Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/IIsMDhXwH7NnyH2zaORC6lXiABo.roa
File:                     IIsMDhXwH7NnyH2zaORC6lXiABo.roa (raw, json)
Hash identifier:          V6NYrnGtciBhl6+7guRj+lLtftDHlpgOpmTb2YHC3Fk=
Subject key identifier:   20:8B:0C:0E:15:F0:1F:B3:67:C8:7D:B3:68:E4:42:EA:55:E2:00:1A
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B940008CAC84D781C288F7318296E3
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/IIsMDhXwH7NnyH2zaORC6lXiABo.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199230
IP address blocks:        151.237.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:40:00:8c:ac:84:d7:81:c2:88:f7:31:82:96:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=208b0c0e15f01fb367c87db368e442ea55e2001a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:34:1a:41:52:6c:a1:75:33:d6:81:59:f7:00:
                    df:42:89:ba:45:72:22:14:c4:27:5e:a7:d8:97:07:
                    2f:b5:b6:15:b6:d0:a1:d3:db:7e:7e:0b:f0:60:4d:
                    3d:7f:09:d6:21:4e:22:69:3c:58:84:f6:95:98:6f:
                    e6:14:da:b0:c4:96:69:fa:e2:51:61:41:80:a8:4c:
                    bf:01:b0:83:8c:b0:64:34:a9:65:d9:d9:2c:88:7f:
                    10:93:cd:7b:c9:5b:a5:3c:03:ac:3e:e8:05:1e:87:
                    65:24:37:cb:1a:7d:da:57:44:ae:ee:7d:d1:9c:20:
                    96:6f:6f:b3:1e:a1:39:68:4c:f9:98:f0:00:f3:3e:
                    ff:43:99:9f:45:66:c9:e7:fa:ab:41:b0:38:3e:98:
                    bd:d2:9a:a6:6d:4a:42:e4:13:9d:38:9d:58:11:92:
                    64:b3:b1:3d:a2:c7:8d:23:28:cb:65:c6:28:b8:5b:
                    d7:cc:75:82:33:d2:51:ad:2f:19:91:8d:bc:5c:74:
                    57:99:e1:f0:d0:7b:5d:72:6f:8a:1e:35:85:72:25:
                    7b:94:69:56:4d:44:b1:31:d4:21:0d:5d:4c:88:9b:
                    2f:d9:62:2a:58:82:99:2c:2a:7a:fc:c8:23:0d:5e:
                    05:53:b3:28:53:bd:91:dc:dd:45:c4:20:33:94:06:
                    d0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:8B:0C:0E:15:F0:1F:B3:67:C8:7D:B3:68:E4:42:EA:55:E2:00:1A
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/IIsMDhXwH7NnyH2zaORC6lXiABo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:2a:ae:c7:62:94:b2:3e:81:57:42:1f:6e:47:17:72:b1:42:
         b5:e2:a1:29:21:c9:6f:c1:9e:b5:29:f2:dd:32:21:55:69:59:
         2c:95:33:30:b8:cc:e9:10:5a:72:92:5b:c7:a3:b2:d3:72:aa:
         ad:56:6c:ee:b6:0e:a7:78:37:20:6f:d3:43:f6:4c:c6:0d:d9:
         09:e9:ef:ee:10:8b:19:29:17:d4:bf:2c:2a:20:9b:06:64:05:
         bf:7a:67:67:d1:9c:6e:13:cd:0b:6e:13:07:8f:69:93:ac:be:
         5c:c4:80:21:ef:14:ca:54:70:bd:87:bc:37:c6:a5:66:15:2b:
         d2:a4:71:12:08:83:4e:81:76:30:ed:ec:55:82:b6:a6:eb:7c:
         96:2f:5f:5b:a3:e1:5d:33:c7:06:26:ec:28:94:df:75:4f:96:
         b1:1f:19:4e:91:72:f2:20:14:29:24:a8:67:48:90:6b:94:c5:
         bb:6f:90:bf:f6:77:7b:79:f6:8b:32:ee:77:50:db:2a:b0:e5:
         73:24:7d:07:72:ab:4b:0b:24:4d:f7:5c:60:37:f5:4e:a0:0b:
         b2:87:e1:cc:f5:dc:52:cf:ef:32:26:53:93:49:a6:53:7a:71:
         92:ea:cd:63:1f:71:71:1b:16:fd:8e:d5:08:8f:b7:0c:e1:e6:
         d8:9d:3d:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUAAjKyE14HCiPcxgpbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDhiMGMwZTE1ZjAxZmIzNjdjODdkYjM2OGU0NDJlYTU1ZTIwMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzQaQVJsoXUz1oFZ9wDfQom6RXIi
FMQnXqfYlwcvtbYVttCh09t+fgvwYE09fwnWIU4iaTxYhPaVmG/mFNqwxJZp+uJR
YUGAqEy/AbCDjLBkNKll2dksiH8Qk817yVulPAOsPugFHodlJDfLGn3aV0Su7n3R
nCCWb2+zHqE5aEz5mPAA8z7/Q5mfRWbJ5/qrQbA4Ppi90pqmbUpC5BOdOJ1YEZJk
s7E9oseNIyjLZcYouFvXzHWCM9JRrS8ZkY28XHRXmeHw0Htdcm+KHjWFciV7lGlW
TUSxMdQhDV1MiJsv2WIqWIKZLCp6/MgjDV4FU7MoU72R3N1FxCAzlAbQCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCLDA4V8B+zZ8h9s2jkQupV4gAaMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvSUlzTURoWHdIN05ueUgyemFPUkM2bFhpQUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+2BMA0G
CSqGSIb3DQEBCwUAA4IBAQByKq7HYpSyPoFXQh9uRxdysUK14qEpIclvwZ61KfLd
MiFVaVkslTMwuMzpEFpyklvHo7LTcqqtVmzutg6neDcgb9ND9kzGDdkJ6e/uEIsZ
KRfUvywqIJsGZAW/emdn0ZxuE80LbhMHj2mTrL5cxIAh7xTKVHC9h7w3xqVmFSvS
pHESCINOgXYw7exVgram63yWL19bo+FdM8cGJuwolN91T5axHxlOkXLyIBQpJKhn
SJBrlMW7b5C/9nd7efaLMu53UNsqsOVzJH0HcqtLCyRN91xgN/VOoAuyh+HM9dxS
z+8yJlOTSaZTenGS6s1jH3FxGxb9jtUIj7cM4ebYnT1i
-----END CERTIFICATE-----