Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/vkpPoC2wR_ub0fgj-KeXRvHSbSY.roa
File:                     vkpPoC2wR_ub0fgj-KeXRvHSbSY.roa (raw, json)
Hash identifier:          NclwLMN6CU4Q5reaazN2fxhKgJkvdgza7Z4eYJ9ogOc=
Subject key identifier:   BE:4A:4F:A0:2D:B0:47:FB:9B:D1:F8:23:F8:A7:97:46:F1:D2:6D:26
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB65777A0EB95EA631C95328A374B8
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/vkpPoC2wR_ub0fgj-KeXRvHSbSY.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59962
IP address blocks:        87.248.140.0/24 maxlen: 24
                          87.248.141.0/24 maxlen: 24
                          87.248.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:65:77:7a:0e:b9:5e:a6:31:c9:53:28:a3:74:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be4a4fa02db047fb9bd1f823f8a79746f1d26d26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:04:91:03:8e:24:53:83:07:d0:ae:92:00:be:
                    02:8f:72:be:ce:fd:fb:09:d4:c5:f3:a0:cb:2c:66:
                    2f:d5:f4:58:b3:bc:59:5c:3b:cd:a8:d7:f8:71:09:
                    f0:7b:04:e2:ab:f5:13:ca:20:8c:2e:32:b4:63:80:
                    05:ee:fe:04:c8:d2:43:9b:5e:ed:63:90:7a:bd:38:
                    82:5d:73:d5:e8:3d:70:41:47:c9:4e:5c:e9:dd:dd:
                    03:0d:fd:fb:cd:50:1f:f5:39:cb:6b:81:db:3f:0b:
                    87:7b:3b:2f:90:48:c0:df:29:97:3b:dc:54:e6:04:
                    bc:be:3d:2d:8f:96:28:f4:45:d3:ce:37:59:c7:fa:
                    5f:df:3a:fc:8f:fd:58:4e:6a:26:ff:ad:f3:9b:0d:
                    a2:42:12:26:98:d3:0f:80:d4:70:84:5f:f0:bc:5f:
                    d8:6e:60:13:43:2d:8f:0f:9d:58:19:28:c3:57:73:
                    24:82:62:fb:3b:94:b2:94:31:4d:27:24:df:6d:fd:
                    54:bd:27:25:d7:e5:17:89:56:22:c7:25:5a:22:f4:
                    02:59:70:18:c9:6f:01:a4:f5:af:3f:78:4e:bc:55:
                    73:3f:e4:12:8a:a1:b9:b4:a1:ea:47:92:5c:c1:9b:
                    2b:a8:19:c9:5b:4b:c2:5b:25:7e:de:8a:04:03:1b:
                    c4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4A:4F:A0:2D:B0:47:FB:9B:D1:F8:23:F8:A7:97:46:F1:D2:6D:26
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/vkpPoC2wR_ub0fgj-KeXRvHSbSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.140.0/23
                  87.248.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:0b:3c:8a:c7:59:e9:56:42:45:29:9d:99:81:0f:41:3f:b8:
         71:a1:73:05:60:63:ee:b3:5c:51:f1:87:93:59:c7:ce:80:3b:
         af:94:96:75:41:b8:99:35:0c:fa:4c:bb:74:ad:6e:f7:e9:67:
         c4:42:39:bd:08:67:a1:60:d9:19:5e:3a:3b:af:b3:a2:ce:c2:
         19:e9:20:41:e2:3c:d8:e6:e2:1a:dd:d4:86:04:07:42:6d:79:
         c9:78:1d:2a:b5:5d:3e:bd:c3:ce:34:5c:3e:6c:95:8d:60:44:
         17:dc:86:ae:e4:30:96:38:1e:b3:5d:83:b5:da:c1:a7:71:6d:
         41:19:f1:bf:7b:16:9f:e8:51:36:f9:28:15:23:e9:ed:7a:d1:
         f0:10:1f:87:9c:58:f7:f8:e6:fe:8c:1f:c3:ad:ea:ac:29:8a:
         4f:be:72:5d:48:fe:7b:6b:36:32:2c:5a:55:1a:8b:cc:7f:d5:
         2e:af:d6:8b:52:b1:1e:95:7c:e9:52:61:c5:43:fe:54:6b:e0:
         3f:59:a8:21:c9:9b:a7:96:99:36:19:f5:d0:ca:c5:71:4c:46:
         e6:ac:cc:37:de:32:86:e9:f3:a9:61:6e:41:09:4a:83:f5:fe:
         d1:8f:ec:e8:90:6f:0a:54:eb:37:81:bd:5f:48:53:ed:1c:40:
         eb:bb:44:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC22V3eg65XqYxyVMoo3S4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTRhNGZhMDJkYjA0N2ZiOWJkMWY4MjNmOGE3OTc0NmYxZDI2ZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhASRA44kU4MH0K6SAL4Cj3K+zv37
CdTF86DLLGYv1fRYs7xZXDvNqNf4cQnwewTiq/UTyiCMLjK0Y4AF7v4EyNJDm17t
Y5B6vTiCXXPV6D1wQUfJTlzp3d0DDf37zVAf9TnLa4HbPwuHezsvkEjA3ymXO9xU
5gS8vj0tj5Yo9EXTzjdZx/pf3zr8j/1YTmom/63zmw2iQhImmNMPgNRwhF/wvF/Y
bmATQy2PD51YGSjDV3MkgmL7O5SylDFNJyTfbf1UvScl1+UXiVYixyVaIvQCWXAY
yW8BpPWvP3hOvFVzP+QSiqG5tKHqR5JcwZsrqBnJW0vCWyV+3ooEAxvEZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL5KT6AtsEf7m9H4I/inl0bx0m0mMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvdmtwUG9DMndSX3ViMGZnai1LZVhSdkhTYlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV/iMAwQA
V/iaMA0GCSqGSIb3DQEBCwUAA4IBAQAhCzyKx1npVkJFKZ2ZgQ9BP7hxoXMFYGPu
s1xR8YeTWcfOgDuvlJZ1QbiZNQz6TLt0rW736WfEQjm9CGehYNkZXjo7r7OizsIZ
6SBB4jzY5uIa3dSGBAdCbXnJeB0qtV0+vcPONFw+bJWNYEQX3Iau5DCWOB6zXYO1
2sGncW1BGfG/exaf6FE2+SgVI+ntetHwEB+HnFj3+Ob+jB/DreqsKYpPvnJdSP57
azYyLFpVGovMf9Uur9aLUrEelXzpUmHFQ/5Ua+A/WaghyZunlpk2GfXQysVxTEbm
rMw33jKG6fOpYW5BCUqD9f7Rj+zokG8KVOs3gb1fSFPtHEDru0Sb
-----END CERTIFICATE-----