Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/eC-JyF7-PtQdFsd6yHg2d25ai5Q.roa
File:                     eC-JyF7-PtQdFsd6yHg2d25ai5Q.roa (raw, json)
Hash identifier:          J1p4gshIlTi4H6U7WgSdEY3rt1JZA5GCy7mmwqWZY34=
Subject key identifier:   78:2F:89:C8:5E:FE:3E:D4:1D:16:C7:7A:C8:78:36:77:6E:5A:8B:94
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB65B3304C97F43AF09E56F62A19EF
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/eC-JyF7-PtQdFsd6yHg2d25ai5Q.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        87.248.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:65:b3:30:4c:97:f4:3a:f0:9e:56:f6:2a:19:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=782f89c85efe3ed41d16c77ac87836776e5a8b94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:35:d9:e9:d9:7f:25:92:55:b0:d8:11:7a:b6:
                    5a:50:73:db:4f:29:e6:cd:4e:87:14:15:04:f9:b0:
                    46:08:3a:a1:c6:f5:ae:d6:ea:d1:08:a2:6b:e5:b8:
                    e9:71:e7:d2:9e:d2:31:ef:d1:79:7e:2f:a1:3d:64:
                    bc:d3:c6:83:fa:13:d8:7f:b0:20:42:ec:64:da:91:
                    ac:97:c8:87:c3:6d:52:ec:8d:33:cb:98:75:83:af:
                    c2:80:ba:19:50:07:8f:36:ac:26:be:44:94:c7:b4:
                    0f:9d:77:1b:bd:17:4b:a8:04:60:46:f3:da:e4:bc:
                    8f:cf:da:bb:0d:54:4d:34:ca:85:6f:43:88:60:aa:
                    ca:8e:75:a6:3d:00:f9:c1:74:9f:52:ce:1e:f4:24:
                    42:e5:75:ab:d2:b9:ce:56:d8:fe:9f:92:fa:3f:cb:
                    bf:85:34:10:22:84:d1:0e:22:f5:f2:fc:6c:d6:52:
                    2f:02:14:07:24:e0:ef:1e:b4:d3:9e:d4:f6:be:93:
                    f8:d0:02:9a:c0:05:9f:95:31:df:17:54:26:9d:6a:
                    ac:93:d1:00:be:f8:c3:a8:fe:c7:65:fc:78:5d:dc:
                    5d:2a:a0:38:cf:db:01:58:11:18:13:c4:49:02:a5:
                    14:c2:00:50:4b:9c:01:da:6b:33:5c:07:a4:5f:c7:
                    91:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:2F:89:C8:5E:FE:3E:D4:1D:16:C7:7A:C8:78:36:77:6E:5A:8B:94
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/eC-JyF7-PtQdFsd6yHg2d25ai5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:07:86:1d:39:a6:76:81:5c:00:fc:42:58:7f:2e:1f:57:53:
         4a:72:50:22:7b:6c:e9:2b:db:af:4b:ff:70:5a:67:94:9e:f0:
         2b:d1:8a:4c:4d:71:85:3e:8a:d1:f4:30:6a:5c:be:9b:74:7b:
         94:b9:13:43:16:41:f9:d6:34:06:42:b2:43:84:d7:08:7e:5f:
         21:84:6d:6b:c3:d6:a6:7c:26:7f:ed:14:5c:89:50:82:ba:2f:
         d8:c4:3c:a8:5c:da:76:fb:a6:35:52:8e:71:25:ce:ab:98:85:
         14:0a:a2:c7:e6:74:91:39:bd:2a:c5:d0:fb:6a:d7:ec:a9:2f:
         86:7e:bb:04:c3:88:de:6c:23:75:fa:4c:26:a9:97:27:52:76:
         60:a9:b8:9c:7a:4e:2d:30:9a:1e:b0:0a:97:cd:ab:a9:d4:6b:
         75:da:6d:48:2b:b8:d3:a1:59:86:8a:a7:e6:96:47:23:06:d8:
         96:8e:08:5a:1a:e7:ce:d3:fa:7d:09:71:fb:1b:53:ae:e0:fd:
         b9:88:ab:67:9f:b6:16:c5:19:1f:35:da:0f:ce:6e:5c:be:75:
         de:51:7a:2a:b7:ce:d0:6b:4c:b1:b9:c6:ea:97:78:f8:29:51:
         da:20:e1:d9:af:e7:f0:d1:b3:5a:61:90:8c:2a:e7:f3:06:a2:
         12:25:56:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22WzMEyX9Drwnlb2KhnvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODJmODljODVlZmUzZWQ0MWQxNmM3N2FjODc4MzY3NzZlNWE4Yjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTXZ6dl/JZJVsNgRerZaUHPbTynm
zU6HFBUE+bBGCDqhxvWu1urRCKJr5bjpcefSntIx79F5fi+hPWS808aD+hPYf7Ag
Quxk2pGsl8iHw21S7I0zy5h1g6/CgLoZUAePNqwmvkSUx7QPnXcbvRdLqARgRvPa
5LyPz9q7DVRNNMqFb0OIYKrKjnWmPQD5wXSfUs4e9CRC5XWr0rnOVtj+n5L6P8u/
hTQQIoTRDiL18vxs1lIvAhQHJODvHrTTntT2vpP40AKawAWflTHfF1QmnWqsk9EA
vvjDqP7HZfx4XdxdKqA4z9sBWBEYE8RJAqUUwgBQS5wB2mszXAekX8eRdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgviche/j7UHRbHesh4NnduWouUMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvZUMtSnlGNy1QdFFkRnNkNnlIZzJkMjVhaTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iHMA0G
CSqGSIb3DQEBCwUAA4IBAQAqB4YdOaZ2gVwA/EJYfy4fV1NKclAie2zpK9uvS/9w
WmeUnvAr0YpMTXGFPorR9DBqXL6bdHuUuRNDFkH51jQGQrJDhNcIfl8hhG1rw9am
fCZ/7RRciVCCui/YxDyoXNp2+6Y1Uo5xJc6rmIUUCqLH5nSROb0qxdD7atfsqS+G
frsEw4jebCN1+kwmqZcnUnZgqbicek4tMJoesAqXzaup1Gt12m1IK7jToVmGiqfm
lkcjBtiWjghaGufO0/p9CXH7G1Ou4P25iKtnn7YWxRkfNdoPzm5cvnXeUXoqt87Q
a0yxucbql3j4KVHaIOHZr+fw0bNaYZCMKufzBqISJVY6
-----END CERTIFICATE-----