Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/BAzsPPCBy1zDTboFw5Sl-2syIOA.roa
File:                     BAzsPPCBy1zDTboFw5Sl-2syIOA.roa (raw, json)
Hash identifier:          3HXxwP+fQhhVnJuWOZekRFhU3Q46kmrc9Y0dZLDklcg=
Subject key identifier:   04:0C:EC:3C:F0:81:CB:5C:C3:4D:BA:05:C3:94:A5:FB:6B:32:20:E0
Certificate issuer:       /CN=8ad2930d1fe1dd430491fd7b831de9c61692ade4
Certificate serial:       019420680F894B1530A861C7764F8F464F9E
Authority key identifier: 8A:D2:93:0D:1F:E1:DD:43:04:91:FD:7B:83:1D:E9:C6:16:92:AD:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itKTDR_h3UMEkf17gx3pxhaSreQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/BAzsPPCBy1zDTboFw5Sl-2syIOA.roa
Signing time:             Wed 01 Jan 2025 05:47:58 +0000
ROA not before:           Wed 01 Jan 2025 05:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216046
IP address blocks:        77.247.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/itKTDR_h3UMEkf17gx3pxhaSreQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/itKTDR_h3UMEkf17gx3pxhaSreQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itKTDR_h3UMEkf17gx3pxhaSreQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0f:89:4b:15:30:a8:61:c7:76:4f:8f:46:4f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad2930d1fe1dd430491fd7b831de9c61692ade4
        Validity
            Not Before: Jan  1 05:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=040cec3cf081cb5cc34dba05c394a5fb6b3220e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:43:b6:45:53:1d:3d:14:74:40:34:11:c3:5a:
                    ea:9e:dc:7c:8c:a9:11:35:82:dd:82:88:c1:29:48:
                    4f:c0:8a:28:44:39:e6:a1:d3:26:21:f3:e1:c1:ac:
                    5e:69:3a:d2:5b:bb:98:97:49:53:eb:c7:3b:eb:90:
                    60:47:40:fc:b2:52:1f:4a:73:c2:0b:74:17:ee:53:
                    50:64:74:8b:2c:b2:56:d7:18:67:e0:c9:b5:1d:5c:
                    e1:a1:68:89:9d:cf:07:2b:f3:c5:64:2a:ec:bd:7e:
                    c2:c2:96:ae:3b:ae:06:c4:3c:8f:f4:c2:a7:50:28:
                    38:80:e1:3b:50:70:e6:bc:e0:19:79:1c:c1:0b:78:
                    91:76:7b:2f:78:d1:8d:69:3c:e4:a6:d5:7e:a0:ba:
                    2f:c2:23:c5:fa:dd:da:a3:57:ea:03:9e:4e:d7:be:
                    1d:0b:60:64:21:e4:2a:e3:8c:c3:e7:83:8e:52:e4:
                    3a:6f:0a:b7:9c:d6:25:28:78:ce:c1:29:4f:2a:01:
                    98:3f:5b:d1:78:1f:77:d8:1a:c4:37:9f:02:db:26:
                    6f:73:f7:e6:a6:98:71:0b:8a:e1:15:81:26:0e:7a:
                    27:5d:b6:2a:75:60:77:94:d7:6d:fe:2a:16:e2:1d:
                    07:8e:76:24:82:a6:d4:a5:41:ba:c6:60:75:9c:fa:
                    2d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:0C:EC:3C:F0:81:CB:5C:C3:4D:BA:05:C3:94:A5:FB:6B:32:20:E0
            X509v3 Authority Key Identifier:
                keyid:8A:D2:93:0D:1F:E1:DD:43:04:91:FD:7B:83:1D:E9:C6:16:92:AD:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itKTDR_h3UMEkf17gx3pxhaSreQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/BAzsPPCBy1zDTboFw5Sl-2syIOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/itKTDR_h3UMEkf17gx3pxhaSreQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:a0:60:81:80:03:62:e1:60:76:a6:1f:8a:d0:c4:13:d0:bb:
         eb:f9:bc:26:ee:ba:0d:76:66:14:e2:ca:75:e2:4f:fe:dd:82:
         b4:19:91:90:79:e3:a2:5d:96:53:43:a4:24:02:16:79:51:a3:
         e2:d7:a9:d0:7b:08:8d:bc:7c:26:33:86:3e:2b:b0:0b:e6:5b:
         a7:fc:9c:f9:24:78:c1:e7:28:c9:5a:67:7b:19:6a:0c:82:87:
         95:fb:31:1a:b0:c0:f7:bc:14:3e:49:bf:d3:13:2d:cc:40:15:
         34:0f:47:22:26:2a:8c:ca:7f:9e:ad:5f:7d:89:9f:20:6b:ec:
         bb:52:4d:6a:e2:86:66:de:c3:98:85:26:0c:3c:fd:23:11:1c:
         5d:97:ef:07:30:30:46:e6:6a:c4:94:68:15:d9:7d:18:a0:77:
         78:9e:cd:b5:48:78:18:57:84:37:ee:0d:7d:48:6b:aa:6e:7e:
         eb:5e:74:c4:89:be:dc:a9:1b:f1:47:d5:b8:10:33:55:5d:e1:
         e4:22:ee:5a:28:9c:3e:f0:8a:5d:ee:e8:5c:01:65:3a:2a:85:
         72:e8:49:e6:f8:97:cd:b9:ee:45:3c:54:ea:14:83:79:cd:ca:
         fe:59:42:bb:44:2c:bf:92:f6:4a:a4:27:43:db:a6:a4:85:df:
         71:53:1e:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaA+JSxUwqGHHdk+PRk+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDI5MzBkMWZlMWRkNDMwNDkxZmQ3YjgzMWRlOWM2MTY5
MmFkZTQwHhcNMjUwMTAxMDU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBjZWMzY2YwODFjYjVjYzM0ZGJhMDVjMzk0YTVmYjZiMzIyMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6UO2RVMdPRR0QDQRw1rqntx8jKkR
NYLdgojBKUhPwIooRDnmodMmIfPhwaxeaTrSW7uYl0lT68c765BgR0D8slIfSnPC
C3QX7lNQZHSLLLJW1xhn4Mm1HVzhoWiJnc8HK/PFZCrsvX7CwpauO64GxDyP9MKn
UCg4gOE7UHDmvOAZeRzBC3iRdnsveNGNaTzkptV+oLovwiPF+t3ao1fqA55O174d
C2BkIeQq44zD54OOUuQ6bwq3nNYlKHjOwSlPKgGYP1vReB932BrEN58C2yZvc/fm
pphxC4rhFYEmDnonXbYqdWB3lNdt/ioW4h0HjnYkgqbUpUG6xmB1nPotSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQM7Dzwgctcw026BcOUpftrMiDgMB8GA1UdIwQY
MBaAFIrSkw0f4d1DBJH9e4Md6cYWkq3kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRLVERSX2gzVU1Fa2YxN2d4M3B4aGFTcmVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9iZTc4OTQtMGNjYy00ZmJkLTg4MGIt
OTc1OGNiMmI4NDRlLzEvQkF6c1BQQ0J5MXpEVGJvRnc1U2wtMnN5SU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9iZTc4OTQtMGNjYy00ZmJkLTg4MGItOTc1OGNiMmI4NDRl
LzEvaXRLVERSX2gzVU1Fa2YxN2d4M3B4aGFTcmVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfdYMA0G
CSqGSIb3DQEBCwUAA4IBAQB7oGCBgANi4WB2ph+K0MQT0Lvr+bwm7roNdmYU4sp1
4k/+3YK0GZGQeeOiXZZTQ6QkAhZ5UaPi16nQewiNvHwmM4Y+K7AL5lun/Jz5JHjB
5yjJWmd7GWoMgoeV+zEasMD3vBQ+Sb/TEy3MQBU0D0ciJiqMyn+erV99iZ8ga+y7
Uk1q4oZm3sOYhSYMPP0jERxdl+8HMDBG5mrElGgV2X0YoHd4ns21SHgYV4Q37g19
SGuqbn7rXnTEib7cqRvxR9W4EDNVXeHkIu5aKJw+8Ipd7uhcAWU6KoVy6Enm+JfN
ue5FPFTqFIN5zcr+WUK7RCy/kvZKpCdD26akhd9xUx7N
-----END CERTIFICATE-----