Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/tzNmVvB2-Kb7n7f7uGfrlaT_5N0.roa
File:                     tzNmVvB2-Kb7n7f7uGfrlaT_5N0.roa (raw, json)
Hash identifier:          /5iZIN6C0RTqyaoEd2UqC7lQwSHOOr0DtjWIfNsZ0ig=
Subject key identifier:   B7:33:66:56:F0:76:F8:A6:FB:9F:B7:FB:B8:67:EB:95:A4:FF:E4:DD
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       019428239FAF29925FAD30EAA246DAB8B091
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/tzNmVvB2-Kb7n7f7uGfrlaT_5N0.roa
Signing time:             Thu 02 Jan 2025 17:50:10 +0000
ROA not before:           Thu 02 Jan 2025 17:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211975
IP address blocks:        87.248.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:9f:af:29:92:5f:ad:30:ea:a2:46:da:b8:b0:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  2 17:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7336656f076f8a6fb9fb7fbb867eb95a4ffe4dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:04:73:71:a8:a1:31:4a:cc:7c:d1:c9:93:3c:
                    6c:22:71:1f:48:f1:06:a3:a6:a1:a5:a3:6a:ac:e3:
                    89:75:6c:20:53:e5:37:68:e1:dd:5b:9a:d0:56:23:
                    74:ce:1d:9f:f5:57:20:79:67:1d:27:73:a4:65:e2:
                    e4:76:62:d2:8c:eb:86:01:6c:bd:24:48:43:01:a9:
                    68:2d:7e:f8:ac:d6:a1:88:4d:b7:ec:bb:da:0d:77:
                    e5:35:c6:1e:db:e0:22:40:65:23:8f:f4:9f:1d:c8:
                    27:18:cf:5f:a9:b0:28:5b:9b:75:17:1c:b1:65:15:
                    6a:22:9f:0e:3a:c3:db:38:35:d6:13:ac:e9:57:db:
                    c9:52:87:80:e3:06:3f:ed:d5:a9:0c:7e:f2:24:bc:
                    c7:5d:10:e1:02:4a:c1:9d:e3:35:99:46:cd:29:0a:
                    48:f6:72:60:82:18:a7:b6:c2:dd:6a:6b:13:4b:68:
                    e5:54:bd:c3:04:c9:c5:e0:8d:16:ca:4d:1e:6e:cb:
                    17:39:b9:27:08:dd:86:48:8f:34:24:b7:0b:8c:c1:
                    59:65:41:61:df:9b:51:3c:c6:16:8b:c4:ad:08:97:
                    42:cd:c5:22:1a:7d:d7:1b:23:82:df:ca:d7:4d:ba:
                    24:37:34:b5:49:06:20:ce:5a:b8:be:2e:c0:f8:09:
                    d1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:33:66:56:F0:76:F8:A6:FB:9F:B7:FB:B8:67:EB:95:A4:FF:E4:DD
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/tzNmVvB2-Kb7n7f7uGfrlaT_5N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:f5:f9:72:ed:06:d3:01:f9:06:b6:05:d6:37:c3:44:14:9f:
         fb:2b:0f:a9:bf:40:0f:ce:93:4b:65:a1:50:b0:c8:82:8a:f6:
         f3:c4:79:3e:69:91:e7:ec:c5:eb:e5:35:0c:a1:6c:22:25:7d:
         95:07:51:a9:f5:3b:c6:4c:72:b7:b2:3a:a6:94:ee:54:52:38:
         60:e3:42:23:26:94:89:ab:27:6d:cd:6a:e0:7a:5f:2f:1f:04:
         05:99:83:65:df:99:bd:e0:5b:97:d0:1c:bd:e1:3c:ba:f2:ea:
         e1:63:e0:88:bd:d9:38:a1:98:1e:bc:66:db:ad:18:9c:e8:af:
         08:e0:ee:63:52:85:0e:33:fd:eb:c9:d2:ad:63:ef:df:68:7e:
         cb:de:b4:09:98:bf:4d:ed:5b:08:f6:89:00:42:ea:4a:7c:2f:
         47:9f:4c:c2:34:b6:47:ec:46:09:7c:57:6e:a5:4e:2b:e7:21:
         c0:9d:92:f6:70:2e:93:9c:9d:ad:b4:23:11:13:79:1c:49:a9:
         84:ab:f5:a3:68:5d:37:8c:28:33:b2:5e:53:fc:67:18:95:30:
         f0:65:fb:49:12:a0:86:21:83:eb:aa:3f:56:0d:08:dd:3e:a2:
         e1:a8:c9:e1:6e:59:31:c5:8c:61:b8:c8:a2:1a:4c:dc:d1:90:
         f9:d2:37:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI5+vKZJfrTDqokbauLCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMTAyMTc1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzMzNjY1NmYwNzZmOGE2ZmI5ZmI3ZmJiODY3ZWI5NWE0ZmZlNGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwRzcaihMUrMfNHJkzxsInEfSPEG
o6ahpaNqrOOJdWwgU+U3aOHdW5rQViN0zh2f9VcgeWcdJ3OkZeLkdmLSjOuGAWy9
JEhDAaloLX74rNahiE237LvaDXflNcYe2+AiQGUjj/SfHcgnGM9fqbAoW5t1Fxyx
ZRVqIp8OOsPbODXWE6zpV9vJUoeA4wY/7dWpDH7yJLzHXRDhAkrBneM1mUbNKQpI
9nJgghintsLdamsTS2jlVL3DBMnF4I0Wyk0ebssXObknCN2GSI80JLcLjMFZZUFh
35tRPMYWi8StCJdCzcUiGn3XGyOC38rXTbokNzS1SQYgzlq4vi7A+AnRjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLczZlbwdvim+5+3+7hn65Wk/+TdMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvdHpObVZ2QjItS2I3bjdmN3VHZnJsYVRfNU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/idMA0G
CSqGSIb3DQEBCwUAA4IBAQBn9fly7QbTAfkGtgXWN8NEFJ/7Kw+pv0APzpNLZaFQ
sMiCivbzxHk+aZHn7MXr5TUMoWwiJX2VB1Gp9TvGTHK3sjqmlO5UUjhg40IjJpSJ
qydtzWrgel8vHwQFmYNl35m94FuX0By94Ty68urhY+CIvdk4oZgevGbbrRic6K8I
4O5jUoUOM/3rydKtY+/faH7L3rQJmL9N7VsI9okAQupKfC9Hn0zCNLZH7EYJfFdu
pU4r5yHAnZL2cC6TnJ2ttCMRE3kcSamEq/WjaF03jCgzsl5T/GcYlTDwZftJEqCG
IYPrqj9WDQjdPqLhqMnhblkxxYxhuMiiGkzc0ZD50jcZ
-----END CERTIFICATE-----