Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/yw0LvdCXGFP2MK6-T-0PEVSRXoc.roa
File:                     yw0LvdCXGFP2MK6-T-0PEVSRXoc.roa (raw, json)
Hash identifier:          fu2+6pWSf0qQFW69RPape3dSh1ZjALzL766MidGMCbk=
Subject key identifier:   CB:0D:0B:BD:D0:97:18:53:F6:30:AE:BE:4F:ED:0F:11:54:91:5E:87
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB66942B0F1C334D4964C1D6C0511D
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/yw0LvdCXGFP2MK6-T-0PEVSRXoc.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207326
IP address blocks:        87.248.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:66:94:2b:0f:1c:33:4d:49:64:c1:d6:c0:51:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb0d0bbdd0971853f630aebe4fed0f1154915e87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a7:2c:40:c6:ed:2f:a5:ad:30:75:9b:71:04:
                    ce:0c:2d:15:01:74:34:b3:76:27:91:2d:bc:df:a0:
                    56:f6:29:3c:5f:f6:70:c4:2f:49:f2:61:67:e7:60:
                    9c:8e:d5:50:2e:41:94:9c:fd:7d:8d:cb:f1:62:aa:
                    33:91:c3:11:45:eb:44:93:65:f5:a9:ae:7c:49:d2:
                    90:0e:c2:53:86:74:2b:2b:a6:14:ba:fb:f6:37:7c:
                    fe:24:a3:2c:ee:75:e5:8e:94:8b:e0:47:19:14:01:
                    e6:32:4b:10:7d:1f:b0:13:08:da:0a:7c:a4:28:21:
                    37:01:b3:10:9b:1d:48:36:84:34:45:36:93:c6:2a:
                    6f:1d:d5:b9:ac:15:03:d0:87:62:ae:70:44:f4:ac:
                    04:0f:9a:bc:e8:4b:d8:2c:5d:3d:19:fd:2d:18:6e:
                    57:7b:13:10:c3:ec:b5:5a:c6:ce:b6:ec:fb:35:c5:
                    10:ca:a8:1d:b1:57:b2:b9:7c:f4:db:ab:84:f8:30:
                    f0:42:d4:2a:14:8d:8a:b9:7e:0d:be:6e:71:46:86:
                    61:4e:ff:72:f1:36:cb:6a:e1:6a:fc:29:31:61:70:
                    e7:41:6c:8c:9c:3a:a7:35:56:55:d4:dc:6e:57:72:
                    5d:d3:8b:d6:a4:37:c2:ef:07:1f:3d:be:8a:d9:2d:
                    6f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:0D:0B:BD:D0:97:18:53:F6:30:AE:BE:4F:ED:0F:11:54:91:5E:87
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/yw0LvdCXGFP2MK6-T-0PEVSRXoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:46:55:34:9e:90:e2:a1:3e:6e:2c:2b:9a:cb:ad:0f:71:ae:
         54:73:3e:ba:bd:cc:57:b0:5b:d1:cb:25:6c:fc:71:79:c5:40:
         ee:46:92:d7:cf:50:4c:85:cc:ae:60:8a:9a:42:e1:bb:63:16:
         6f:27:b7:bc:a3:f0:62:53:c2:33:5a:be:a9:05:06:ea:0b:09:
         8d:a2:fb:6f:1b:f6:d5:86:dc:73:e5:49:67:09:c6:32:31:08:
         65:c5:e5:40:ca:a7:b6:93:4b:d9:1b:91:36:e4:6e:0e:b4:90:
         29:dd:17:97:0c:69:0c:cb:9d:a5:8f:ae:ad:04:69:01:08:32:
         7e:33:e9:0f:07:00:08:f6:a4:c2:9f:92:cb:9b:0e:c3:ab:8f:
         77:8a:c0:f7:57:30:96:68:06:b2:74:31:06:ad:3d:4f:ff:6c:
         2f:39:d9:7a:54:26:04:b8:69:fa:26:8d:af:fe:bf:14:21:da:
         6d:b8:df:27:07:aa:fb:58:cc:7b:e7:d8:3a:fd:20:6a:48:29:
         a2:ab:3f:86:b9:4c:1b:97:2a:7d:1f:9b:6e:5c:f9:32:96:d2:
         79:b6:4a:42:6a:5b:52:3b:68:d6:d2:df:bc:ab:8e:f0:54:a6:
         7e:b6:65:f7:de:a6:7f:16:fe:f2:36:9c:62:13:72:eb:48:d7:
         ae:5d:14:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22aUKw8cM01JZMHWwFEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjBkMGJiZGQwOTcxODUzZjYzMGFlYmU0ZmVkMGYxMTU0OTE1ZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6csQMbtL6WtMHWbcQTODC0VAXQ0
s3YnkS2836BW9ik8X/ZwxC9J8mFn52CcjtVQLkGUnP19jcvxYqozkcMRRetEk2X1
qa58SdKQDsJThnQrK6YUuvv2N3z+JKMs7nXljpSL4EcZFAHmMksQfR+wEwjaCnyk
KCE3AbMQmx1INoQ0RTaTxipvHdW5rBUD0IdirnBE9KwED5q86EvYLF09Gf0tGG5X
exMQw+y1WsbOtuz7NcUQyqgdsVeyuXz026uE+DDwQtQqFI2KuX4Nvm5xRoZhTv9y
8TbLauFq/CkxYXDnQWyMnDqnNVZV1NxuV3Jd04vWpDfC7wcfPb6K2S1v8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsNC73QlxhT9jCuvk/tDxFUkV6HMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEveXcwTHZkQ1hHRlAyTUs2LVQtMFBFVlNSWG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iVMA0G
CSqGSIb3DQEBCwUAA4IBAQCtRlU0npDioT5uLCuay60Pca5Ucz66vcxXsFvRyyVs
/HF5xUDuRpLXz1BMhcyuYIqaQuG7YxZvJ7e8o/BiU8IzWr6pBQbqCwmNovtvG/bV
htxz5UlnCcYyMQhlxeVAyqe2k0vZG5E25G4OtJAp3ReXDGkMy52lj66tBGkBCDJ+
M+kPBwAI9qTCn5LLmw7Dq493isD3VzCWaAaydDEGrT1P/2wvOdl6VCYEuGn6Jo2v
/r8UIdptuN8nB6r7WMx759g6/SBqSCmiqz+GuUwblyp9H5tuXPkyltJ5tkpCaltS
O2jW0t+8q47wVKZ+tmX33qZ/Fv7yNpxiE3LrSNeuXRQQ
-----END CERTIFICATE-----