Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/JYKZrodAh5fBLPq29fgBE7aqOeo.roa
File:                     JYKZrodAh5fBLPq29fgBE7aqOeo.roa (raw, json)
Hash identifier:          Xc7SsDG7o0JgFEpS0IDig/XgivB0nacVv74xCspnek8=
Subject key identifier:   25:82:99:AE:87:40:87:97:C1:2C:FA:B6:F5:F8:01:13:B6:AA:39:EA
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F092F5128155504654377D2A65C6E
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/JYKZrodAh5fBLPq29fgBE7aqOeo.roa
Signing time:             Thu 02 Jan 2025 05:48:38 +0000
ROA not before:           Thu 02 Jan 2025 05:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206004
IP address blocks:        151.237.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:09:2f:51:28:15:55:04:65:43:77:d2:a6:5c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=258299ae87408797c12cfab6f5f80113b6aa39ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4a:df:2c:a0:80:67:c5:83:f4:52:73:d5:7d:
                    3e:a3:1d:7d:6b:25:a7:93:54:22:02:b6:01:ce:da:
                    3f:24:ad:13:24:0c:45:36:f8:8c:c8:a0:32:9c:7a:
                    a7:65:26:87:f3:13:b3:70:25:14:88:01:10:1b:3f:
                    04:54:49:73:a9:21:31:b4:c6:ec:b1:65:53:2c:de:
                    fe:0b:e7:1a:3d:1e:18:fe:04:29:5a:74:b7:2a:cc:
                    75:23:7d:20:fb:86:8d:ba:23:08:47:05:d0:ee:8f:
                    49:eb:eb:d9:08:6d:1f:c9:a5:65:dd:33:2a:6b:2f:
                    dd:62:74:11:91:ca:83:68:48:0b:16:2c:31:d9:79:
                    a3:65:92:2d:8d:da:42:2d:66:c1:d7:ee:9c:38:4a:
                    81:0d:02:25:a0:fb:4b:2c:9c:ca:c8:9d:53:d1:6b:
                    40:eb:77:0b:84:9c:68:d3:52:fe:93:34:50:7b:48:
                    0e:b2:e6:6f:70:9a:3b:0e:04:15:15:bf:10:10:ec:
                    ff:5d:2d:37:9c:76:5a:ab:e5:48:86:25:0a:7e:d3:
                    97:ad:89:94:2e:aa:7b:0a:5e:8f:b3:bd:22:f1:29:
                    60:a2:3e:1e:99:fa:fd:14:30:de:7e:da:be:93:de:
                    49:6e:41:a5:c9:64:83:74:d7:f6:35:96:d0:fe:07:
                    1c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:82:99:AE:87:40:87:97:C1:2C:FA:B6:F5:F8:01:13:B6:AA:39:EA
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/JYKZrodAh5fBLPq29fgBE7aqOeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:0b:44:8c:f7:45:95:f0:0c:cc:c1:81:ee:89:87:9e:cb:c4:
         be:83:d8:44:6e:cc:b8:62:86:f9:46:3e:73:b9:a3:ea:de:11:
         7a:d6:1d:c8:b1:5d:a0:b9:18:18:a0:48:c8:93:f1:cd:1b:8e:
         9e:c5:05:1d:c1:cf:f7:6f:c5:01:a7:71:a0:17:88:a4:f0:1d:
         a2:04:11:1c:9f:06:35:08:c6:b1:e7:4f:c9:25:65:1d:2d:41:
         fb:fb:07:2a:17:06:87:0c:16:0b:f9:18:4e:26:ff:1e:f2:e7:
         32:1c:27:42:a3:67:af:3c:1a:5a:cf:f9:ae:17:65:16:5b:e0:
         bb:1d:c1:4d:5a:4c:67:84:b8:4b:a6:b1:59:2f:5c:8c:0c:d8:
         d9:89:b4:c1:2c:f8:68:1d:a2:c7:e3:4e:59:77:23:54:84:29:
         ce:54:8e:fa:47:8b:25:61:e4:b9:38:75:fe:b8:73:2c:ca:01:
         48:de:f7:39:23:cb:4c:24:9e:87:22:9b:d4:dc:50:18:37:cd:
         95:aa:78:fb:df:20:24:8f:af:03:50:6d:30:3a:78:ff:28:38:
         df:58:04:13:b9:9f:9e:a7:3d:54:3d:58:45:63:c6:ff:e0:a4:
         9f:a9:1c:6d:dd:e9:64:af:e8:bf:60:e5:ff:e3:15:00:d3:9f:
         cd:51:e4:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwkvUSgVVQRlQ3fSplxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTgyOTlhZTg3NDA4Nzk3YzEyY2ZhYjZmNWY4MDExM2I2YWEzOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0rfLKCAZ8WD9FJz1X0+ox19ayWn
k1QiArYBzto/JK0TJAxFNviMyKAynHqnZSaH8xOzcCUUiAEQGz8EVElzqSExtMbs
sWVTLN7+C+caPR4Y/gQpWnS3Ksx1I30g+4aNuiMIRwXQ7o9J6+vZCG0fyaVl3TMq
ay/dYnQRkcqDaEgLFiwx2XmjZZItjdpCLWbB1+6cOEqBDQIloPtLLJzKyJ1T0WtA
63cLhJxo01L+kzRQe0gOsuZvcJo7DgQVFb8QEOz/XS03nHZaq+VIhiUKftOXrYmU
Lqp7Cl6Ps70i8Slgoj4emfr9FDDeftq+k95JbkGlyWSDdNf2NZbQ/gccuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWCma6HQIeXwSz6tvX4ARO2qjnqMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvSllLWnJvZEFoNWZCTFBxMjlmZ0JFN2FxT2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+0eMA0G
CSqGSIb3DQEBCwUAA4IBAQDfC0SM90WV8AzMwYHuiYeey8S+g9hEbsy4Yob5Rj5z
uaPq3hF61h3IsV2guRgYoEjIk/HNG46exQUdwc/3b8UBp3GgF4ik8B2iBBEcnwY1
CMax50/JJWUdLUH7+wcqFwaHDBYL+RhOJv8e8ucyHCdCo2evPBpaz/muF2UWW+C7
HcFNWkxnhLhLprFZL1yMDNjZibTBLPhoHaLH405ZdyNUhCnOVI76R4slYeS5OHX+
uHMsygFI3vc5I8tMJJ6HIpvU3FAYN82Vqnj73yAkj68DUG0wOnj/KDjfWAQTuZ+e
pz1UPVhFY8b/4KSfqRxt3elkr+i/YOX/4xUA05/NUeSm
-----END CERTIFICATE-----