Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/crHFxKKDWEItZ4Mk3KFnBQgUPdQ.roa
File:                     crHFxKKDWEItZ4Mk3KFnBQgUPdQ.roa (raw, json)
Hash identifier:          YlQqxFzrNSxZVRsftCMftXeYSYCoYVwKqZOipgathvM=
Subject key identifier:   72:B1:C5:C4:A2:83:58:42:2D:67:83:24:DC:A1:67:05:08:14:3D:D4
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B94182F55AAA355C88AAC40A2591DF
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/crHFxKKDWEItZ4Mk3KFnBQgUPdQ.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202439
IP address blocks:        151.237.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:41:82:f5:5a:aa:35:5c:88:aa:c4:0a:25:91:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72b1c5c4a28358422d678324dca1670508143dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:00:34:6b:3c:bd:55:45:1e:a7:ee:ba:ac:95:
                    cc:d8:ca:b5:4b:8a:6c:92:f7:dc:8f:5e:b6:64:f2:
                    5a:b0:63:f7:42:a6:7b:24:a9:73:7c:8a:ba:2d:b5:
                    f9:a7:28:3c:49:10:69:9b:4d:5d:31:89:89:95:b2:
                    9a:8a:bd:e0:c9:fe:43:66:52:1d:71:2a:c2:da:53:
                    4c:76:de:34:a4:38:04:86:23:2d:f5:09:31:7a:de:
                    f6:b3:cc:af:03:51:dc:24:f2:ed:a6:cf:15:1a:80:
                    a0:37:a6:eb:8e:9d:18:ad:2f:db:b5:d7:82:a8:63:
                    02:c1:b0:c4:d1:45:8e:50:3c:91:ec:15:aa:35:05:
                    fb:08:42:d6:b7:4a:0c:1d:a4:22:62:18:59:2d:f4:
                    b1:de:14:d9:38:71:be:d1:a8:37:e4:9b:e8:5f:ce:
                    2f:c8:82:57:ad:f5:eb:b7:96:0b:e5:90:3a:c0:6b:
                    b1:d8:32:a3:c5:f7:d9:dd:71:0e:88:ff:a7:27:21:
                    29:a1:e2:6d:da:e0:7a:60:22:6e:a7:7a:f0:f7:b2:
                    5e:15:80:c3:23:83:6d:5e:d7:15:a4:f3:5e:1a:65:
                    26:c9:64:5c:c3:e4:44:9a:af:14:6d:67:18:1a:c3:
                    13:e5:f5:0f:24:34:a3:d9:c8:0b:6c:45:b1:56:83:
                    a9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B1:C5:C4:A2:83:58:42:2D:67:83:24:DC:A1:67:05:08:14:3D:D4
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/crHFxKKDWEItZ4Mk3KFnBQgUPdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:8e:f7:eb:a0:4f:06:f5:7b:26:0e:08:2f:97:3a:aa:ef:30:
         56:13:0d:bc:0c:d4:69:3d:6f:af:8f:17:22:61:77:de:51:66:
         ca:3c:26:e3:ae:bd:0b:cb:fc:d5:46:76:49:f9:ca:ad:07:0b:
         84:0c:2b:28:15:f5:c5:3a:ae:c8:4f:79:f2:de:97:b3:12:db:
         b1:d5:38:a0:f9:27:ce:33:1c:8a:e1:91:4a:98:62:61:70:fb:
         99:98:41:39:a0:5b:ce:0d:2b:78:12:b0:1c:ad:24:a3:7f:86:
         3b:52:ab:15:78:d4:78:71:c4:70:8f:c5:5e:df:b8:5a:32:4c:
         28:4c:c8:32:61:54:c7:e1:d2:e6:b4:c5:ee:36:d2:c2:3a:b9:
         f2:d1:7f:c3:af:f0:ed:5a:50:5e:0b:8e:6a:dd:71:7d:d7:87:
         60:26:75:59:a9:8d:16:a6:81:ba:a8:a6:23:8c:98:f1:1f:1e:
         f3:2d:16:ce:39:eb:f2:a8:e2:d3:4e:09:44:5a:77:58:0b:97:
         9a:41:56:65:6e:ad:a0:88:07:68:cd:9f:b4:99:ab:1d:da:d1:
         58:08:00:0b:4a:51:13:ee:ed:ca:1f:55:24:06:13:19:d4:50:
         32:f2:08:bd:b4:94:11:10:de:b0:8d:9a:96:6c:78:09:22:1e:
         8a:31:6e:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUGC9VqqNVyIqsQKJZHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmIxYzVjNGEyODM1ODQyMmQ2NzgzMjRkY2ExNjcwNTA4MTQzZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQA0azy9VUUep+66rJXM2Mq1S4ps
kvfcj162ZPJasGP3QqZ7JKlzfIq6LbX5pyg8SRBpm01dMYmJlbKair3gyf5DZlId
cSrC2lNMdt40pDgEhiMt9Qkxet72s8yvA1HcJPLtps8VGoCgN6brjp0YrS/btdeC
qGMCwbDE0UWOUDyR7BWqNQX7CELWt0oMHaQiYhhZLfSx3hTZOHG+0ag35JvoX84v
yIJXrfXrt5YL5ZA6wGux2DKjxffZ3XEOiP+nJyEpoeJt2uB6YCJup3rw97JeFYDD
I4NtXtcVpPNeGmUmyWRcw+REmq8UbWcYGsMT5fUPJDSj2cgLbEWxVoOpPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKxxcSig1hCLWeDJNyhZwUIFD3UMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvY3JIRnhLS0RXRUl0WjRNazNLRm5CUWdVUGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl+2KMA0G
CSqGSIb3DQEBCwUAA4IBAQB2jvfroE8G9XsmDggvlzqq7zBWEw28DNRpPW+vjxci
YXfeUWbKPCbjrr0Ly/zVRnZJ+cqtBwuEDCsoFfXFOq7IT3ny3pezEtux1Tig+SfO
MxyK4ZFKmGJhcPuZmEE5oFvODSt4ErAcrSSjf4Y7UqsVeNR4ccRwj8Ve37haMkwo
TMgyYVTH4dLmtMXuNtLCOrny0X/Dr/DtWlBeC45q3XF914dgJnVZqY0WpoG6qKYj
jJjxHx7zLRbOOevyqOLTTglEWndYC5eaQVZlbq2giAdozZ+0masd2tFYCAALSlET
7u3KH1UkBhMZ1FAy8gi9tJQREN6wjZqWbHgJIh6KMW4K
-----END CERTIFICATE-----