Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/LjhjHyfNeWnLkeJXcC5TZU0p9uQ.roa
File:                     LjhjHyfNeWnLkeJXcC5TZU0p9uQ.roa (raw, json)
Hash identifier:          hAnqJaRbalibE8cCmnjWvExGPxHdefjq3u/G6pwOVMw=
Subject key identifier:   2E:38:63:1F:27:CD:79:69:CB:91:E2:57:70:2E:53:65:4D:29:F6:E4
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F0231F2EAB5D9CA68875AB35BAD0F
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/LjhjHyfNeWnLkeJXcC5TZU0p9uQ.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62110
IP address blocks:        151.237.78.0/23 maxlen: 23
                          151.237.78.0/24 maxlen: 24
                          151.237.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:02:31:f2:ea:b5:d9:ca:68:87:5a:b3:5b:ad:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e38631f27cd7969cb91e257702e53654d29f6e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f3:3c:84:6f:09:38:65:b0:30:2d:77:46:de:
                    df:1f:4a:5d:c0:e1:e1:48:c6:98:43:0e:59:0f:80:
                    98:fe:5c:7b:1c:23:61:72:42:cb:7d:35:93:2c:b2:
                    bc:fb:86:80:a9:88:48:98:14:9d:6c:2c:43:57:08:
                    18:e7:2e:36:04:d7:8e:3c:de:3d:0a:6c:7a:9a:66:
                    81:1e:fc:85:cb:0c:62:f4:66:fe:d7:cf:0d:33:3e:
                    c7:1b:e6:8b:ec:6c:04:38:75:98:5b:a9:6a:c9:9a:
                    cb:75:14:42:c5:c8:a3:d7:c3:85:b8:80:23:44:25:
                    fa:07:25:97:ee:e5:58:ce:23:25:5c:1e:67:02:8e:
                    54:ce:47:e7:c9:79:42:6a:36:61:2f:ba:60:ea:2d:
                    8d:1a:a3:94:b1:0c:0c:62:d2:5a:f1:8f:0a:a5:54:
                    d3:c1:a0:2f:8d:e5:4c:2b:71:ff:cc:ef:fb:7d:bc:
                    7e:f8:9d:65:94:b1:85:e2:05:9d:f7:82:33:67:62:
                    4b:2a:80:a3:97:14:35:7d:08:4e:21:05:71:a8:d6:
                    42:0c:d9:06:07:32:11:0b:a5:26:37:4a:7b:62:9d:
                    d9:e1:74:e3:51:ff:3f:9d:fe:df:86:97:00:a8:a2:
                    de:28:06:86:fc:ff:33:57:48:61:fe:53:a0:bf:21:
                    be:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:38:63:1F:27:CD:79:69:CB:91:E2:57:70:2E:53:65:4D:29:F6:E4
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/LjhjHyfNeWnLkeJXcC5TZU0p9uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:91:02:37:53:56:79:10:78:58:da:f1:9d:50:47:0e:c4:78:
         8d:f4:ab:c1:b1:d7:d5:f7:b8:6a:39:da:dc:b0:0d:b4:d2:43:
         81:dd:ef:57:3a:a1:1b:ca:38:55:05:8d:08:51:98:57:a5:b9:
         78:81:89:b6:13:56:ad:d3:1c:a8:d2:5f:b3:5d:69:81:aa:2b:
         fc:97:3c:2a:b3:15:7f:e4:db:ac:c3:13:86:9a:d2:0d:d4:0a:
         58:dc:4d:9b:a4:4b:ca:ca:99:14:82:99:7c:3c:3b:fd:f3:cd:
         91:e4:ba:c6:4d:e0:c2:88:64:a9:eb:fb:de:76:a0:ae:87:2f:
         0f:85:59:35:63:2f:94:d3:c3:7c:ec:c8:ef:28:50:ba:0a:74:
         6b:e1:a4:3a:fb:fc:65:7e:e4:3b:8f:00:50:b0:4e:85:1e:fc:
         d6:51:ae:72:f7:78:97:a6:bc:e2:5a:a6:9b:ec:e0:8b:3f:1a:
         dd:92:07:eb:77:7f:0e:9e:c0:29:33:3c:aa:dd:50:7b:f6:c5:
         5d:d8:6d:79:d3:8e:6f:d9:74:b1:2e:8b:51:d5:6a:39:2a:4b:
         fd:ae:33:fe:28:b5:f2:05:49:35:57:79:5d:70:b9:1a:5b:66:
         01:83:d1:5b:33:ce:11:e6:61:fc:c6:24:ca:16:c3:b1:0f:0f:
         65:b5:73:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwIx8uq12cpoh1qzW60PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM4NjMxZjI3Y2Q3OTY5Y2I5MWUyNTc3MDJlNTM2NTRkMjlmNmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PM8hG8JOGWwMC13Rt7fH0pdwOHh
SMaYQw5ZD4CY/lx7HCNhckLLfTWTLLK8+4aAqYhImBSdbCxDVwgY5y42BNeOPN49
Cmx6mmaBHvyFywxi9Gb+188NMz7HG+aL7GwEOHWYW6lqyZrLdRRCxcij18OFuIAj
RCX6ByWX7uVYziMlXB5nAo5UzkfnyXlCajZhL7pg6i2NGqOUsQwMYtJa8Y8KpVTT
waAvjeVMK3H/zO/7fbx++J1llLGF4gWd94IzZ2JLKoCjlxQ1fQhOIQVxqNZCDNkG
BzIRC6UmN0p7Yp3Z4XTjUf8/nf7fhpcAqKLeKAaG/P8zV0hh/lOgvyG+7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC44Yx8nzXlpy5HiV3AuU2VNKfbkMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvTGpoakh5Zk5lV25Ma2VKWGNDNVRaVTBwOXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl+1OMA0G
CSqGSIb3DQEBCwUAA4IBAQAzkQI3U1Z5EHhY2vGdUEcOxHiN9KvBsdfV97hqOdrc
sA200kOB3e9XOqEbyjhVBY0IUZhXpbl4gYm2E1at0xyo0l+zXWmBqiv8lzwqsxV/
5NuswxOGmtIN1ApY3E2bpEvKypkUgpl8PDv9882R5LrGTeDCiGSp6/vedqCuhy8P
hVk1Yy+U08N87MjvKFC6CnRr4aQ6+/xlfuQ7jwBQsE6FHvzWUa5y93iXprziWqab
7OCLPxrdkgfrd38OnsApMzyq3VB79sVd2G15045v2XSxLotR1Wo5Kkv9rjP+KLXy
BUk1V3ldcLkaW2YBg9FbM84R5mH8xiTKFsOxDw9ltXMu
-----END CERTIFICATE-----