Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/o1ISKkD-Tnv8WDLjnHzvZxb8P6c.roa
File:                     o1ISKkD-Tnv8WDLjnHzvZxb8P6c.roa (raw, json)
Hash identifier:          h+vO7xJkIP0Gi0X6/S1jhxnU4ZRO9Brsr/xSv7WCb00=
Subject key identifier:   A3:52:12:2A:40:FE:4E:7B:FC:58:32:E3:9C:7C:EF:67:16:FC:3F:A7
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       01942823A002C7616B28EF83EDA61BAA5B5F
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/o1ISKkD-Tnv8WDLjnHzvZxb8P6c.roa
Signing time:             Thu 02 Jan 2025 17:50:10 +0000
ROA not before:           Thu 02 Jan 2025 17:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        87.248.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:a0:02:c7:61:6b:28:ef:83:ed:a6:1b:aa:5b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  2 17:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a352122a40fe4e7bfc5832e39c7cef6716fc3fa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1d:05:66:03:fb:5f:fe:d7:08:8e:be:5f:31:
                    5d:fb:b3:1e:00:f3:61:17:e8:4b:ae:ae:1f:7e:48:
                    d2:32:f8:f7:cb:62:21:e7:56:98:e2:15:ad:94:75:
                    b3:e5:79:bd:2a:37:1b:6e:38:3e:35:be:4f:5a:30:
                    19:00:bc:9f:20:a7:38:f3:9c:90:4e:e5:df:75:de:
                    34:9a:c3:b9:66:8f:8d:2c:fb:6b:1a:7f:d0:ec:00:
                    ee:fb:33:0a:a8:0c:45:37:92:bd:1e:60:4e:a6:dd:
                    ee:51:66:a1:c6:66:fb:89:7a:14:05:e0:fc:3f:23:
                    f9:de:26:dc:43:18:c0:91:a1:6c:0e:62:51:c5:5f:
                    99:0f:21:10:4a:73:d4:1e:28:ac:e9:cb:f0:79:1c:
                    7b:42:05:4e:51:03:b0:f0:33:bc:e1:b5:5b:7c:02:
                    0f:bf:a4:8f:98:61:14:31:fe:ba:f9:52:6f:e5:1c:
                    1b:c2:65:f2:4d:78:a7:45:14:04:86:81:a4:1b:bf:
                    bb:60:a4:c9:98:a6:af:14:27:d1:5c:b8:7d:e8:5e:
                    66:6e:ec:05:2f:39:a4:d9:ad:6b:fb:ba:e1:6e:1e:
                    91:a1:fe:53:67:b7:d6:53:4f:60:8f:de:d7:77:9a:
                    43:ff:21:3b:db:b8:8b:7c:95:82:0f:99:09:21:b9:
                    a4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:52:12:2A:40:FE:4E:7B:FC:58:32:E3:9C:7C:EF:67:16:FC:3F:A7
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/o1ISKkD-Tnv8WDLjnHzvZxb8P6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:4d:1f:8a:58:7b:70:e2:ae:99:2a:b1:46:bd:a5:80:bb:cd:
         ca:0e:3d:24:ce:73:fc:d2:f8:71:89:e2:f1:b3:0b:2f:19:50:
         a4:00:b5:3b:b5:a0:9a:b8:b4:07:19:bc:6b:94:cf:a7:0c:c1:
         21:36:cd:7e:47:81:0d:d7:2f:09:19:21:1e:b8:08:b9:8c:5f:
         12:cd:ef:e9:34:6e:23:b4:f1:45:32:33:1c:d3:69:91:d5:c6:
         17:99:fa:32:62:fb:54:5a:05:cf:73:12:9a:c3:61:eb:2d:a9:
         0f:97:3f:fb:63:b0:f7:6c:52:b0:6e:a4:22:a9:e9:32:de:b9:
         24:c1:e4:bf:ce:eb:27:b7:6f:0e:91:5e:52:53:66:e8:10:46:
         9c:9b:44:1d:0e:d3:44:c1:c2:ae:70:ad:77:a0:49:18:71:8e:
         d6:93:53:ab:74:f2:e3:f2:f6:b1:06:0e:16:f6:ca:c4:07:1f:
         55:0e:63:17:e7:f3:81:06:99:c5:e9:0c:85:96:37:6d:4b:50:
         0c:5e:c8:ef:9f:9c:32:7e:02:9e:71:af:a1:86:8b:1d:6d:5e:
         03:40:c0:92:5b:a7:c9:e8:ad:13:e0:29:49:98:07:8c:3f:16:
         35:be:35:ff:15:ff:1b:7f:30:ce:99:6e:66:17:5c:6b:de:e1:
         9e:ae:b0:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI6ACx2FrKO+D7aYbqltfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMTAyMTc1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUyMTIyYTQwZmU0ZTdiZmM1ODMyZTM5YzdjZWY2NzE2ZmMzZmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxB0FZgP7X/7XCI6+XzFd+7MeAPNh
F+hLrq4ffkjSMvj3y2Ih51aY4hWtlHWz5Xm9Kjcbbjg+Nb5PWjAZALyfIKc485yQ
TuXfdd40msO5Zo+NLPtrGn/Q7ADu+zMKqAxFN5K9HmBOpt3uUWahxmb7iXoUBeD8
PyP53ibcQxjAkaFsDmJRxV+ZDyEQSnPUHiis6cvweRx7QgVOUQOw8DO84bVbfAIP
v6SPmGEUMf66+VJv5RwbwmXyTXinRRQEhoGkG7+7YKTJmKavFCfRXLh96F5mbuwF
Lzmk2a1r+7rhbh6Rof5TZ7fWU09gj97Xd5pD/yE727iLfJWCD5kJIbmkpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNSEipA/k57/Fgy45x872cW/D+nMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvbzFJU0trRC1UbnY4V0RMam5IenZaeGI4UDZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iSMA0G
CSqGSIb3DQEBCwUAA4IBAQCvTR+KWHtw4q6ZKrFGvaWAu83KDj0kznP80vhxieLx
swsvGVCkALU7taCauLQHGbxrlM+nDMEhNs1+R4EN1y8JGSEeuAi5jF8Sze/pNG4j
tPFFMjMc02mR1cYXmfoyYvtUWgXPcxKaw2HrLakPlz/7Y7D3bFKwbqQiqeky3rkk
weS/zusnt28OkV5SU2boEEacm0QdDtNEwcKucK13oEkYcY7Wk1OrdPLj8vaxBg4W
9srEBx9VDmMX5/OBBpnF6QyFljdtS1AMXsjvn5wyfgKeca+hhosdbV4DQMCSW6fJ
6K0T4ClJmAeMPxY1vjX/Ff8bfzDOmW5mF1xr3uGerrAG
-----END CERTIFICATE-----