:25:6A:88:BD:4F:DC:19:93:B6:5F:6D:C0:C1:01:B0:A3:51
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       01942823A2F290C76BA5813A9B50E06BE007
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/Xug-JWqIvU_cGZO2X23AwQGwo1E.roa
Signing time:             Thu 02 Jan 2025 17:50:11 +0000
ROA not before:           Thu 02 Jan 2025 17:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400039
IP address blocks:        87.248.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:a2:f2:90:c7:6b:a5:81:3a:9b:50:e0:6b:e0:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  2 17:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ee83e256a88bd4fdc1993b65f6dc0c101b0a351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d7:19:61:d5:2c:b1:ac:fd:e2:e3:44:2f:b5:
                    8e:b8:67:91:fb:87:8c:fd:3b:db:08:1f:f7:1b:92:
                    27:ae:20:97:21:2c:5d:e6:cc:08:7b:1e:a8:7d:a1:
                    d2:dc:81:92:c8:63:bd:37:24:95:65:5e:fa:49:3d:
                    3d:60:59:b5:77:2e:51:90:c7:53:3d:37:76:40:ef:
                    a8:50:1b:b9:47:22:d5:36:e7:a6:88:04:f5:c8:9d:
                    8d:2c:03:e8:75:6c:d1:59:3a:73:81:dc:80:aa:04:
                    bc:2c:55:6e:8e:b9:45:f2:0d:89:0a:93:27:08:b2:
                    d4:42:9f:d5:cf:94:67:90:9d:7a:55:4d:ae:6e:fc:
                    db:c3:b8:ae:b1:63:f9:98:7b:3a:e5:f7:55:2b:2b:
                    7f:51:c1:3a:ce:41:12:33:c5:f7:7b:db:0a:dd:8c:
                    5c:9c:66:62:80:4a:28:ab:0b:f4:a2:9c:3a:39:8e:
                    f9:5d:9f:b5:89:6c:aa:da:78:0b:44:2e:f9:19:3e:
                    c2:63:d4:cb:cf:ce:1a:78:2b:70:17:b6:f2:dc:4b:
                    ff:d9:a9:e3:d8:69:d1:da:5c:83:a8:b3:89:0a:86:
                    40:56:43:2e:d5:0b:55:3a:43:f9:93:ee:c5:33:cc:
                    61:d7:b3:36:57:ff:ab:55:b4:39:0e:bc:ef:ef:b8:
                    15:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E8:3E:25:6A:88:BD:4F:DC:19:93:B6:5F:6D:C0:C1:01:B0:A3:51
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/Xug-JWqIvU_cGZO2X23AwQGwo1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:75:04:99:72:e5:4f:60:3b:eb:18:5f:1c:ae:c3:3d:09:56:
         c7:a3:d9:a5:37:34:70:ae:98:54:6f:c6:52:89:fa:c5:ac:70:
         c0:ea:ec:17:0a:9e:f2:d4:d3:34:11:1a:81:da:65:ff:dd:95:
         dd:e4:60:3a:e5:c8:07:dc:9b:3d:a9:ff:7e:01:c6:70:9d:74:
         ee:a7:92:c7:fa:78:9b:f6:b5:47:2a:72:76:c8:0e:3a:f9:e8:
         a9:13:f8:f6:78:e3:71:d8:f5:aa:ee:a0:79:0e:9e:8a:ae:24:
         0b:eb:61:2c:41:e4:83:f2:3b:6f:36:f5:38:07:3b:ac:bb:c6:
         bb:03:c4:c3:ab:24:82:73:d3:c2:cc:97:f0:f3:35:f9:9f:97:
         65:2c:8c:8e:e3:7e:f1:b5:0f:42:3e:4a:c6:38:64:43:31:6c:
         d3:90:04:ee:6c:2b:bd:55:91:5d:5a:61:ff:f5:f9:e1:7b:41:
         bf:50:3f:a1:7d:74:16:4d:58:95:ee:2e:f8:3b:c4:25:5a:d7:
         35:72:60:cf:c0:d9:e1:80:1e:b8:8e:28:ac:c8:a4:10:0c:dd:
         de:0e:eb:38:dc:c3:89:1d:d5:9c:d2:5d:d1:f1:e2:b4:40:74:
         e1:4d:1e:f6:05:32:85:44:a2:4a:b0:31:35:7c:a8:1c:81:20:
         30:d1:14:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI6LykMdrpYE6m1Dga+AHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMTAyMTc1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWU4M2UyNTZhODhiZDRmZGMxOTkzYjY1ZjZkYzBjMTAxYjBhMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttcZYdUssaz94uNEL7WOuGeR+4eM
/TvbCB/3G5InriCXISxd5swIex6ofaHS3IGSyGO9NySVZV76ST09YFm1dy5RkMdT
PTd2QO+oUBu5RyLVNuemiAT1yJ2NLAPodWzRWTpzgdyAqgS8LFVujrlF8g2JCpMn
CLLUQp/Vz5RnkJ16VU2ubvzbw7iusWP5mHs65fdVKyt/UcE6zkESM8X3e9sK3Yxc
nGZigEooqwv0opw6OY75XZ+1iWyq2ngLRC75GT7CY9TLz84aeCtwF7by3Ev/2anj
2GnR2lyDqLOJCoZAVkMu1QtVOkP5k+7FM8xh17M2V/+rVbQ5Drzv77gVzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7oPiVqiL1P3BmTtl9twMEBsKNRMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvWHVnLUpXcUl2VV9jR1pPMlgyM0F3UUd3bzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iIMA0G
CSqGSIb3DQEBCwUAA4IBAQAqdQSZcuVPYDvrGF8crsM9CVbHo9mlNzRwrphUb8ZS
ifrFrHDA6uwXCp7y1NM0ERqB2mX/3ZXd5GA65cgH3Js9qf9+AcZwnXTup5LH+nib
9rVHKnJ2yA46+eipE/j2eONx2PWq7qB5Dp6KriQL62EsQeSD8jtvNvU4Bzusu8a7
A8TDqySCc9PCzJfw8zX5n5dlLIyO437xtQ9CPkrGOGRDMWzTkATubCu9VZFdWmH/
9fnhe0G/UD+hfXQWTViV7i74O8QlWtc1cmDPwNnhgB64jiisyKQQDN3eDus43MOJ
HdWc0l3R8eK0QHThTR72BTKFRKJKsDE1fKgcgSAw0RRu
-----END CERTIFICATE-----