Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/nTYZ-KMsZnRAOylEgWxzRgkqcjE.roa
File:                     nTYZ-KMsZnRAOylEgWxzRgkqcjE.roa (raw, json)
Hash identifier:          G6392WelkXUUGAazTyZCXqq/F4O82Q1Be1qAJMLhnCI=
Subject key identifier:   9D:36:19:F8:A3:2C:66:74:40:3B:29:44:81:6C:73:46:09:2A:72:31
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       0194CAEE5CF0DB37F2CDABDE69B32BDB9EA7
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/nTYZ-KMsZnRAOylEgWxzRgkqcjE.roa
Signing time:             Mon 03 Feb 2025 08:30:06 +0000
ROA not before:           Mon 03 Feb 2025 08:30:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        87.248.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ca:ee:5c:f0:db:37:f2:cd:ab:de:69:b3:2b:db:9e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Feb  3 08:30:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d3619f8a32c6674403b2944816c7346092a7231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fc:c9:58:82:79:05:31:d4:7c:05:c2:d4:d2:
                    8c:af:e8:b0:dc:16:c1:74:2d:07:af:c6:7e:61:74:
                    66:d8:3c:21:bd:05:68:37:5e:62:1d:d8:a0:4b:75:
                    5e:ee:be:eb:f0:13:ef:b5:73:06:c4:09:3b:44:fc:
                    e0:ef:d1:f5:46:3f:82:cf:b9:8c:0f:03:d4:46:87:
                    56:89:0d:72:19:de:ab:44:23:11:d2:0f:9b:d2:b9:
                    1b:1f:ae:c1:53:3e:a1:a8:10:43:fb:cd:01:f3:11:
                    50:e5:97:ad:9b:c5:b9:b2:e9:21:a1:87:cd:71:a8:
                    19:43:41:4a:fc:9e:4c:50:6c:df:44:a6:53:63:1b:
                    0a:64:22:be:f4:d4:bb:68:e5:46:1e:1a:ec:95:9e:
                    1d:2a:35:39:fe:41:32:e5:a5:f1:a8:da:46:7c:f3:
                    1b:d1:9d:ad:8d:0e:a2:be:03:45:8e:01:b3:09:33:
                    df:5c:81:52:1e:c6:59:c4:ef:e4:f5:0c:27:fa:31:
                    a9:6b:b5:23:02:ee:a5:b2:cf:da:8d:1c:cc:fb:1f:
                    5b:53:a8:66:e3:26:e6:4b:48:ff:ea:97:6c:ef:f6:
                    86:11:86:f9:5f:b1:22:bf:2b:69:3b:b9:c8:64:c9:
                    60:b9:10:31:7b:d4:e6:40:05:04:a4:5e:38:4f:4d:
                    e2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:36:19:F8:A3:2C:66:74:40:3B:29:44:81:6C:73:46:09:2A:72:31
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/nTYZ-KMsZnRAOylEgWxzRgkqcjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:75:9a:bf:24:2a:b9:46:90:4d:10:ba:aa:db:15:1b:47:a4:
         d2:87:30:1b:58:2e:a8:4a:65:e4:c0:94:a5:f5:28:7b:4f:71:
         19:8c:cf:8f:9a:94:fa:dc:e0:60:53:c5:9b:20:45:4d:e3:07:
         75:27:9e:83:92:52:b3:9d:cd:00:11:f0:b0:61:59:64:18:27:
         1d:cc:dd:41:48:46:c2:65:0d:d2:6a:a4:48:2d:ca:30:c3:9f:
         4e:fe:f2:fd:5c:1f:cc:3d:2d:23:d1:ae:e1:70:7e:08:0d:d9:
         ba:2a:98:62:a3:c2:21:43:5e:f2:82:99:90:49:71:48:34:4a:
         3b:81:b3:81:8a:31:3e:4b:7f:2e:16:b4:81:db:e5:32:79:0b:
         3a:30:04:8f:a2:2d:da:b0:05:b6:40:17:87:a2:a8:8e:fb:d6:
         80:1d:2a:d5:aa:93:0e:56:d6:e5:26:4d:4d:08:81:6c:56:6a:
         20:36:62:e9:d7:25:6b:c7:6b:fc:cd:b6:39:95:f0:b1:c2:d1:
         9a:83:69:87:70:bb:19:f6:c2:80:75:80:39:f7:8a:a4:3b:ee:
         3d:85:61:15:92:8b:61:33:d1:1d:8f:f1:b1:45:9c:77:37:3b:
         ca:a9:ae:67:d7:d3:29:34:90:d1:c7:34:a8:85:71:ff:bb:eb:
         48:b4:aa:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTK7lzw2zfyzaveabMr256nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMjAzMDgzMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDM2MTlmOGEzMmM2Njc0NDAzYjI5NDQ4MTZjNzM0NjA5MmE3MjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvzJWIJ5BTHUfAXC1NKMr+iw3BbB
dC0Hr8Z+YXRm2DwhvQVoN15iHdigS3Ve7r7r8BPvtXMGxAk7RPzg79H1Rj+Cz7mM
DwPURodWiQ1yGd6rRCMR0g+b0rkbH67BUz6hqBBD+80B8xFQ5Zetm8W5sukhoYfN
cagZQ0FK/J5MUGzfRKZTYxsKZCK+9NS7aOVGHhrslZ4dKjU5/kEy5aXxqNpGfPMb
0Z2tjQ6ivgNFjgGzCTPfXIFSHsZZxO/k9Qwn+jGpa7UjAu6lss/ajRzM+x9bU6hm
4ybmS0j/6pds7/aGEYb5X7EivytpO7nIZMlguRAxe9TmQAUEpF44T03iawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ02GfijLGZ0QDspRIFsc0YJKnIxMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvblRZWi1LTXNablJBT3lsRWdXeHpSZ2txY2pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iEMA0G
CSqGSIb3DQEBCwUAA4IBAQBudZq/JCq5RpBNELqq2xUbR6TShzAbWC6oSmXkwJSl
9Sh7T3EZjM+PmpT63OBgU8WbIEVN4wd1J56DklKznc0AEfCwYVlkGCcdzN1BSEbC
ZQ3SaqRILcoww59O/vL9XB/MPS0j0a7hcH4IDdm6Kphio8IhQ17ygpmQSXFINEo7
gbOBijE+S38uFrSB2+UyeQs6MASPoi3asAW2QBeHoqiO+9aAHSrVqpMOVtblJk1N
CIFsVmogNmLp1yVrx2v8zbY5lfCxwtGag2mHcLsZ9sKAdYA594qkO+49hWEVkoth
M9Edj/GxRZx3NzvKqa5n19MpNJDRxzSohXH/u+tItKrw
-----END CERTIFICATE-----