Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/WaGWJHkOJ2XdlJD4Y23Mf4gbXIo.roa
File:                     WaGWJHkOJ2XdlJD4Y23Mf4gbXIo.roa (raw, json)
Hash identifier:          arkxA9sMKAp7ZZAm0DMymACBM/fjhdBMwXepR/m4a/E=
Subject key identifier:   59:A1:96:24:79:0E:27:65:DD:94:90:F8:63:6D:CC:7F:88:1B:5C:8A
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F0C3956AFCE3842401FA3102F8103
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/WaGWJHkOJ2XdlJD4Y23Mf4gbXIo.roa
Signing time:             Thu 02 Jan 2025 05:48:39 +0000
ROA not before:           Thu 02 Jan 2025 05:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209850
IP address blocks:        151.237.68.0/24 maxlen: 24
                          151.237.69.0/24 maxlen: 24
                          151.237.70.0/24 maxlen: 24
                          151.237.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0c:39:56:af:ce:38:42:40:1f:a3:10:2f:81:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59a19624790e2765dd9490f8636dcc7f881b5c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fa:e7:9a:10:21:80:eb:66:ae:14:e4:8e:16:
                    55:72:ef:46:3b:7e:52:64:b9:12:02:ae:cd:bf:58:
                    c0:e2:c2:52:6f:bb:fa:52:f9:6f:4e:af:4a:e5:dd:
                    8f:75:47:3c:c9:01:12:87:22:71:f6:05:71:11:ad:
                    73:19:09:f9:74:c6:43:1a:d1:aa:d3:ee:28:e8:8a:
                    6e:e6:2d:f7:bb:8d:a3:ef:74:c2:5f:72:ce:5c:59:
                    b8:d3:0e:4c:f3:ca:87:7b:0e:a1:a1:62:cc:11:d2:
                    0a:32:af:b6:81:b8:9e:8a:94:02:f8:26:74:31:5b:
                    69:5f:5d:22:aa:94:59:ac:34:ba:f8:11:dd:3f:fd:
                    01:86:ff:c8:2d:0a:5d:a8:be:47:85:40:a9:3c:8a:
                    80:5e:c1:af:90:21:75:a1:04:35:93:29:97:45:94:
                    75:0d:ca:d5:ba:aa:ea:11:2b:34:fd:f7:b0:9b:44:
                    c1:3d:35:d7:c1:4d:15:2e:19:90:8d:7b:9e:67:0f:
                    a1:53:b5:dd:4a:11:52:eb:b7:bf:8e:3e:ec:51:b5:
                    37:ac:f7:76:a2:66:6b:b6:bf:9c:e3:66:79:aa:3c:
                    d9:91:75:75:bf:2d:26:9e:58:88:af:72:ba:27:b0:
                    c1:5c:2c:89:bf:5f:d5:f6:bc:5c:37:3b:46:ad:e6:
                    6e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A1:96:24:79:0E:27:65:DD:94:90:F8:63:6D:CC:7F:88:1B:5C:8A
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/WaGWJHkOJ2XdlJD4Y23Mf4gbXIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:a9:cd:6e:89:ce:f9:cb:60:98:a6:b8:39:43:a2:d9:4f:98:
         08:5e:1d:24:cc:41:d0:17:1e:5f:2f:60:15:b8:4b:25:1b:75:
         79:9f:ca:94:50:9e:58:0e:00:4d:44:94:5a:ad:7b:8f:e0:7a:
         3f:fb:7c:e8:4e:db:a9:5d:09:31:45:f1:33:2d:da:c4:93:57:
         8a:bb:9b:61:e4:f2:7c:82:bd:46:66:d1:86:48:28:25:86:26:
         bd:61:01:95:ee:76:f7:b5:e0:48:f6:b4:32:0a:ab:8e:2c:c1:
         14:7a:8d:93:90:32:c8:61:9d:b6:06:5f:e9:d5:50:88:b5:d5:
         ca:23:94:01:57:76:82:68:d3:b8:cd:11:1c:1b:c5:4a:18:db:
         47:e7:2b:f7:96:f9:76:cd:b4:31:98:48:48:cf:f2:9a:1e:48:
         f3:fd:4e:94:51:c8:5a:8b:8a:f8:ca:35:fa:09:af:5c:37:b9:
         b1:db:96:03:9a:f4:95:a1:1c:b0:a1:cb:02:aa:89:1c:c4:82:
         2c:82:19:56:94:ff:ca:8e:e5:9f:77:b6:18:f2:e1:26:ea:92:
         6c:5c:54:96:b4:8d:80:93:b0:13:34:38:b3:05:b6:47:58:9b:
         c6:2a:81:0e:dc:ef:7c:a7:03:af:c1:19:7b:6a:34:cd:00:1c:
         73:92:1f:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljww5Vq/OOEJAH6MQL4EDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWExOTYyNDc5MGUyNzY1ZGQ5NDkwZjg2MzZkY2M3Zjg4MWI1YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufrnmhAhgOtmrhTkjhZVcu9GO35S
ZLkSAq7Nv1jA4sJSb7v6UvlvTq9K5d2PdUc8yQEShyJx9gVxEa1zGQn5dMZDGtGq
0+4o6Ipu5i33u42j73TCX3LOXFm40w5M88qHew6hoWLMEdIKMq+2gbieipQC+CZ0
MVtpX10iqpRZrDS6+BHdP/0Bhv/ILQpdqL5HhUCpPIqAXsGvkCF1oQQ1kymXRZR1
DcrVuqrqESs0/fewm0TBPTXXwU0VLhmQjXueZw+hU7XdShFS67e/jj7sUbU3rPd2
omZrtr+c42Z5qjzZkXV1vy0mnliIr3K6J7DBXCyJv1/V9rxcNztGreZuywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmhliR5Didl3ZSQ+GNtzH+IG1yKMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvV2FHV0pIa09KMlhkbEpENFkyM01mNGdiWElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl+1EMA0G
CSqGSIb3DQEBCwUAA4IBAQB3qc1uic75y2CYprg5Q6LZT5gIXh0kzEHQFx5fL2AV
uEslG3V5n8qUUJ5YDgBNRJRarXuP4Ho/+3zoTtupXQkxRfEzLdrEk1eKu5th5PJ8
gr1GZtGGSCglhia9YQGV7nb3teBI9rQyCquOLMEUeo2TkDLIYZ22Bl/p1VCItdXK
I5QBV3aCaNO4zREcG8VKGNtH5yv3lvl2zbQxmEhIz/KaHkjz/U6UUchai4r4yjX6
Ca9cN7mx25YDmvSVoRywocsCqokcxIIsghlWlP/KjuWfd7YY8uEm6pJsXFSWtI2A
k7ATNDizBbZHWJvGKoEO3O98pwOvwRl7ajTNABxzkh+K
-----END CERTIFICATE-----