Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/8neCxhaAsYaJYU9S15NmrANTFco.roa
File:                     8neCxhaAsYaJYU9S15NmrANTFco.roa (raw, json)
Hash identifier:          4Xxa8uO6V7yLYBbylJYWkJX0nrzIRa0JN8AeDSSd+ak=
Subject key identifier:   F2:77:82:C6:16:80:B1:86:89:61:4F:52:D7:93:66:AC:03:53:15:CA
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01942444D3ABE3B3F5CC22AE0286887DA0A7
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/8neCxhaAsYaJYU9S15NmrANTFco.roa
Signing time:             Wed 01 Jan 2025 23:47:57 +0000
ROA not before:           Wed 01 Jan 2025 23:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24768
IP address blocks:        77.246.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d3:ab:e3:b3:f5:cc:22:ae:02:86:88:7d:a0:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jan  1 23:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f27782c61680b18689614f52d79366ac035315ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:18:d7:20:65:09:15:7c:d9:35:9c:2c:bf:08:
                    92:a5:96:f7:60:51:07:07:06:d1:0d:77:a4:78:b6:
                    a9:1a:e4:41:c0:4c:28:19:60:e4:cb:77:18:4a:1a:
                    93:62:9f:1d:b8:aa:36:08:fc:81:ed:65:c2:b8:d8:
                    14:c8:ee:69:0c:b5:49:f2:77:37:c2:bf:93:76:52:
                    d9:2b:27:9e:9e:77:1e:bc:de:26:82:e4:51:33:e3:
                    6a:34:f1:6b:6d:51:3e:dd:62:bb:f8:ec:2b:41:f3:
                    7a:94:eb:76:75:92:21:4b:ec:67:90:f1:24:f5:5a:
                    d4:f1:ef:76:cf:25:52:50:97:5b:f0:18:bc:3f:11:
                    52:e9:c5:69:6f:11:f5:ad:69:21:15:2d:09:e3:a5:
                    98:44:da:c2:4a:4b:d7:a6:37:b3:02:2d:0a:1c:16:
                    39:79:71:f8:d0:b3:ad:31:6a:4e:ec:33:e0:4c:f4:
                    2b:39:c6:72:f3:42:d2:94:c5:a8:fe:f0:e9:72:ac:
                    ee:67:00:38:23:2d:51:07:f2:45:fe:4a:58:63:69:
                    2f:d8:f4:54:b3:32:e3:b3:9a:ed:7a:14:3d:d4:64:
                    4e:24:59:2d:db:e9:8e:b0:e4:0e:f1:c8:c8:83:e4:
                    c0:0e:a2:1a:ec:17:8a:5d:3f:a5:71:d1:60:9d:97:
                    1d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:77:82:C6:16:80:B1:86:89:61:4F:52:D7:93:66:AC:03:53:15:CA
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/8neCxhaAsYaJYU9S15NmrANTFco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:7f:24:ca:c2:fa:7f:d4:a0:71:da:92:99:88:9a:7d:f8:e3:
         db:ef:54:a1:73:7f:1f:d7:69:e9:6a:78:c7:92:b0:be:73:50:
         f5:7e:46:4e:89:71:ef:3e:79:cb:51:cf:c0:41:94:2d:ca:c8:
         ea:a2:93:b0:79:9e:c9:87:f4:29:01:40:f6:40:18:79:2d:f8:
         12:69:bb:38:82:6c:d8:6e:cb:47:28:ca:c7:5e:e2:3b:b3:5e:
         95:e2:33:ba:30:36:2f:da:74:8e:de:33:fc:c5:b5:96:f0:26:
         c2:90:96:6f:34:aa:1c:a7:6a:b6:62:80:ec:13:e7:0f:53:e2:
         b9:f3:d9:89:82:e2:22:f5:ab:44:9d:66:67:2e:12:f5:61:c5:
         bc:12:cc:b4:a8:2f:09:79:98:ce:5a:c1:5e:2e:ab:e8:7b:ad:
         d3:db:30:38:cd:6b:0b:ca:4b:a5:98:ea:bb:df:2e:36:c7:1b:
         1e:47:50:d3:53:82:af:33:5f:5f:30:86:cd:30:82:67:1d:19:
         a3:a0:ea:7f:a3:ae:b7:70:08:bc:e2:ec:1a:07:27:88:a3:1e:
         e3:a1:6b:ab:ec:c5:fa:41:92:b2:66:e0:41:a1:f5:63:ae:e1:
         79:c0:05:07:a6:88:cc:97:34:2e:0d:e6:05:a8:51:4b:40:62:
         c8:54:39:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRNOr47P1zCKuAoaIfaCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwMTAxMjM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc3ODJjNjE2ODBiMTg2ODk2MTRmNTJkNzkzNjZhYzAzNTMxNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBjXIGUJFXzZNZwsvwiSpZb3YFEH
BwbRDXekeLapGuRBwEwoGWDky3cYShqTYp8duKo2CPyB7WXCuNgUyO5pDLVJ8nc3
wr+TdlLZKyeenncevN4mguRRM+NqNPFrbVE+3WK7+OwrQfN6lOt2dZIhS+xnkPEk
9VrU8e92zyVSUJdb8Bi8PxFS6cVpbxH1rWkhFS0J46WYRNrCSkvXpjezAi0KHBY5
eXH40LOtMWpO7DPgTPQrOcZy80LSlMWo/vDpcqzuZwA4Iy1RB/JF/kpYY2kv2PRU
szLjs5rtehQ91GROJFkt2+mOsOQO8cjIg+TADqIa7BeKXT+lcdFgnZcdfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJ3gsYWgLGGiWFPUteTZqwDUxXKMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvOG5lQ3hoYUFzWWFKWVU5UzE1Tm1yQU5URmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbfMA0G
CSqGSIb3DQEBCwUAA4IBAQCOfyTKwvp/1KBx2pKZiJp9+OPb71Shc38f12npanjH
krC+c1D1fkZOiXHvPnnLUc/AQZQtysjqopOweZ7Jh/QpAUD2QBh5LfgSabs4gmzY
bstHKMrHXuI7s16V4jO6MDYv2nSO3jP8xbWW8CbCkJZvNKocp2q2YoDsE+cPU+K5
89mJguIi9atEnWZnLhL1YcW8Esy0qC8JeZjOWsFeLqvoe63T2zA4zWsLykulmOq7
3y42xxseR1DTU4KvM19fMIbNMIJnHRmjoOp/o663cAi84uwaByeIox7joWur7MX6
QZKyZuBBofVjruF5wAUHpojMlzQuDeYFqFFLQGLIVDnj
-----END CERTIFICATE-----