Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/2F-LML9rBnBG08N1tLGP39G8ps4.roa
File:                     2F-LML9rBnBG08N1tLGP39G8ps4.roa (raw, json)
Hash identifier:          d7AOReljssuypAE0DmU/LuL6jKnIf1g5hD50Cp5jJ7I=
Subject key identifier:   D8:5F:8B:30:BF:6B:06:70:46:D3:C3:75:B4:B1:8F:DF:D1:BC:A6:CE
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       018CC56E631BAD0AC2625C23EF0431FEDAE6
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/2F-LML9rBnBG08N1tLGP39G8ps4.roa
Signing time:             Mon 01 Jan 2024 14:29:54 +0000
ROA not before:           Mon 01 Jan 2024 14:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        151.248.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:63:1b:ad:0a:c2:62:5c:23:ef:04:31:fe:da:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  1 14:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d85f8b30bf6b067046d3c375b4b18fdfd1bca6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0a:94:67:18:c4:9b:22:34:e8:98:04:f6:5a:
                    d8:7c:e7:c4:35:e3:fe:10:90:c3:fe:4a:b5:22:da:
                    f6:c8:86:33:b4:65:6b:7a:3e:5f:b8:35:6e:9f:5a:
                    e2:48:59:89:7d:c7:59:5c:ce:57:9c:66:1f:bd:5a:
                    d5:e7:cf:aa:36:ae:3f:82:aa:43:ac:70:f4:fc:5c:
                    8c:c7:a4:b0:37:84:8a:bb:23:2c:8f:fb:54:48:e2:
                    e7:8e:ba:c0:36:6d:ce:ee:54:66:35:7d:3c:a6:7e:
                    5f:8b:7e:95:76:88:f9:74:6a:cf:f4:93:33:67:e5:
                    eb:6b:a3:7e:78:f1:42:c9:40:2c:d2:be:6e:63:9c:
                    b5:b9:df:71:2c:c9:0f:f4:56:72:62:ec:9c:b4:84:
                    fe:b2:82:32:73:42:ae:4e:cd:92:b7:2f:1d:e7:c7:
                    e0:bf:21:06:3d:22:7d:8b:7e:31:11:40:51:87:bf:
                    2b:5a:0c:a2:84:12:97:a0:7a:14:22:46:aa:79:20:
                    90:86:d9:65:a9:4d:48:d3:d3:d0:0c:b3:1c:18:62:
                    4d:a6:34:08:ab:14:f9:a8:66:14:27:21:70:01:16:
                    0e:a2:91:b1:2b:98:c6:82:55:6c:15:b4:f7:de:2f:
                    59:26:ab:45:c0:4a:97:a6:6f:56:aa:14:be:98:9d:
                    1e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:5F:8B:30:BF:6B:06:70:46:D3:C3:75:B4:B1:8F:DF:D1:BC:A6:CE
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/2F-LML9rBnBG08N1tLGP39G8ps4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:27:23:c5:50:f1:b5:81:d0:cd:7b:ea:0b:9e:0a:b0:ef:f9:
         85:fb:38:48:f9:a3:22:5f:3d:d8:94:eb:71:86:a4:90:20:5a:
         be:9b:b8:74:bb:12:24:cd:13:31:64:8d:4a:a2:53:89:27:0b:
         2b:3b:df:a1:9e:cc:80:c5:8d:de:72:e4:2d:2e:2e:5d:ba:d2:
         82:a1:38:2a:a2:83:be:66:26:9a:dc:82:fb:71:0b:23:5f:20:
         b9:cd:f8:cf:51:47:50:10:2b:f3:3b:d6:71:8a:e8:52:6a:83:
         2f:7e:c3:00:5a:16:4c:e9:ac:34:1c:6d:8d:6a:84:d0:de:58:
         ca:27:35:fa:8d:0f:b5:12:4d:01:ff:f8:4f:0e:a3:e3:dd:65:
         c2:b0:18:99:bb:56:13:e1:e0:64:48:b0:0d:f2:d5:6a:08:ca:
         3c:58:f4:11:ed:f1:ef:64:05:9b:4a:1c:b1:68:fe:f7:6d:d5:
         c0:0b:b2:9a:97:91:2a:e4:fc:8f:45:44:6b:b7:7e:2b:44:01:
         ba:6f:05:5c:5d:61:ae:1e:7e:8a:a7:d2:6e:31:b7:4f:c0:84:
         5d:fc:aa:97:65:ef:19:0d:e9:de:25:1a:ea:fb:b6:15:4c:04:
         2b:56:9c:99:ad:fa:82:09:e7:0b:45:80:34:29:c1:c3:15:8b:
         9e:1a:7b:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmMbrQrCYlwj7wQx/trmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjQwMTAxMTQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODVmOGIzMGJmNmIwNjcwNDZkM2MzNzViNGIxOGZkZmQxYmNhNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgqUZxjEmyI06JgE9lrYfOfENeP+
EJDD/kq1Itr2yIYztGVrej5fuDVun1riSFmJfcdZXM5XnGYfvVrV58+qNq4/gqpD
rHD0/FyMx6SwN4SKuyMsj/tUSOLnjrrANm3O7lRmNX08pn5fi36Vdoj5dGrP9JMz
Z+Xra6N+ePFCyUAs0r5uY5y1ud9xLMkP9FZyYuyctIT+soIyc0KuTs2Sty8d58fg
vyEGPSJ9i34xEUBRh78rWgyihBKXoHoUIkaqeSCQhtllqU1I09PQDLMcGGJNpjQI
qxT5qGYUJyFwARYOopGxK5jGglVsFbT33i9ZJqtFwEqXpm9WqhS+mJ0e+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhfizC/awZwRtPDdbSxj9/RvKbOMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvMkYtTE1MOXJCbkJHMDhOMXRMR1AzOUc4cHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/gNMA0G
CSqGSIb3DQEBCwUAA4IBAQBhJyPFUPG1gdDNe+oLngqw7/mF+zhI+aMiXz3YlOtx
hqSQIFq+m7h0uxIkzRMxZI1KolOJJwsrO9+hnsyAxY3ecuQtLi5dutKCoTgqooO+
Ziaa3IL7cQsjXyC5zfjPUUdQECvzO9ZxiuhSaoMvfsMAWhZM6aw0HG2NaoTQ3ljK
JzX6jQ+1Ek0B//hPDqPj3WXCsBiZu1YT4eBkSLAN8tVqCMo8WPQR7fHvZAWbShyx
aP73bdXAC7Kal5Eq5PyPRURrt34rRAG6bwVcXWGuHn6Kp9JuMbdPwIRd/KqXZe8Z
DeneJRrq+7YVTAQrVpyZrfqCCecLRYA0KcHDFYueGnvR
-----END CERTIFICATE-----