Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/xVEHhrExMV27MVUqK0MH7O3Wk9Q.roa
File:                     xVEHhrExMV27MVUqK0MH7O3Wk9Q.roa (raw, json)
Hash identifier:          LoltQhe4mGE6VSJ1O5SUq+ApjnW7RFROwXUjy+TQnmc=
Subject key identifier:   C5:51:07:86:B1:31:31:5D:BB:31:55:2A:2B:43:07:EC:ED:D6:93:D4
Certificate issuer:       /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial:       018F10839086339122C8E86764D54B4AEF68
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/xVEHhrExMV27MVUqK0MH7O3Wk9Q.roa
Signing time:             Wed 24 Apr 2024 14:30:08 +0000
ROA not before:           Wed 24 Apr 2024 14:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44712
IP address blocks:        151.249.104.0/21 maxlen: 24
                          2a01:a8c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:83:90:86:33:91:22:c8:e8:67:64:d5:4b:4a:ef:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
        Validity
            Not Before: Apr 24 14:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5510786b131315dbb31552a2b4307ecedd693d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:74:06:24:ae:34:cb:07:53:57:5a:13:e4:7b:
                    08:82:7f:4c:1e:ac:f4:32:af:5b:5c:3e:34:69:2c:
                    b5:65:87:5d:b9:89:2f:f9:12:32:8c:c8:d8:df:b9:
                    e0:2e:e5:94:c3:68:9c:ac:61:8b:8e:4e:71:b2:f1:
                    75:e4:28:1f:60:84:28:a4:d1:21:a8:2f:25:c7:32:
                    82:bf:e7:b7:aa:1d:e6:1d:0a:ad:1f:e8:30:1e:ba:
                    d0:ff:b0:ea:ec:ec:ef:fc:36:d1:87:42:14:67:27:
                    9c:48:f9:dd:a7:fc:e0:31:7b:dd:7d:80:9c:fb:3e:
                    3d:6d:59:86:49:76:e7:d1:ae:5a:40:3a:47:fb:68:
                    81:a3:c6:c4:8e:09:7a:04:2e:5d:d5:37:70:4b:b2:
                    d0:89:01:30:09:e7:b0:63:d3:0f:a0:da:6b:a4:be:
                    bc:e4:d3:1b:be:c2:a7:95:ac:8a:01:52:10:06:19:
                    dd:49:f6:a4:93:f4:25:9b:bb:21:80:3f:c6:78:72:
                    da:33:44:b3:32:7e:c5:58:8d:bc:82:49:26:c8:fa:
                    4f:43:c5:7a:ed:6f:e6:cb:90:f4:7c:d9:5f:e7:a6:
                    ce:43:19:12:b1:51:dd:f2:34:42:5c:fb:c0:2f:10:
                    1f:3c:51:18:2f:da:37:b6:e3:e4:ef:28:d6:36:9e:
                    45:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:51:07:86:B1:31:31:5D:BB:31:55:2A:2B:43:07:EC:ED:D6:93:D4
            X509v3 Authority Key Identifier:
                keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/xVEHhrExMV27MVUqK0MH7O3Wk9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.249.104.0/21
                IPv6:
                  2a01:a8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:08:3a:f4:ce:d4:12:8d:b2:8b:f7:fb:f4:e0:31:8e:34:af:
         73:23:cf:b6:31:e2:a3:09:42:be:2f:de:2e:94:b6:27:70:3d:
         b9:f4:04:5f:59:d4:59:19:36:ee:a5:f5:81:ce:91:52:3d:f1:
         46:fc:53:4a:18:2e:bc:b6:d7:e0:78:64:27:6a:84:12:4b:c7:
         4d:ad:a4:66:ba:d5:3b:93:01:18:67:9d:a6:21:63:ce:a5:ed:
         b9:90:56:18:0d:ca:41:44:6a:cd:cf:7f:39:fa:67:62:cb:16:
         01:94:8e:8b:77:03:a4:d3:ff:9f:b5:3a:02:e5:0a:4a:81:f5:
         e0:d8:5a:8b:b4:45:16:73:5f:a9:e5:b8:16:28:79:a7:ab:40:
         dc:73:06:aa:0f:1d:77:64:23:b4:ea:f1:72:ac:1f:7b:c8:ad:
         c6:2a:65:c3:3a:de:f7:d0:d8:fb:d9:d6:f0:ab:62:8a:10:93:
         de:e8:79:af:f5:89:90:b4:1f:e5:92:cd:97:bd:5e:e9:1b:3e:
         31:86:6e:be:c2:6a:03:06:83:30:09:15:ae:6b:da:7c:d6:83:
         a0:27:db:1a:91:1e:a4:46:a6:56:e8:06:6d:5c:33:58:89:01:
         83:72:d7:34:bf:14:19:0e:14:38:c0:ae:ed:5a:8f:5d:42:a9:
         7d:4c:c7:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8Qg5CGM5EiyOhnZNVLSu9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjQwNDI0MTQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTUxMDc4NmIxMzEzMTVkYmIzMTU1MmEyYjQzMDdlY2VkZDY5M2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXQGJK40ywdTV1oT5HsIgn9MHqz0
Mq9bXD40aSy1ZYdduYkv+RIyjMjY37ngLuWUw2icrGGLjk5xsvF15CgfYIQopNEh
qC8lxzKCv+e3qh3mHQqtH+gwHrrQ/7Dq7Ozv/DbRh0IUZyecSPndp/zgMXvdfYCc
+z49bVmGSXbn0a5aQDpH+2iBo8bEjgl6BC5d1TdwS7LQiQEwCeewY9MPoNprpL68
5NMbvsKnlayKAVIQBhndSfakk/Qlm7shgD/GeHLaM0SzMn7FWI28gkkmyPpPQ8V6
7W/my5D0fNlf56bOQxkSsVHd8jRCXPvALxAfPFEYL9o3tuPk7yjWNp5FRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMVRB4axMTFduzFVKitDB+zt1pPUMB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEveFZFSGhyRXhNVjI3TVZVcUswTUg3TzNXazlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDl/loMA0E
AgACMAcDBQMqAajAMA0GCSqGSIb3DQEBCwUAA4IBAQBACDr0ztQSjbKL9/v04DGO
NK9zI8+2MeKjCUK+L94ulLYncD259ARfWdRZGTbupfWBzpFSPfFG/FNKGC68ttfg
eGQnaoQSS8dNraRmutU7kwEYZ52mIWPOpe25kFYYDcpBRGrNz385+mdiyxYBlI6L
dwOk0/+ftToC5QpKgfXg2FqLtEUWc1+p5bgWKHmnq0DccwaqDx13ZCO06vFyrB97
yK3GKmXDOt730Nj72dbwq2KKEJPe6Hmv9YmQtB/lks2XvV7pGz4xhm6+wmoDBoMw
CRWua9p81oOgJ9sakR6kRqZW6AZtXDNYiQGDctc0vxQZDhQ4wK7tWo9dQql9TMfA
-----END CERTIFICATE-----