Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/EuXBsxT6fHYkzx5hbTCzn9hN0Bw.roa
File:                     EuXBsxT6fHYkzx5hbTCzn9hN0Bw.roa (raw, json)
Hash identifier:          Z/8TOvo1+NVtrNHmRd/xH/G2JflHzAT4bCTdx/hWOw4=
Subject key identifier:   12:E5:C1:B3:14:FA:7C:76:24:CF:1E:61:6D:30:B3:9F:D8:4D:D0:1C
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B9489E72BFFD1DF05894777E28AD53
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/EuXBsxT6fHYkzx5hbTCzn9hN0Bw.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211159
IP address blocks:        151.237.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:48:9e:72:bf:fd:1d:f0:58:94:77:7e:28:ad:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12e5c1b314fa7c7624cf1e616d30b39fd84dd01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d9:f7:eb:c3:3a:1b:0a:b0:5d:b1:fe:cb:65:
                    23:70:d9:dc:51:e4:7a:85:55:89:dc:e4:fd:bb:10:
                    7d:fa:8c:a7:7c:37:1e:db:16:ae:b7:7b:1b:6d:31:
                    97:fb:da:99:fa:99:c8:95:e0:3f:45:d2:5a:d2:5a:
                    c5:8d:ce:c2:91:66:00:22:f1:33:67:34:8a:f5:da:
                    95:96:42:a7:87:e3:a5:5b:41:b4:fa:cb:10:33:19:
                    28:76:87:ba:0e:6b:72:70:9c:c1:1e:bc:92:2e:5e:
                    6c:f6:0e:e2:55:2d:9e:11:f1:d8:06:39:bb:ac:16:
                    00:4c:1f:ba:72:5c:e7:1c:cd:44:c7:3f:80:16:3c:
                    4d:7d:b1:e9:6f:8e:92:1d:93:ce:c5:ee:c0:a1:cb:
                    3d:8c:d7:eb:77:2b:b5:75:12:f1:12:cb:30:48:25:
                    a7:6b:b2:7d:52:43:28:49:3f:c9:1c:54:48:81:fd:
                    88:b6:85:8f:7d:32:7f:2a:3f:31:6e:39:b3:76:96:
                    d5:0d:62:f2:12:12:d9:a8:37:9d:2d:50:28:ad:0f:
                    1e:00:42:12:c9:24:a8:f3:48:2b:ef:10:59:e9:6b:
                    ef:4f:c8:51:ff:9b:cd:59:25:14:cc:aa:e3:96:29:
                    f5:db:b0:32:e7:37:23:e4:ea:fd:cf:70:b2:d9:7a:
                    2b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:E5:C1:B3:14:FA:7C:76:24:CF:1E:61:6D:30:B3:9F:D8:4D:D0:1C
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/EuXBsxT6fHYkzx5hbTCzn9hN0Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:eb:c3:75:a2:6b:61:4c:8d:6b:d3:07:4f:fb:ad:9c:53:79:
         04:90:6d:e3:e9:3c:98:0d:a9:bb:ef:e7:a1:c6:f4:df:87:62:
         4b:52:a7:fb:ea:0e:bb:49:50:d4:27:29:0d:c5:56:86:36:4e:
         ea:7b:94:2c:da:d9:c4:52:ec:50:5a:07:e6:db:b3:88:a2:d2:
         b6:a6:18:92:18:78:04:53:c1:b6:50:a7:be:4f:56:84:df:37:
         97:bd:00:4a:2e:58:48:bf:ab:8f:87:ac:17:99:e0:c6:9f:f6:
         e6:a2:42:6a:ef:f0:be:09:7a:5f:99:76:c8:da:22:82:8e:48:
         60:37:5d:89:95:68:2b:0e:82:d2:75:80:fc:3d:e7:83:17:56:
         fa:63:6c:49:11:70:95:11:0b:fa:45:5d:26:df:89:02:24:3d:
         f6:e7:09:b5:2a:0b:19:ef:18:6d:0e:97:b4:e7:14:f1:24:fb:
         38:a8:7a:e5:88:4a:4c:6f:90:2a:bb:6f:01:4f:4e:1b:76:55:
         0b:3d:ae:0a:db:2a:ca:3c:bd:f3:65:15:f4:ed:81:a8:8e:2d:
         8c:4d:de:a4:62:71:ba:38:ca:92:74:0f:8b:c9:b4:a9:bb:95:
         0b:46:82:aa:3e:67:28:f6:4d:29:f5:38:02:ae:72:dc:5d:99:
         3a:ed:a2:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUiecr/9HfBYlHd+KK1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmU1YzFiMzE0ZmE3Yzc2MjRjZjFlNjE2ZDMwYjM5ZmQ4NGRkMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktn368M6GwqwXbH+y2UjcNncUeR6
hVWJ3OT9uxB9+oynfDce2xaut3sbbTGX+9qZ+pnIleA/RdJa0lrFjc7CkWYAIvEz
ZzSK9dqVlkKnh+OlW0G0+ssQMxkodoe6DmtycJzBHrySLl5s9g7iVS2eEfHYBjm7
rBYATB+6clznHM1Exz+AFjxNfbHpb46SHZPOxe7Aocs9jNfrdyu1dRLxEsswSCWn
a7J9UkMoST/JHFRIgf2ItoWPfTJ/Kj8xbjmzdpbVDWLyEhLZqDedLVAorQ8eAEIS
ySSo80gr7xBZ6WvvT8hR/5vNWSUUzKrjlin127Ay5zcj5Or9z3Cy2XorSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLlwbMU+nx2JM8eYW0ws5/YTdAcMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvRXVYQnN4VDZmSFlreng1aGJUQ3puOWhOMEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+0YMA0G
CSqGSIb3DQEBCwUAA4IBAQCz68N1omthTI1r0wdP+62cU3kEkG3j6TyYDam77+eh
xvTfh2JLUqf76g67SVDUJykNxVaGNk7qe5Qs2tnEUuxQWgfm27OIotK2phiSGHgE
U8G2UKe+T1aE3zeXvQBKLlhIv6uPh6wXmeDGn/bmokJq7/C+CXpfmXbI2iKCjkhg
N12JlWgrDoLSdYD8PeeDF1b6Y2xJEXCVEQv6RV0m34kCJD325wm1KgsZ7xhtDpe0
5xTxJPs4qHrliEpMb5Aqu28BT04bdlULPa4K2yrKPL3zZRX07YGoji2MTd6kYnG6
OMqSdA+LybSpu5ULRoKqPmco9k0p9TgCrnLcXZk67aJi
-----END CERTIFICATE-----