Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/f2nnlUkXYwVRSEW0kR_5gniH71w.roa
File:                     f2nnlUkXYwVRSEW0kR_5gniH71w.roa (raw, json)
Hash identifier:          jg3hfJMqNd2keyY+rhWVxdXAosbKgNAJn3f0ho924S4=
Subject key identifier:   7F:69:E7:95:49:17:63:05:51:48:45:B4:91:1F:F9:82:78:87:EF:5C
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB6196EB7D92F6AF023F56E51928C9
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/f2nnlUkXYwVRSEW0kR_5gniH71w.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        87.248.134.0/24 maxlen: 24
                          87.248.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 12:48:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:96:eb:7d:92:f6:af:02:3f:56:e5:19:28:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f69e79549176305514845b4911ff9827887ef5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7a:8a:9f:3d:33:9b:32:78:b4:d8:e6:65:c7:
                    e0:df:7c:bc:f4:d8:80:44:c1:f3:9e:7a:3a:d6:77:
                    5f:80:4e:91:40:8f:92:2d:16:b6:3f:d7:df:c0:91:
                    e2:41:24:f7:8c:da:8f:45:39:a5:84:b7:9a:b2:88:
                    08:8b:d2:ad:d6:73:76:df:9d:72:60:8b:e1:60:84:
                    97:34:3d:62:a5:e2:d6:7d:62:01:a5:67:a1:33:73:
                    b5:26:db:f1:42:af:04:70:1d:a4:3b:18:c3:f9:72:
                    1d:b9:84:2f:59:68:d7:c5:09:5e:e7:fd:b8:dc:70:
                    5e:c6:6b:26:70:e3:13:bd:99:de:36:2d:2e:85:ed:
                    bc:36:3e:e8:77:e2:97:ea:e9:c6:88:42:aa:f0:9c:
                    c9:a8:b2:4c:ac:0d:7b:f0:f6:6b:61:a6:39:e9:b0:
                    fd:cb:91:94:5e:29:6c:bd:a9:42:37:64:c7:e1:be:
                    8c:51:bf:07:f9:f7:ad:5b:4e:3d:16:15:0a:1c:b5:
                    ac:86:39:c0:f7:a5:f2:5a:e9:fc:b4:58:5c:e9:8d:
                    82:5d:e6:85:b3:80:7b:48:d3:fc:91:05:52:76:93:
                    44:68:00:72:6d:f6:d3:0a:1c:48:38:53:83:a6:4e:
                    18:32:3a:e8:db:1e:9b:36:7c:0d:e6:dc:f2:f1:8e:
                    73:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:69:E7:95:49:17:63:05:51:48:45:B4:91:1F:F9:82:78:87:EF:5C
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/f2nnlUkXYwVRSEW0kR_5gniH71w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.134.0/24
                  87.248.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:c9:14:9f:a7:6b:65:5d:14:9c:45:bd:40:21:0f:3c:5c:c6:
         6f:5d:c3:10:5e:09:50:eb:ab:16:62:e8:88:87:bc:62:1b:58:
         b6:9c:e2:eb:08:e0:86:0f:31:c1:47:17:7a:ad:48:37:c3:90:
         e8:28:2f:90:42:8c:ea:d2:dd:31:d6:55:20:33:59:b0:70:07:
         aa:08:fe:4d:70:22:aa:ce:8b:bb:bc:e9:44:78:41:7d:9a:b4:
         5c:7c:42:bb:a6:ba:ce:b5:bd:2f:01:cc:74:60:34:e4:1d:2e:
         3a:f2:a2:34:9e:69:bf:0b:c2:09:89:51:33:47:f0:35:13:c7:
         be:8b:7b:b2:72:32:c1:16:39:94:da:94:e7:15:d9:90:3c:de:
         dd:79:52:2d:76:e9:c9:8e:ac:62:43:52:37:bc:83:58:a7:a0:
         2b:41:92:ef:11:a7:53:38:fd:84:57:51:0a:c7:42:eb:07:b6:
         06:97:79:1e:2e:b1:95:f7:84:7b:8a:62:d4:e2:99:fd:73:34:
         e6:8a:a5:2f:a7:39:89:20:6d:db:ce:9b:d3:f6:8f:93:81:5c:
         94:e3:e1:9d:c3:4d:44:bb:fa:2f:f2:aa:fc:9f:b7:e2:b9:97:
         93:26:4f:fc:6d:35:2f:83:38:cb:ad:3b:7a:ee:90:67:af:d5:
         bf:49:47:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC22GW632S9q8CP1blGSjJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjY5ZTc5NTQ5MTc2MzA1NTE0ODQ1YjQ5MTFmZjk4Mjc4ODdlZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinqKnz0zmzJ4tNjmZcfg33y89NiA
RMHznno61ndfgE6RQI+SLRa2P9ffwJHiQST3jNqPRTmlhLeasogIi9Kt1nN2351y
YIvhYISXND1ipeLWfWIBpWehM3O1JtvxQq8EcB2kOxjD+XIduYQvWWjXxQle5/24
3HBexmsmcOMTvZneNi0uhe28Nj7od+KX6unGiEKq8JzJqLJMrA178PZrYaY56bD9
y5GUXilsvalCN2TH4b6MUb8H+fetW049FhUKHLWshjnA96XyWun8tFhc6Y2CXeaF
s4B7SNP8kQVSdpNEaABybfbTChxIOFODpk4YMjro2x6bNnwN5tzy8Y5zIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH9p55VJF2MFUUhFtJEf+YJ4h+9cMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvZjJubmxVa1hZd1ZSU0VXMGtSXzVnbmlINzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/iGAwQA
V/iPMA0GCSqGSIb3DQEBCwUAA4IBAQBKyRSfp2tlXRScRb1AIQ88XMZvXcMQXglQ
66sWYuiIh7xiG1i2nOLrCOCGDzHBRxd6rUg3w5DoKC+QQozq0t0x1lUgM1mwcAeq
CP5NcCKqzou7vOlEeEF9mrRcfEK7prrOtb0vAcx0YDTkHS468qI0nmm/C8IJiVEz
R/A1E8e+i3uycjLBFjmU2pTnFdmQPN7deVItdunJjqxiQ1I3vINYp6ArQZLvEadT
OP2EV1EKx0LrB7YGl3keLrGV94R7imLU4pn9czTmiqUvpzmJIG3bzpvT9o+TgVyU
4+Gdw01Eu/ov8qr8n7fiuZeTJk/8bTUvgzjLrTt67pBnr9W/SUdP
-----END CERTIFICATE-----