Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/u8i8yb8YUO9nDU0VpXXvyNjyKSw.roa
File:                     u8i8yb8YUO9nDU0VpXXvyNjyKSw.roa (raw, json)
Hash identifier:          sZoY8LD2N46/IKPEb9ifOcywxvFNAdMFVOYDWQJCCKY=
Subject key identifier:   BB:C8:BC:C9:BF:18:50:EF:67:0D:4D:15:A5:75:EF:C8:D8:F2:29:2C
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB6207AA515A72930FF723B35AA9F4
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/u8i8yb8YUO9nDU0VpXXvyNjyKSw.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        87.248.134.0/24 maxlen: 24
                          87.248.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:62:07:aa:51:5a:72:93:0f:f7:23:b3:5a:a9:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbc8bcc9bf1850ef670d4d15a575efc8d8f2292c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ce:e3:e8:ee:60:f3:d6:00:0c:0e:79:26:6a:
                    e5:d8:2a:46:d6:88:e6:61:7a:f2:1d:b4:94:eb:46:
                    4b:7f:9e:ba:30:ec:d8:97:49:01:04:62:c0:a2:c6:
                    52:79:4b:6d:9e:43:1e:dd:fd:cf:ce:49:b8:1f:07:
                    81:23:5e:23:86:88:29:92:6d:4c:a7:0a:a1:a2:52:
                    0c:fd:81:f0:8a:02:73:e4:a4:47:2d:94:9a:2c:5e:
                    71:98:58:1d:cd:82:3d:f8:3a:6b:2b:aa:4b:2e:9d:
                    61:21:5a:72:c4:65:e1:f5:1a:eb:de:6a:e1:7d:3a:
                    f9:10:6c:af:dd:3f:46:b5:26:2f:a3:92:a9:92:fb:
                    b0:58:3c:90:16:d3:b5:28:cd:d1:a4:44:f0:d0:08:
                    32:99:8b:c4:7a:f0:a3:1a:57:e7:55:02:46:b1:db:
                    f9:d0:19:dd:68:5d:b9:1a:64:88:36:86:5b:b9:21:
                    c9:be:79:a5:43:db:91:20:76:e5:0b:2f:2c:d6:54:
                    86:4e:07:cf:61:2c:b3:ad:a0:8f:3d:1f:48:3e:e1:
                    6e:44:0b:4c:ba:4e:86:87:ca:df:e0:bc:b6:8c:25:
                    f4:36:a6:d1:cc:de:f8:6b:d1:9f:12:9a:a7:74:fd:
                    b5:bd:66:5c:9a:a1:39:8e:d5:d4:81:51:3b:a8:75:
                    f2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C8:BC:C9:BF:18:50:EF:67:0D:4D:15:A5:75:EF:C8:D8:F2:29:2C
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/u8i8yb8YUO9nDU0VpXXvyNjyKSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.134.0/24
                  87.248.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:72:ca:3c:79:dc:f6:5c:fb:de:e1:aa:30:5e:e0:21:07:f7:
         d4:b7:e9:da:31:c7:52:6d:76:3d:6c:1d:f4:80:bf:0c:b3:b2:
         53:a6:b0:b6:c1:29:cc:5c:0e:56:b5:d8:37:30:e0:ce:7b:69:
         8f:02:5a:8a:ae:dc:a5:aa:97:90:d9:94:59:cb:a5:85:d8:3f:
         53:c1:34:63:9b:22:c1:84:69:b8:b2:f1:6c:36:5e:5e:6e:f4:
         dd:b5:46:55:7f:43:f0:41:f6:46:8a:87:45:9e:e0:56:64:2e:
         d5:88:b0:7b:36:b8:1d:9b:14:ab:54:0b:77:f1:5f:c6:c4:fa:
         9c:40:ea:cb:34:36:f3:18:4e:8c:2c:b1:e9:05:cf:e6:0d:0c:
         db:d0:6d:da:81:1f:76:bc:3d:63:db:9a:04:3e:c4:f7:3c:aa:
         07:3d:af:6a:f9:5e:52:b5:93:bc:a1:22:6d:c3:ef:66:83:d6:
         ea:88:45:a3:d5:7e:cc:cd:2c:ac:63:71:b7:0a:80:e0:be:c6:
         1d:42:62:62:80:68:9d:18:ca:e8:c6:f6:cf:c4:ac:44:bf:b4:
         90:69:3d:48:6a:aa:b8:e9:75:c8:fc:5d:ab:d2:4a:5b:00:66:
         eb:fd:cf:f0:b8:1d:90:f2:d7:71:fd:40:f0:19:0b:c3:9a:a7:
         09:20:0c:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC22IHqlFacpMP9yOzWqn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmM4YmNjOWJmMTg1MGVmNjcwZDRkMTVhNTc1ZWZjOGQ4ZjIyOTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1s7j6O5g89YADA55Jmrl2CpG1ojm
YXryHbSU60ZLf566MOzYl0kBBGLAosZSeUttnkMe3f3Pzkm4HweBI14jhogpkm1M
pwqholIM/YHwigJz5KRHLZSaLF5xmFgdzYI9+DprK6pLLp1hIVpyxGXh9Rrr3mrh
fTr5EGyv3T9GtSYvo5KpkvuwWDyQFtO1KM3RpETw0AgymYvEevCjGlfnVQJGsdv5
0BndaF25GmSINoZbuSHJvnmlQ9uRIHblCy8s1lSGTgfPYSyzraCPPR9IPuFuRAtM
uk6Gh8rf4Ly2jCX0NqbRzN74a9GfEpqndP21vWZcmqE5jtXUgVE7qHXyiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLvIvMm/GFDvZw1NFaV178jY8iksMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvdThpOHliOFlVTzluRFUwVnBYWHZ5Tmp5S1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/iGAwQA
V/iPMA0GCSqGSIb3DQEBCwUAA4IBAQApcso8edz2XPve4aowXuAhB/fUt+naMcdS
bXY9bB30gL8Ms7JTprC2wSnMXA5Wtdg3MODOe2mPAlqKrtylqpeQ2ZRZy6WF2D9T
wTRjmyLBhGm4svFsNl5ebvTdtUZVf0PwQfZGiodFnuBWZC7ViLB7NrgdmxSrVAt3
8V/GxPqcQOrLNDbzGE6MLLHpBc/mDQzb0G3agR92vD1j25oEPsT3PKoHPa9q+V5S
tZO8oSJtw+9mg9bqiEWj1X7MzSysY3G3CoDgvsYdQmJigGidGMroxvbPxKxEv7SQ
aT1Iaqq46XXI/F2r0kpbAGbr/c/wuB2Q8tdx/UDwGQvDmqcJIAwc
-----END CERTIFICATE-----