Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/jQM51IZcjerISd0Wt_BoX5zKmtg.roa
File:                     jQM51IZcjerISd0Wt_BoX5zKmtg.roa (raw, json)
Hash identifier:          e+QxfeCvlvjUKCXGaDmMtQ21Sd/S6NoBwjbExsqfAIc=
Subject key identifier:   8D:03:39:D4:86:5C:8D:EA:C8:49:DD:16:B7:F0:68:5F:9C:CA:9A:D8
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F080C8227B7CE03F2FEC922C41D7C
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/jQM51IZcjerISd0Wt_BoX5zKmtg.roa
Signing time:             Thu 02 Jan 2025 05:48:38 +0000
ROA not before:           Thu 02 Jan 2025 05:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204554
IP address blocks:        151.237.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:08:0c:82:27:b7:ce:03:f2:fe:c9:22:c4:1d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d0339d4865c8deac849dd16b7f0685f9cca9ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:85:5e:27:61:6d:67:33:2c:f4:94:57:e9:68:
                    53:5b:41:2d:fd:48:e7:4f:2d:9f:2c:60:d6:69:9b:
                    e8:3c:f9:12:de:11:a9:86:9f:75:30:e7:38:b8:8b:
                    17:18:d1:49:85:e4:7f:39:c8:c5:51:d9:2e:a2:fb:
                    58:c4:b1:72:a2:fd:71:4b:73:75:a0:22:21:a4:d2:
                    34:56:df:b9:da:71:3d:98:4b:17:14:8c:02:12:e3:
                    57:3e:49:75:d9:e6:18:e5:0c:4c:4a:a8:cc:c2:26:
                    e3:35:4a:78:00:75:2e:14:3d:3f:1c:2c:ce:3e:63:
                    3d:45:f2:a8:67:8b:ce:85:c1:58:0b:84:3d:3a:82:
                    62:d2:47:2f:f3:9a:2e:81:7c:37:50:68:91:7a:05:
                    53:c3:c9:84:b6:fb:14:37:d1:4e:26:c4:50:57:9d:
                    fa:bf:09:5f:a3:80:0b:23:a5:53:19:ae:41:96:d7:
                    cb:7d:f6:01:4f:b6:b3:61:a6:28:e0:ff:05:76:ec:
                    d0:4b:3c:e7:80:32:97:29:da:7b:e6:3a:6f:29:3f:
                    c2:32:cf:84:90:ad:0e:36:6c:0e:af:c0:03:f9:3f:
                    c1:2a:aa:dd:e4:95:30:7f:6f:d5:22:76:26:38:96:
                    a7:df:5a:c6:6b:6d:7f:ca:48:76:1f:92:34:c8:e5:
                    cc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:03:39:D4:86:5C:8D:EA:C8:49:DD:16:B7:F0:68:5F:9C:CA:9A:D8
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/jQM51IZcjerISd0Wt_BoX5zKmtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:6e:05:08:95:be:b5:18:bb:f3:de:f9:f4:e1:43:ee:84:c2:
         3a:4d:72:4a:86:a6:d9:35:01:0d:45:22:df:ef:bc:b0:35:86:
         87:12:90:dd:8a:c5:50:31:39:6f:f7:13:73:02:d9:93:73:d4:
         91:7f:8a:a8:ef:a1:51:70:db:b9:45:68:c3:7b:4a:50:af:f2:
         9b:b2:04:62:68:68:dc:ff:c8:91:d4:97:1f:00:14:18:17:a2:
         e7:f6:d5:10:51:f7:97:30:5f:5b:6c:c5:ec:fb:06:7a:23:0f:
         0d:ed:7d:27:5f:b8:ae:70:05:8e:40:21:c7:bc:00:f2:28:69:
         98:6c:40:1c:67:60:cd:34:b6:a7:4a:db:79:41:f2:52:33:64:
         7c:e3:8e:44:25:09:22:d6:d5:39:8e:f9:b5:4d:e4:1d:e1:93:
         b3:51:84:a5:7a:63:5c:95:b9:22:7b:bb:f3:88:a6:dd:2c:95:
         61:62:e9:10:5b:05:9f:ab:82:7b:0a:d0:d0:24:a4:28:7a:e5:
         9b:ac:e8:32:0f:d7:c0:d1:4a:76:ad:34:e7:79:36:02:b0:cd:
         34:d5:6b:b9:b3:6f:e8:05:98:5a:cd:66:d5:20:16:12:65:02:
         53:7c:71:8b:e6:a3:bd:51:7c:9e:f7:c6:24:6e:62:c2:c0:a4:
         87:5c:2c:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwgMgie3zgPy/skixB18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDAzMzlkNDg2NWM4ZGVhYzg0OWRkMTZiN2YwNjg1ZjljY2E5YWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oVeJ2FtZzMs9JRX6WhTW0Et/Ujn
Ty2fLGDWaZvoPPkS3hGphp91MOc4uIsXGNFJheR/OcjFUdkuovtYxLFyov1xS3N1
oCIhpNI0Vt+52nE9mEsXFIwCEuNXPkl12eYY5QxMSqjMwibjNUp4AHUuFD0/HCzO
PmM9RfKoZ4vOhcFYC4Q9OoJi0kcv85ougXw3UGiRegVTw8mEtvsUN9FOJsRQV536
vwlfo4ALI6VTGa5BltfLffYBT7azYaYo4P8FduzQSzzngDKXKdp75jpvKT/CMs+E
kK0ONmwOr8AD+T/BKqrd5JUwf2/VInYmOJan31rGa21/ykh2H5I0yOXMLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0DOdSGXI3qyEndFrfwaF+cyprYMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvalFNNTFJWmNqZXJJU2QwV3RfQm9YNXpLbXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+0cMA0G
CSqGSIb3DQEBCwUAA4IBAQCQbgUIlb61GLvz3vn04UPuhMI6TXJKhqbZNQENRSLf
77ywNYaHEpDdisVQMTlv9xNzAtmTc9SRf4qo76FRcNu5RWjDe0pQr/KbsgRiaGjc
/8iR1JcfABQYF6Ln9tUQUfeXMF9bbMXs+wZ6Iw8N7X0nX7iucAWOQCHHvADyKGmY
bEAcZ2DNNLanStt5QfJSM2R8445EJQki1tU5jvm1TeQd4ZOzUYSlemNclbkie7vz
iKbdLJVhYukQWwWfq4J7CtDQJKQoeuWbrOgyD9fA0Up2rTTneTYCsM001Wu5s2/o
BZhazWbVIBYSZQJTfHGL5qO9UXye98YkbmLCwKSHXCxY
-----END CERTIFICATE-----