Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/BR0WpUqyVlLFgCU-al1zzwTeWvY.roa
File:                     BR0WpUqyVlLFgCU-al1zzwTeWvY.roa (raw, json)
Hash identifier:          YHXk/Q5pzaU5vFP/0ClS3O8XoVVM2YYOGsR9O85YzI4=
Subject key identifier:   05:1D:16:A5:4A:B2:56:52:C5:80:25:3E:6A:5D:73:CF:04:DE:5A:F6
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0194266B7EDEDF0249F905C56FA425AE2891
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/BR0WpUqyVlLFgCU-al1zzwTeWvY.roa
Signing time:             Thu 02 Jan 2025 09:49:26 +0000
ROA not before:           Thu 02 Jan 2025 09:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43877
IP address blocks:        87.99.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:7e:de:df:02:49:f9:05:c5:6f:a4:25:ae:28:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 09:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=051d16a54ab25652c580253e6a5d73cf04de5af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:02:cd:eb:45:c6:fb:b7:fb:37:89:48:67:92:
                    63:fb:f1:6c:f3:99:87:65:a3:58:38:0d:eb:cb:05:
                    33:93:6a:8a:f7:88:e4:15:da:30:46:27:c5:73:c9:
                    32:dd:1b:c3:cf:5c:1f:c5:fe:d6:54:f4:a9:23:97:
                    32:3b:d4:86:3f:21:4d:55:c4:52:ae:e0:0c:62:04:
                    3e:03:6d:2d:ce:ed:d6:8f:f1:0a:a2:ef:88:f0:46:
                    f8:d9:eb:78:69:00:01:e7:93:94:8d:88:64:02:bd:
                    d5:3b:b4:b6:e4:7f:50:07:8b:70:1c:10:bf:9a:12:
                    9e:50:d6:2c:68:c0:f4:c9:47:c5:31:ae:48:c1:e6:
                    36:b7:44:33:61:17:bf:7e:d2:ed:8a:b3:c5:db:7a:
                    42:cb:ad:e5:26:8e:18:86:90:e8:23:20:2c:19:6a:
                    46:29:3a:1a:ec:11:9c:c5:29:83:62:4f:8f:8c:b4:
                    a2:13:aa:34:e8:46:68:51:b8:9b:c8:7b:d5:21:ed:
                    37:e2:df:ab:2a:0b:2b:2b:38:51:bf:ce:a1:27:32:
                    21:7b:e9:f2:91:36:e0:70:19:f4:63:e8:6a:64:ee:
                    c2:a5:e7:13:6c:0c:e9:95:9a:81:49:3f:53:ab:ac:
                    37:57:59:ba:7a:c2:c0:73:a5:42:75:38:7d:fd:27:
                    67:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1D:16:A5:4A:B2:56:52:C5:80:25:3E:6A:5D:73:CF:04:DE:5A:F6
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/BR0WpUqyVlLFgCU-al1zzwTeWvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.99.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:3b:d4:c1:da:cb:f5:1d:46:42:de:f6:b0:2f:cd:29:84:aa:
         79:c9:d6:fd:5c:cc:b1:94:aa:85:36:b8:4f:db:2d:62:f6:6c:
         8c:44:81:eb:69:bc:83:58:38:8c:c1:73:5f:30:83:d3:f3:61:
         1a:34:10:cb:8f:32:cb:8b:c7:0a:ab:ec:cf:c8:0b:1c:eb:52:
         27:6a:42:81:1e:d2:4f:ca:83:49:1b:6e:47:a2:e6:2d:20:df:
         5c:c2:89:3a:66:90:dd:aa:64:1b:b5:23:1c:4c:a6:8a:95:df:
         13:f7:35:dd:42:e6:5f:cd:2b:59:93:79:0a:09:a6:be:34:9a:
         9b:bd:b8:c4:a7:97:fe:7b:db:f4:8f:99:c5:db:79:29:85:c0:
         28:d4:95:eb:fe:2a:99:0a:ab:88:f2:77:7c:ca:ef:56:a3:32:
         30:c7:97:ff:6e:36:05:34:8c:04:14:3f:6b:e1:89:fa:36:9c:
         dd:4e:b2:70:d8:8a:a2:d4:cc:af:82:c8:db:85:d0:05:7a:20:
         74:b8:e5:1f:ed:3f:77:cb:06:3e:a0:1b:45:9b:88:f8:02:4a:
         1f:8c:98:b5:aa:2c:49:44:74:f9:74:ec:41:c4:87:18:91:30:
         01:f3:37:3d:c5:e8:58:90:3f:d5:62:ad:19:da:54:db:df:6c:
         b7:15:91:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma37e3wJJ+QXFb6QlriiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwMTAyMDk0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFkMTZhNTRhYjI1NjUyYzU4MDI1M2U2YTVkNzNjZjA0ZGU1YWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQLN60XG+7f7N4lIZ5Jj+/Fs85mH
ZaNYOA3rywUzk2qK94jkFdowRifFc8ky3RvDz1wfxf7WVPSpI5cyO9SGPyFNVcRS
ruAMYgQ+A20tzu3Wj/EKou+I8Eb42et4aQAB55OUjYhkAr3VO7S25H9QB4twHBC/
mhKeUNYsaMD0yUfFMa5IweY2t0QzYRe/ftLtirPF23pCy63lJo4YhpDoIyAsGWpG
KToa7BGcxSmDYk+PjLSiE6o06EZoUbibyHvVIe034t+rKgsrKzhRv86hJzIhe+ny
kTbgcBn0Y+hqZO7CpecTbAzplZqBST9Tq6w3V1m6esLAc6VCdTh9/SdniQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUdFqVKslZSxYAlPmpdc88E3lr2MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvQlIwV3BVcXlWbExGZ0NVLWFsMXp6d1RlV3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2NNMA0G
CSqGSIb3DQEBCwUAA4IBAQBxO9TB2sv1HUZC3vawL80phKp5ydb9XMyxlKqFNrhP
2y1i9myMRIHrabyDWDiMwXNfMIPT82EaNBDLjzLLi8cKq+zPyAsc61InakKBHtJP
yoNJG25HouYtIN9cwok6ZpDdqmQbtSMcTKaKld8T9zXdQuZfzStZk3kKCaa+NJqb
vbjEp5f+e9v0j5nF23kphcAo1JXr/iqZCquI8nd8yu9WozIwx5f/bjYFNIwEFD9r
4Yn6NpzdTrJw2Iqi1MyvgsjbhdAFeiB0uOUf7T93ywY+oBtFm4j4AkofjJi1qixJ
RHT5dOxBxIcYkTAB8zc9xehYkD/VYq0Z2lTb32y3FZEA
-----END CERTIFICATE-----