Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/8JQcsysiOnri0kQHCtlxZWtskIc.roa
File:                     8JQcsysiOnri0kQHCtlxZWtskIc.roa (raw, json)
Hash identifier:          8uXbEXZddA7mrG0hLFGoh/Y7FsDHWEPfJhu2xn7axAU=
Subject key identifier:   F0:94:1C:B3:2B:22:3A:7A:E2:D2:44:07:0A:D9:71:65:6B:6C:90:87
Certificate issuer:       /CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
Certificate serial:       0194266C41326EE268D60845E4A221178ECF
Authority key identifier: 55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/8JQcsysiOnri0kQHCtlxZWtskIc.roa
Signing time:             Thu 02 Jan 2025 09:50:16 +0000
ROA not before:           Thu 02 Jan 2025 09:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60246
IP address blocks:        151.0.48.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:41:32:6e:e2:68:d6:08:45:e4:a2:21:17:8e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
        Validity
            Not Before: Jan  2 09:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0941cb32b223a7ae2d244070ad971656b6c9087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b2:a3:a7:36:61:c6:c0:b0:52:03:a1:11:57:
                    d5:4e:33:b5:4d:33:76:6f:97:ee:4a:e4:2d:36:52:
                    e9:fa:5c:c5:a5:fa:42:d4:b9:8d:6a:0a:cb:3e:b2:
                    b2:f8:2d:07:c8:4f:b0:4e:3e:ea:1b:7e:9b:e9:93:
                    c4:00:58:31:ad:18:78:0d:63:10:1c:8b:79:2f:27:
                    95:25:82:70:31:a5:fc:9b:3b:60:79:66:4e:bd:d5:
                    f1:07:24:63:93:04:38:1e:22:06:79:08:17:a0:b3:
                    bb:8e:57:86:21:2f:5a:5e:13:d4:96:94:b2:17:7c:
                    e0:aa:41:a2:7f:06:aa:d2:d5:97:3c:bb:db:97:81:
                    b9:51:95:89:c7:e1:cd:7f:66:77:99:51:76:c3:0d:
                    60:e4:81:26:cb:b1:13:25:3a:a5:c2:06:07:20:b3:
                    99:18:07:f7:c0:b5:7b:75:18:98:52:8d:7a:3e:ad:
                    d9:f3:86:cf:4a:4c:6f:4f:15:bf:78:9f:30:9b:45:
                    df:35:d1:4c:15:20:14:93:34:bf:b5:9e:7b:8d:c8:
                    fe:0a:cd:69:3e:4c:2b:8d:8b:ff:4a:b4:d2:68:51:
                    a4:eb:39:ea:63:0b:73:a1:8d:5e:2c:4b:95:93:c3:
                    38:c9:d7:2c:99:ac:41:21:c2:9c:42:4b:8b:08:03:
                    42:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:94:1C:B3:2B:22:3A:7A:E2:D2:44:07:0A:D9:71:65:6B:6C:90:87
            X509v3 Authority Key Identifier:
                keyid:55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/8JQcsysiOnri0kQHCtlxZWtskIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.0.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:08:58:a8:c4:d8:05:a6:f1:a2:71:86:2d:86:8a:d8:80:bd:
         f1:95:e5:38:14:61:2c:1a:0d:98:f7:33:9d:2c:19:ac:81:3a:
         85:e3:05:49:31:e1:10:d1:18:d0:63:78:e4:1d:1c:84:3a:c7:
         af:93:c1:6f:54:65:b9:d9:9c:81:49:f1:2b:3d:1c:78:a3:f8:
         9f:a3:31:8f:55:f2:2c:f1:6e:d5:2a:b9:3a:32:d6:2f:b6:ac:
         3b:d8:cd:14:7d:0c:61:74:86:c8:c5:5d:e7:32:86:0e:f2:cf:
         55:94:99:06:25:33:7c:6b:c1:a0:e3:9a:6d:b0:d9:6e:4a:24:
         04:40:7b:ce:aa:84:1e:aa:9a:72:3e:5e:7b:a9:4a:56:57:32:
         7f:64:9f:75:46:07:e0:0d:46:7c:4c:a9:9c:e1:0c:31:ab:e5:
         28:46:50:1a:16:c4:c6:3d:45:fd:14:a7:16:d8:06:d3:ec:ac:
         af:f6:8a:9e:d0:41:52:4d:56:4e:ef:17:b0:5d:b3:d0:ed:dc:
         6d:95:b9:b6:b0:eb:14:f5:4b:09:ff:74:e1:df:8f:b2:7d:aa:
         5b:82:09:66:f1:b2:33:61:37:b9:58:60:61:6c:77:41:85:42:
         97:a3:e7:31:41:2b:4d:b0:f3:58:f3:10:44:bf:60:e0:ff:88:
         0f:a3:6f:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbEEybuJo1ghF5KIhF47PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NmE1ZmEwZGNmYjM0NDMzZjliODYwZDk1ZTJjNDQyNTQ3
YzVmOWMwHhcNMjUwMTAyMDk1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDk0MWNiMzJiMjIzYTdhZTJkMjQ0MDcwYWQ5NzE2NTZiNmM5MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bKjpzZhxsCwUgOhEVfVTjO1TTN2
b5fuSuQtNlLp+lzFpfpC1LmNagrLPrKy+C0HyE+wTj7qG36b6ZPEAFgxrRh4DWMQ
HIt5LyeVJYJwMaX8mztgeWZOvdXxByRjkwQ4HiIGeQgXoLO7jleGIS9aXhPUlpSy
F3zgqkGifwaq0tWXPLvbl4G5UZWJx+HNf2Z3mVF2ww1g5IEmy7ETJTqlwgYHILOZ
GAf3wLV7dRiYUo16Pq3Z84bPSkxvTxW/eJ8wm0XfNdFMFSAUkzS/tZ57jcj+Cs1p
PkwrjYv/SrTSaFGk6znqYwtzoY1eLEuVk8M4ydcsmaxBIcKcQkuLCANCIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCUHLMrIjp64tJEBwrZcWVrbJCHMB8GA1UdIwQY
MBaAFFVqX6Dc+zRDP5uGDZXixEJUfF+cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUt
MmZkYTRjMjczYTQ4LzEvOEpRY3N5c2lPbnJpMGtRSEN0bHhaV3Rza0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUtMmZkYTRjMjczYTQ4
LzEvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClwAwMA0G
CSqGSIb3DQEBCwUAA4IBAQBYCFioxNgFpvGicYYthorYgL3xleU4FGEsGg2Y9zOd
LBmsgTqF4wVJMeEQ0RjQY3jkHRyEOsevk8FvVGW52ZyBSfErPRx4o/ifozGPVfIs
8W7VKrk6MtYvtqw72M0UfQxhdIbIxV3nMoYO8s9VlJkGJTN8a8Gg45ptsNluSiQE
QHvOqoQeqppyPl57qUpWVzJ/ZJ91RgfgDUZ8TKmc4Qwxq+UoRlAaFsTGPUX9FKcW
2AbT7Kyv9oqe0EFSTVZO7xewXbPQ7dxtlbm2sOsU9UsJ/3Th34+yfapbgglm8bIz
YTe5WGBhbHdBhUKXo+cxQStNsPNY8xBEv2Dg/4gPo29m
-----END CERTIFICATE-----