Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/or0r_O-vQ1Hc10bbwuIJ_TfzRhU.roa
File:                     or0r_O-vQ1Hc10bbwuIJ_TfzRhU.roa (raw, json)
Hash identifier:          CCUnmjTwjt0epqjek+U+GNjBknjMUl1Rlt/6QYBM/1E=
Subject key identifier:   A2:BD:2B:FC:EF:AF:43:51:DC:D7:46:DB:C2:E2:09:FD:37:F3:46:15
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       019040F323F84F29371E6304666B868A36C0
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/or0r_O-vQ1Hc10bbwuIJ_TfzRhU.roa
Signing time:             Sat 22 Jun 2024 17:16:34 +0000
ROA not before:           Sat 22 Jun 2024 17:16:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59962
IP address blocks:        87.248.140.0/24 maxlen: 24
                          87.248.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:40:f3:23:f8:4f:29:37:1e:63:04:66:6b:86:8a:36:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jun 22 17:16:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2bd2bfcefaf4351dcd746dbc2e209fd37f34615
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:93:b2:31:a2:58:39:30:ae:3d:bb:38:f5:
                    9a:b0:8a:0a:4e:cc:7b:8c:a1:4d:76:71:f5:55:2f:
                    09:64:11:5d:03:95:fc:ea:51:16:4a:ee:fc:37:31:
                    ea:91:05:c0:12:64:af:62:2c:76:a5:02:aa:17:1f:
                    00:b3:e5:32:09:58:20:fe:2d:34:e1:ae:0a:b0:c3:
                    04:4f:77:5c:eb:4c:a4:28:8b:01:3b:f4:1e:1a:d3:
                    c0:70:16:6f:c1:90:72:47:41:a6:29:d1:65:17:c3:
                    6b:b5:66:79:2c:f0:75:62:7f:09:2f:24:74:78:43:
                    0b:46:2a:fc:49:b9:4e:d7:23:18:d3:84:89:c9:06:
                    96:96:bf:72:0c:49:35:23:ed:6a:e1:6b:1d:a7:51:
                    95:d4:4e:2c:16:ae:be:a5:70:69:60:2a:b6:d7:13:
                    ce:51:f4:c1:58:2e:72:3e:71:46:3e:c2:9c:b8:04:
                    9c:1f:01:ab:d4:cb:91:49:1e:df:a4:4f:4e:a4:89:
                    0b:98:a3:6c:86:21:29:db:db:5c:d6:15:a7:ba:f5:
                    f4:88:dd:3b:a8:78:44:b4:a2:3e:89:4b:27:d1:7f:
                    3c:8b:80:62:7d:b3:b6:20:77:4c:bb:2a:ce:20:c8:
                    b9:16:59:a4:5d:27:7b:b8:52:62:91:67:27:58:cd:
                    1c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:BD:2B:FC:EF:AF:43:51:DC:D7:46:DB:C2:E2:09:FD:37:F3:46:15
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/or0r_O-vQ1Hc10bbwuIJ_TfzRhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:7f:2e:aa:21:fb:ff:25:aa:cf:56:91:61:df:c6:23:32:54:
         d3:4f:b2:e9:0a:7a:6d:f7:53:99:ac:85:fa:a3:0e:82:4b:93:
         09:7e:6c:59:f1:1d:0b:d8:cf:98:70:a1:d0:08:f8:e9:4a:eb:
         93:a4:15:3c:19:05:5e:75:2f:00:53:50:41:5f:f9:9b:d1:03:
         7f:fa:b1:12:24:5c:36:87:ee:ab:8b:b2:01:ea:77:da:69:86:
         50:01:b1:51:18:a7:1f:d7:b8:bd:9a:e2:07:df:4e:e4:75:fb:
         ea:49:93:59:9f:d1:fc:e2:0c:2c:e4:e5:2c:e5:be:df:a9:7d:
         a8:80:ac:fe:95:1b:48:c5:4d:fc:25:9e:a9:37:d6:2d:74:71:
         0c:f0:5c:16:4b:9d:d0:1d:38:14:c8:4a:4a:eb:fd:f2:be:48:
         c1:0e:74:f4:f4:93:02:fe:d6:10:b5:f5:e7:16:91:00:31:87:
         f9:b6:3f:69:76:a0:16:9c:6d:9d:c3:45:b2:58:f9:16:8f:2b:
         ae:2b:1d:48:37:b1:ca:2d:e6:74:1e:5c:5a:82:00:0f:9f:08:
         0e:79:71:3d:ca:82:fa:91:84:15:ab:3a:7d:d9:66:f0:57:6a:
         c1:36:3a:6e:e4:0f:35:fa:91:1c:72:3e:39:c0:c5:c9:8d:3f:
         54:1f:81:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBA8yP4Tyk3HmMEZmuGijbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwNjIyMTcxNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmJkMmJmY2VmYWY0MzUxZGNkNzQ2ZGJjMmUyMDlmZDM3ZjM0NjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHmTsjGiWDkwrj27OPWasIoKTsx7
jKFNdnH1VS8JZBFdA5X86lEWSu78NzHqkQXAEmSvYix2pQKqFx8As+UyCVgg/i00
4a4KsMMET3dc60ykKIsBO/QeGtPAcBZvwZByR0GmKdFlF8NrtWZ5LPB1Yn8JLyR0
eEMLRir8SblO1yMY04SJyQaWlr9yDEk1I+1q4Wsdp1GV1E4sFq6+pXBpYCq21xPO
UfTBWC5yPnFGPsKcuAScHwGr1MuRSR7fpE9OpIkLmKNshiEp29tc1hWnuvX0iN07
qHhEtKI+iUsn0X88i4BifbO2IHdMuyrOIMi5FlmkXSd7uFJikWcnWM0cYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKK9K/zvr0NR3NdG28LiCf0380YVMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvb3Iwcl9PLXZRMUhjMTBiYnd1SUpfVGZ6UmhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/iMMA0G
CSqGSIb3DQEBCwUAA4IBAQAbfy6qIfv/JarPVpFh38YjMlTTT7LpCnpt91OZrIX6
ow6CS5MJfmxZ8R0L2M+YcKHQCPjpSuuTpBU8GQVedS8AU1BBX/mb0QN/+rESJFw2
h+6ri7IB6nfaaYZQAbFRGKcf17i9muIH307kdfvqSZNZn9H84gws5OUs5b7fqX2o
gKz+lRtIxU38JZ6pN9YtdHEM8FwWS53QHTgUyEpK6/3yvkjBDnT09JMC/tYQtfXn
FpEAMYf5tj9pdqAWnG2dw0WyWPkWjyuuKx1IN7HKLeZ0HlxaggAPnwgOeXE9yoL6
kYQVqzp92WbwV2rBNjpu5A81+pEccj45wMXJjT9UH4Ei
-----END CERTIFICATE-----