Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/G8RmS1irjyOQ_R_OfQrQZD1RRW8.roa
File:                     G8RmS1irjyOQ_R_OfQrQZD1RRW8.roa (raw, json)
Hash identifier:          xYM/g2dwTuuUUvfrLdHY56hSNs/5sAL333GU93nxbqA=
Subject key identifier:   1B:C4:66:4B:58:AB:8F:23:90:FD:1F:CE:7D:0A:D0:64:3D:51:45:6F
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4925206FABB07D1736991FCB32BF981
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/G8RmS1irjyOQ_R_OfQrQZD1RRW8.roa
Signing time:             Mon 01 Jan 2024 10:29:32 +0000
ROA not before:           Mon 01 Jan 2024 10:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199871
IP address blocks:        151.252.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:52:06:fa:bb:07:d1:73:69:91:fc:b3:2b:f9:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bc4664b58ab8f2390fd1fce7d0ad0643d51456f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:39:31:d4:cd:73:bd:19:16:82:50:09:a8:cb:
                    3a:8e:4b:01:d7:2a:72:60:28:f7:f8:83:4f:2e:9b:
                    5f:80:67:1c:bf:ff:47:bb:87:e2:52:c3:8b:2f:b0:
                    ea:93:7d:c7:2d:e5:b5:53:6d:be:28:6b:87:0f:65:
                    2c:75:bf:1d:0c:80:e6:82:e0:28:97:eb:6e:7e:76:
                    94:5b:ac:b9:9a:e8:17:fa:97:f2:ec:3d:af:3d:e2:
                    f5:12:3c:8d:9e:b6:4c:95:c1:7b:d1:90:56:38:bc:
                    c7:f4:7c:d1:df:da:47:03:97:8a:01:17:dc:7d:6d:
                    89:99:e5:5a:93:b8:73:1e:c5:63:f8:2a:3c:78:3b:
                    48:e3:4a:8f:0e:4b:fc:c2:72:f7:50:f6:0d:1d:55:
                    22:2c:e0:ca:6a:84:8b:7c:91:1d:9a:66:cc:e9:ba:
                    35:a8:84:fa:84:f1:58:34:bb:ee:2f:ff:69:8c:9e:
                    44:7c:60:4a:f4:c6:6b:cc:4f:67:0b:41:ec:18:da:
                    e5:ea:bf:cf:a7:73:3b:4e:ae:2c:5c:d2:2e:db:99:
                    54:40:66:cb:cd:1e:f0:cb:73:49:09:05:15:a3:b0:
                    bf:a6:b1:c8:8d:7d:5d:52:90:9d:51:06:09:bd:44:
                    d5:47:d8:0a:81:7a:1c:ec:51:e0:0b:dd:e7:da:53:
                    b9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C4:66:4B:58:AB:8F:23:90:FD:1F:CE:7D:0A:D0:64:3D:51:45:6F
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/G8RmS1irjyOQ_R_OfQrQZD1RRW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.252.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:1a:be:ae:71:51:a8:0f:83:3d:5d:45:60:ef:bf:d1:17:bc:
         2d:06:8a:c7:00:be:fd:6c:10:b3:ce:ad:50:b1:49:e3:f1:eb:
         4e:0a:40:d3:a9:bc:ce:5d:44:f0:89:6b:ec:6d:3b:78:5b:9d:
         1f:53:47:ab:f9:1e:6b:65:c4:96:79:35:c5:70:b9:df:83:1f:
         1d:ca:a9:b0:96:5a:cb:bd:1a:e1:bb:7e:a7:1b:c3:9d:93:f1:
         5b:5a:66:a5:3c:fa:14:f7:da:18:d6:70:fb:f1:6f:7f:9c:3b:
         2d:76:95:0b:34:b0:ba:ec:e4:db:03:54:c0:69:06:d3:2d:aa:
         b0:5a:e4:89:e2:b6:5a:32:fa:d7:5e:17:0d:01:db:bf:3e:bc:
         1a:76:cc:d3:20:50:5e:8a:a2:bb:04:73:4c:d1:fd:fd:c9:9b:
         78:5e:cf:2b:ac:16:22:9e:c9:c9:4e:7d:69:f4:d3:d4:ec:f3:
         be:ea:30:1b:0f:82:49:58:01:01:fa:30:8b:f5:fd:10:85:70:
         e1:22:0e:25:0d:e2:38:cb:15:ea:d8:dd:20:cd:6f:cc:35:4b:
         7f:8c:c7:38:62:e7:47:dd:b6:f6:20:a4:a5:20:93:b3:cd:eb:
         29:6b:5f:28:b2:7e:b5:93:2c:c8:76:81:75:61:b2:90:e3:83:
         5d:69:bb:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEklIG+rsH0XNpkfyzK/mBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmM0NjY0YjU4YWI4ZjIzOTBmZDFmY2U3ZDBhZDA2NDNkNTE0NTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDkx1M1zvRkWglAJqMs6jksB1ypy
YCj3+INPLptfgGccv/9Hu4fiUsOLL7Dqk33HLeW1U22+KGuHD2Usdb8dDIDmguAo
l+tufnaUW6y5mugX+pfy7D2vPeL1EjyNnrZMlcF70ZBWOLzH9HzR39pHA5eKARfc
fW2JmeVak7hzHsVj+Co8eDtI40qPDkv8wnL3UPYNHVUiLODKaoSLfJEdmmbM6bo1
qIT6hPFYNLvuL/9pjJ5EfGBK9MZrzE9nC0HsGNrl6r/Pp3M7Tq4sXNIu25lUQGbL
zR7wy3NJCQUVo7C/prHIjX1dUpCdUQYJvUTVR9gKgXoc7FHgC93n2lO5pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvEZktYq48jkP0fzn0K0GQ9UUVvMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvRzhSbVMxaXJqeU9RX1JfT2ZRclFaRDFSUlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/zHMA0G
CSqGSIb3DQEBCwUAA4IBAQBaGr6ucVGoD4M9XUVg77/RF7wtBorHAL79bBCzzq1Q
sUnj8etOCkDTqbzOXUTwiWvsbTt4W50fU0er+R5rZcSWeTXFcLnfgx8dyqmwllrL
vRrhu36nG8Odk/FbWmalPPoU99oY1nD78W9/nDstdpULNLC67OTbA1TAaQbTLaqw
WuSJ4rZaMvrXXhcNAdu/PrwadszTIFBeiqK7BHNM0f39yZt4Xs8rrBYinsnJTn1p
9NPU7PO+6jAbD4JJWAEB+jCL9f0QhXDhIg4lDeI4yxXq2N0gzW/MNUt/jMc4YudH
3bb2IKSlIJOzzespa18osn61kyzIdoF1YbKQ44Ndabtv
-----END CERTIFICATE-----