Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/9NXQVmlYsjW6BIiromR1Jkv7ZnY.roa
File:                     9NXQVmlYsjW6BIiromR1Jkv7ZnY.roa (raw, json)
Hash identifier:          RO3eSs9Yux2tRIek5DZwacPp1MID67DwVS0fxrd2wWE=
Subject key identifier:   F4:D5:D0:56:69:58:B2:35:BA:04:88:AB:A2:64:75:26:4B:FB:66:76
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       018CC56E6542662F6B9051F93055038F97F6
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/9NXQVmlYsjW6BIiromR1Jkv7ZnY.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200497
IP address blocks:        151.248.15.0/24 maxlen: 24
                          151.248.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:65:42:66:2f:6b:90:51:f9:30:55:03:8f:97:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4d5d0566958b235ba0488aba26475264bfb6676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ff:d3:e3:9b:8b:a0:e9:c2:50:eb:5e:cc:f7:
                    77:ae:76:3e:9a:c0:02:d6:5d:c2:39:46:04:5f:30:
                    f4:49:a9:8f:b1:5b:b2:63:06:77:0b:18:ac:d9:c6:
                    c6:65:e0:58:81:fd:95:e1:32:cf:f5:1e:cd:13:24:
                    fa:d4:2b:da:b6:7d:1f:71:66:94:d9:bd:df:17:68:
                    5e:57:10:da:57:35:6f:be:af:aa:17:94:65:7e:02:
                    65:4c:da:a5:22:fa:e0:c3:5b:fe:b6:39:76:ca:17:
                    38:6a:5d:a2:3d:6a:e2:40:dc:5c:d5:96:6e:50:b2:
                    47:94:73:c4:2a:af:76:c1:4d:61:6a:fe:5d:74:3d:
                    37:68:df:64:f4:b7:d3:31:7b:10:c2:90:ac:69:5f:
                    c9:6e:ec:fe:c1:4a:8d:c7:56:be:b6:ce:43:65:3f:
                    b0:0c:81:b0:50:9e:dd:b2:65:dd:bc:4d:1b:94:14:
                    f4:37:4e:af:f0:3e:e6:cb:bf:e9:dc:25:18:e7:79:
                    78:c6:96:b7:9a:50:72:fa:c4:00:00:6f:71:46:ea:
                    9f:95:9b:8e:db:17:f5:00:73:76:33:1b:d3:3c:c9:
                    fb:3c:10:7a:2e:d6:03:4b:4e:92:a0:f3:df:0a:96:
                    d3:77:e2:d5:83:cf:0f:32:c9:c0:50:c9:2c:68:4e:
                    12:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D5:D0:56:69:58:B2:35:BA:04:88:AB:A2:64:75:26:4B:FB:66:76
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/9NXQVmlYsjW6BIiromR1Jkv7ZnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.12.0/24
                  151.248.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:bc:69:8f:cc:e7:d6:a7:48:a8:62:98:4c:5e:27:4b:14:e0:
         63:39:fe:0c:5a:23:a8:d4:cf:31:25:12:bc:41:5f:7e:be:99:
         c6:76:cd:d3:12:91:60:f6:df:cd:a6:0f:aa:f4:c7:bc:65:f0:
         60:4e:08:9d:0a:2e:46:72:66:80:e7:ac:94:c7:16:f5:33:d8:
         5a:7f:10:d7:ba:c2:7f:8f:3c:86:aa:63:5e:36:ee:78:1a:e8:
         b0:86:a4:f0:81:78:50:ae:a8:77:9e:4a:ab:4c:2c:bf:c6:5e:
         90:4d:e5:85:00:4c:0b:ff:b3:ad:19:6b:c7:14:78:0c:b5:e6:
         cd:b4:bd:58:d6:08:90:22:0f:30:8b:0c:17:4e:9f:84:db:ac:
         8b:7d:93:4b:26:45:8c:3e:a0:d0:60:26:f6:32:b4:c8:29:f7:
         61:96:8b:48:d0:e0:14:69:f0:f3:5e:93:71:cc:9e:b1:92:be:
         4b:c6:e5:83:89:dc:af:ab:46:1b:a0:cc:00:22:75:9d:dc:d6:
         56:3e:4c:6c:2f:c2:f9:1f:c3:55:eb:73:84:92:14:e1:0f:be:
         12:07:be:5f:71:e0:e8:96:11:06:2d:7d:30:ee:2d:7e:1c:b4:
         f0:dc:91:42:ea:91:dc:4b:d4:a0:c0:ef:30:19:04:c1:6b:e5:
         1e:60:59:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbmVCZi9rkFH5MFUDj5f2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGQ1ZDA1NjY5NThiMjM1YmEwNDg4YWJhMjY0NzUyNjRiZmI2Njc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP/T45uLoOnCUOtezPd3rnY+msAC
1l3COUYEXzD0SamPsVuyYwZ3Cxis2cbGZeBYgf2V4TLP9R7NEyT61Cvatn0fcWaU
2b3fF2heVxDaVzVvvq+qF5RlfgJlTNqlIvrgw1v+tjl2yhc4al2iPWriQNxc1ZZu
ULJHlHPEKq92wU1hav5ddD03aN9k9LfTMXsQwpCsaV/Jbuz+wUqNx1a+ts5DZT+w
DIGwUJ7dsmXdvE0blBT0N06v8D7my7/p3CUY53l4xpa3mlBy+sQAAG9xRuqflZuO
2xf1AHN2MxvTPMn7PBB6LtYDS06SoPPfCpbTd+LVg88PMsnAUMksaE4SDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPTV0FZpWLI1ugSIq6JkdSZL+2Z2MB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvOU5YUVZtbFlzalc2Qklpcm9tUjFKa3Y3Wm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/gMAwQA
l/gPMA0GCSqGSIb3DQEBCwUAA4IBAQA6vGmPzOfWp0ioYphMXidLFOBjOf4MWiOo
1M8xJRK8QV9+vpnGds3TEpFg9t/Npg+q9Me8ZfBgTgidCi5GcmaA56yUxxb1M9ha
fxDXusJ/jzyGqmNeNu54GuiwhqTwgXhQrqh3nkqrTCy/xl6QTeWFAEwL/7OtGWvH
FHgMtebNtL1Y1giQIg8wiwwXTp+E26yLfZNLJkWMPqDQYCb2MrTIKfdhlotI0OAU
afDzXpNxzJ6xkr5LxuWDidyvq0YboMwAInWd3NZWPkxsL8L5H8NV63OEkhThD74S
B75fceDolhEGLX0w7i1+HLTw3JFC6pHcS9SgwO8wGQTBa+UeYFnO
-----END CERTIFICATE-----