Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/d6sgkQbNQYkqYXcedUvxxcDi_RY.roa
File:                     d6sgkQbNQYkqYXcedUvxxcDi_RY.roa (raw, json)
Hash identifier:          qNUbQpwyqYmbMOUJJoCyiXY3LQNxqUvVSzT1Kq6z0rI=
Subject key identifier:   77:AB:20:91:06:CD:41:89:2A:61:77:1E:75:4B:F1:C5:C0:E2:FD:16
Certificate issuer:       /CN=c8a4bbd78af363fa5beee632e8bdc48b6297343c
Certificate serial:       019421B1A29D05D4C90384DA7A1D7284FBEC
Authority key identifier: C8:A4:BB:D7:8A:F3:63:FA:5B:EE:E6:32:E8:BD:C4:8B:62:97:34:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yKS714rzY_pb7uYy6L3Ei2KXNDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/d6sgkQbNQYkqYXcedUvxxcDi_RY.roa
Signing time:             Wed 01 Jan 2025 11:47:57 +0000
ROA not before:           Wed 01 Jan 2025 11:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        198.151.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/yKS714rzY_pb7uYy6L3Ei2KXNDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/yKS714rzY_pb7uYy6L3Ei2KXNDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yKS714rzY_pb7uYy6L3Ei2KXNDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a2:9d:05:d4:c9:03:84:da:7a:1d:72:84:fb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8a4bbd78af363fa5beee632e8bdc48b6297343c
        Validity
            Not Before: Jan  1 11:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77ab209106cd41892a61771e754bf1c5c0e2fd16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:f3:4c:d7:87:53:d5:36:63:97:55:33:0b:9e:
                    87:00:c3:d7:32:4b:75:a2:c7:2d:f2:2d:3d:0c:a2:
                    b3:20:f4:01:f9:fe:3e:da:73:ab:5c:27:25:9a:99:
                    6f:20:35:17:7f:b5:ad:e0:1e:cf:f5:99:c2:c2:da:
                    36:3d:35:09:e3:79:a5:da:3f:70:a5:a9:c4:52:14:
                    0e:1d:50:f6:32:67:e9:5e:21:4e:e9:25:20:5d:4d:
                    f7:dc:e4:9e:b2:a6:ca:aa:0d:1a:0a:c7:01:e9:9b:
                    75:a1:62:a8:c0:92:fd:07:77:6a:85:71:2b:f4:b9:
                    26:00:bc:e5:32:eb:49:0d:30:2c:ad:f3:30:58:8b:
                    5a:43:b7:4b:b5:e1:09:95:10:ff:8d:90:4d:f3:35:
                    92:dc:67:52:0b:3f:cb:a3:aa:04:98:0f:7f:a2:c9:
                    04:10:04:fe:07:9d:bb:d0:2c:2b:b9:db:8f:40:cb:
                    b1:77:19:9b:8e:bb:77:1e:e1:eb:18:10:da:5e:6f:
                    18:e7:5a:8c:d3:c8:7f:93:79:15:83:e7:ea:e7:b7:
                    86:24:00:2e:93:3f:ab:32:bf:de:2f:38:af:f0:a6:
                    29:d2:32:f4:fb:90:eb:ce:fd:74:5a:b0:e0:69:71:
                    fe:70:a0:42:0e:62:73:34:00:77:18:66:dd:f8:09:
                    bb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:AB:20:91:06:CD:41:89:2A:61:77:1E:75:4B:F1:C5:C0:E2:FD:16
            X509v3 Authority Key Identifier:
                keyid:C8:A4:BB:D7:8A:F3:63:FA:5B:EE:E6:32:E8:BD:C4:8B:62:97:34:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKS714rzY_pb7uYy6L3Ei2KXNDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/d6sgkQbNQYkqYXcedUvxxcDi_RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/yKS714rzY_pb7uYy6L3Ei2KXNDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.151.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:1c:fe:ac:6c:77:f0:93:63:cb:80:7d:39:ba:f8:cd:a7:85:
         18:91:ca:03:c4:b8:52:04:ff:7c:c1:a3:93:63:aa:df:f5:ac:
         81:07:c1:c4:7f:37:03:e6:d0:c9:ad:62:1f:a5:3a:00:f9:f6:
         92:0e:b8:77:61:15:ef:69:cd:82:a7:1a:2c:27:db:8c:33:b6:
         10:b7:e8:07:66:6e:e3:a2:f5:0e:1f:6c:14:79:e8:c3:2e:d1:
         d2:a6:e2:a8:5d:c5:a1:af:5e:e4:dd:a9:1d:2f:43:ee:f8:d9:
         6f:38:57:03:00:32:5e:62:64:48:e4:69:48:5a:be:ce:f1:87:
         59:4e:12:86:55:a6:f1:58:0e:1f:30:e0:22:52:4b:70:b7:3d:
         f3:ac:32:06:4f:82:b2:3f:06:2b:b7:09:7f:33:a2:37:93:24:
         97:1e:44:dd:ef:54:f1:3a:17:1e:ce:5c:b1:2f:a8:15:74:16:
         73:89:bb:47:ba:72:5a:cd:b1:67:92:67:d7:4f:48:33:51:27:
         7c:78:d5:52:5b:d4:54:88:ad:f4:54:40:39:a7:a1:66:6c:87:
         9d:ae:f9:60:30:b2:a0:2d:33:ed:02:8a:c6:5a:23:ef:bc:8e:
         7b:1c:cf:b8:8a:4d:7b:b4:45:02:a7:1a:fd:18:53:79:85:37:
         89:8f:f1:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsaKdBdTJA4Taeh1yhPvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YTRiYmQ3OGFmMzYzZmE1YmVlZTYzMmU4YmRjNDhiNjI5
NzM0M2MwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2FiMjA5MTA2Y2Q0MTg5MmE2MTc3MWU3NTRiZjFjNWMwZTJmZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6/NM14dT1TZjl1UzC56HAMPXMkt1
osct8i09DKKzIPQB+f4+2nOrXCclmplvIDUXf7Wt4B7P9ZnCwto2PTUJ43ml2j9w
panEUhQOHVD2MmfpXiFO6SUgXU333OSesqbKqg0aCscB6Zt1oWKowJL9B3dqhXEr
9LkmALzlMutJDTAsrfMwWItaQ7dLteEJlRD/jZBN8zWS3GdSCz/Lo6oEmA9/oskE
EAT+B5270CwruduPQMuxdxmbjrt3HuHrGBDaXm8Y51qM08h/k3kVg+fq57eGJAAu
kz+rMr/eLziv8KYp0jL0+5Drzv10WrDgaXH+cKBCDmJzNAB3GGbd+Am7OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHerIJEGzUGJKmF3HnVL8cXA4v0WMB8GA1UdIwQY
MBaAFMiku9eK82P6W+7mMui9xItilzQ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUtTNzE0cnpZX3BiN3VZeTZMM0VpMktYTkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8yNDZiNGQtNGQzZS00ZTAyLThjMDct
YWM2OGE1MGQwYzk5LzEvZDZzZ2tRYk5RWWtxWVhjZWRVdnh4Y0RpX1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8yNDZiNGQtNGQzZS00ZTAyLThjMDctYWM2OGE1MGQwYzk5
LzEveUtTNzE0cnpZX3BiN3VZeTZMM0VpMktYTkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxpedMA0G
CSqGSIb3DQEBCwUAA4IBAQB7HP6sbHfwk2PLgH05uvjNp4UYkcoDxLhSBP98waOT
Y6rf9ayBB8HEfzcD5tDJrWIfpToA+faSDrh3YRXvac2CpxosJ9uMM7YQt+gHZm7j
ovUOH2wUeejDLtHSpuKoXcWhr17k3akdL0Pu+NlvOFcDADJeYmRI5GlIWr7O8YdZ
ThKGVabxWA4fMOAiUktwtz3zrDIGT4KyPwYrtwl/M6I3kySXHkTd71TxOhcezlyx
L6gVdBZzibtHunJazbFnkmfXT0gzUSd8eNVSW9RUiK30VEA5p6FmbIedrvlgMLKg
LTPtAorGWiPvvI57HM+4ik17tEUCpxr9GFN5hTeJj/GQ
-----END CERTIFICATE-----