Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/24Dg1pTGVBWiZZULP0tejjNpnOM.roa
File:                     24Dg1pTGVBWiZZULP0tejjNpnOM.roa (raw, json)
Hash identifier:          OsdXCUQ69HuTvR8+CvH0WDNj0ivYOcdKaq3dpudNvCQ=
Subject key identifier:   DB:80:E0:D6:94:C6:54:15:A2:65:95:0B:3F:4B:5E:8E:33:69:9C:E3
Certificate issuer:       /CN=d8fc6e45181d839fd10e4a902762f26c9a646796
Certificate serial:       018CCA2A6BAC7D4836EDE743209B976FD302
Authority key identifier: D8:FC:6E:45:18:1D:83:9F:D1:0E:4A:90:27:62:F2:6C:9A:64:67:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/24Dg1pTGVBWiZZULP0tejjNpnOM.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211291
IP address blocks:        87.249.61.0/24 maxlen: 24
                          87.249.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6b:ac:7d:48:36:ed:e7:43:20:9b:97:6f:d3:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8fc6e45181d839fd10e4a902762f26c9a646796
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db80e0d694c65415a265950b3f4b5e8e33699ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:90:94:7b:54:fa:92:04:e5:33:82:32:3e:02:
                    ff:f1:70:7b:8f:cd:fe:e3:52:dc:97:16:be:ae:9e:
                    be:60:32:0c:95:c5:d1:f3:5a:a5:9d:12:d9:07:52:
                    e5:70:8c:b3:00:aa:50:c0:73:4b:26:62:c7:47:9d:
                    b6:be:a2:34:da:6c:4c:93:8b:29:f4:99:b9:29:89:
                    d4:66:41:cc:d3:76:cb:6b:d3:63:6f:9a:f4:7a:3f:
                    93:ba:1b:f0:a0:18:5d:b5:56:11:cb:ff:d6:17:3d:
                    46:92:56:55:b3:66:e5:d1:44:f9:00:98:59:9b:a0:
                    00:16:70:5b:a1:1e:61:fd:41:52:2d:fc:09:32:3e:
                    ba:67:1f:55:86:3e:6a:f8:99:10:f3:ab:65:5a:a7:
                    29:45:8e:22:57:d4:3e:d6:ca:45:2b:97:21:e7:8a:
                    2d:df:26:2e:d6:13:29:8c:29:a0:48:f8:95:32:7e:
                    5b:67:35:23:a3:22:32:3b:62:77:46:dc:4a:3b:2f:
                    d3:97:11:4e:93:9e:99:91:de:9d:ad:bb:31:72:d9:
                    85:5c:56:b9:10:f8:37:4f:fb:1b:b9:68:36:3b:3a:
                    14:0b:8f:0b:fa:73:88:37:e9:d3:22:d1:e8:27:4b:
                    7c:2c:82:3d:e6:c9:09:c4:fa:79:95:1f:14:f4:bf:
                    32:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:80:E0:D6:94:C6:54:15:A2:65:95:0B:3F:4B:5E:8E:33:69:9C:E3
            X509v3 Authority Key Identifier:
                keyid:D8:FC:6E:45:18:1D:83:9F:D1:0E:4A:90:27:62:F2:6C:9A:64:67:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/24Dg1pTGVBWiZZULP0tejjNpnOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.249.61.0-87.249.63.255

    Signature Algorithm: sha256WithRSAEncryption
         32:2f:cc:9d:dc:66:1f:02:54:be:8c:07:16:eb:f9:0f:09:14:
         e9:be:c8:c2:ae:64:93:3c:93:6f:70:8b:b6:fc:31:62:be:00:
         1e:7f:23:43:dc:b1:c1:f7:95:c0:8a:75:ae:8d:49:6f:25:80:
         13:89:91:f0:b2:92:bc:bb:3d:62:22:10:10:4c:e6:a8:9c:47:
         bc:c6:a4:5f:79:17:0e:e6:dd:c1:59:49:ef:21:63:ac:54:ee:
         75:e7:17:a6:54:bb:cb:86:aa:d3:b7:6c:48:dc:06:2c:a3:34:
         5e:e4:34:f3:2b:8b:7d:d6:5f:47:40:ed:3e:6f:af:f1:f3:64:
         df:ab:70:e8:17:ac:8e:51:4e:7c:43:d9:b8:44:93:56:12:98:
         8d:86:50:2e:70:0c:01:f1:a7:22:f0:25:97:7c:38:f7:48:25:
         e4:e1:54:bc:70:75:93:a7:d9:01:71:7d:a5:aa:b9:34:de:b6:
         62:f5:ff:b4:80:a4:d5:87:3c:3a:e7:aa:58:75:b7:9a:1b:e6:
         b1:ad:10:2d:73:8f:ca:f9:f3:7c:d1:ce:af:c5:68:37:f6:0b:
         15:d6:60:5c:6d:79:0e:82:ad:88:25:dd:b5:cf:90:c9:e6:e3:
         26:e9:41:f1:09:52:e5:a8:f3:32:69:48:65:45:f1:50:21:22:
         b8:2e:42:dc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKmusfUg27edDIJuXb9MCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZmM2ZTQ1MTgxZDgzOWZkMTBlNGE5MDI3NjJmMjZjOWE2
NDY3OTYwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjgwZTBkNjk0YzY1NDE1YTI2NTk1MGIzZjRiNWU4ZTMzNjk5Y2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZCUe1T6kgTlM4IyPgL/8XB7j83+
41Lclxa+rp6+YDIMlcXR81qlnRLZB1LlcIyzAKpQwHNLJmLHR522vqI02mxMk4sp
9Jm5KYnUZkHM03bLa9Njb5r0ej+TuhvwoBhdtVYRy//WFz1GklZVs2bl0UT5AJhZ
m6AAFnBboR5h/UFSLfwJMj66Zx9Vhj5q+JkQ86tlWqcpRY4iV9Q+1spFK5ch54ot
3yYu1hMpjCmgSPiVMn5bZzUjoyIyO2J3RtxKOy/TlxFOk56Zkd6drbsxctmFXFa5
EPg3T/sbuWg2OzoUC48L+nOIN+nTItHoJ0t8LII95skJxPp5lR8U9L8yhwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNuA4NaUxlQVomWVCz9LXo4zaZzjMB8GA1UdIwQY
MBaAFNj8bkUYHYOf0Q5KkCdi8myaZGeWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlB4dVJSZ2RnNV9SRGtxUUoyTHliSnBrWjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82MjM0M2MtZWRiZS00YThhLTg0ZjIt
N2ViMmViODViODRhLzEvMjREZzFwVEdWQldpWlpVTFAwdGVqak5wbk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82MjM0M2MtZWRiZS00YThhLTg0ZjItN2ViMmViODViODRh
LzEvMlB4dVJSZ2RnNV9SRGtxUUoyTHliSnBrWjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABX+T0D
BAZX+QAwDQYJKoZIhvcNAQELBQADggEBADIvzJ3cZh8CVL6MBxbr+Q8JFOm+yMKu
ZJM8k29wi7b8MWK+AB5/I0PcscH3lcCKda6NSW8lgBOJkfCykry7PWIiEBBM5qic
R7zGpF95Fw7m3cFZSe8hY6xU7nXnF6ZUu8uGqtO3bEjcBiyjNF7kNPMri33WX0dA
7T5vr/HzZN+rcOgXrI5RTnxD2bhEk1YSmI2GUC5wDAHxpyLwJZd8OPdIJeThVLxw
dZOn2QFxfaWquTTetmL1/7SApNWHPDrnqlh1t5ob5rGtEC1zj8r583zRzq/FaDf2
CxXWYFxteQ6CrYgl3bXPkMnm4ybpQfEJUuWo8zJpSGVF8VAhIrguQtw=
-----END CERTIFICATE-----