Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/KoGcuhEWGpdaiyvAQhahi6JGn3c.roa
File:                     KoGcuhEWGpdaiyvAQhahi6JGn3c.roa (raw, json)
Hash identifier:          1hE6GXWKyFKYOi6wNNjRCkxxkmT7Rr3/DXP+/VqRcqY=
Subject key identifier:   2A:81:9C:BA:11:16:1A:97:5A:8B:2B:C0:42:16:A1:8B:A2:46:9F:77
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       0194258F4FB391D13BC86BDA279DF5BCEA58
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/KoGcuhEWGpdaiyvAQhahi6JGn3c.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199606
IP address blocks:        151.248.8.0/21 maxlen: 24
                          151.248.8.0/22 maxlen: 22
                          2a01:a7c0::/32 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4f:b3:91:d1:3b:c8:6b:da:27:9d:f5:bc:ea:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a819cba11161a975a8b2bc04216a18ba2469f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:02:13:b3:60:ea:82:f7:d1:7c:3a:f6:0b:64:
                    52:ad:56:26:91:b8:70:15:39:fc:c3:b8:61:9e:ec:
                    25:d8:cc:16:7e:65:81:a6:d4:1a:c1:1a:87:d6:7e:
                    c9:0d:0b:65:49:93:38:3a:44:cb:c4:67:89:7a:28:
                    a3:38:75:bf:5b:fc:a2:f1:58:16:5b:fd:5a:9f:aa:
                    bd:c3:51:5a:3f:6a:b9:37:2a:70:ae:a0:8e:4b:19:
                    32:a5:10:d0:7a:b4:7f:b7:d3:cd:53:f9:e9:92:d0:
                    87:4c:5d:21:ca:b3:8b:b3:d3:59:76:c3:fb:0a:f1:
                    cc:02:fe:62:85:dd:06:1a:df:c6:b8:37:64:7e:f0:
                    2a:d3:da:ac:69:c1:9f:a5:9a:b2:4b:e4:c7:57:11:
                    a1:a9:bf:ae:04:36:10:fe:f2:1f:4a:5b:b9:f5:b7:
                    f9:2d:52:a2:95:e7:60:7b:c9:96:75:f6:4a:07:dd:
                    22:c7:c4:90:5e:c5:c7:7c:97:d2:da:ef:47:e8:c8:
                    2f:9a:36:b8:2f:70:e8:55:46:b7:ff:16:d1:f7:47:
                    ac:6d:1d:9b:e4:07:c1:16:18:eb:88:c7:cb:48:b1:
                    d8:88:9a:a7:31:d8:99:ee:b0:47:b3:a6:ec:2f:f9:
                    fa:de:35:9f:92:7b:a4:7b:dc:28:ed:bb:4e:8a:1c:
                    d7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:81:9C:BA:11:16:1A:97:5A:8B:2B:C0:42:16:A1:8B:A2:46:9F:77
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/KoGcuhEWGpdaiyvAQhahi6JGn3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.8.0/21
                IPv6:
                  2a01:a7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:4c:fd:08:ca:a7:53:f4:e8:d3:12:11:6c:2d:6f:3c:44:9d:
         05:44:a4:72:75:b0:7c:78:93:cf:9c:dd:3d:86:f1:2a:0f:99:
         c7:c2:b4:89:97:79:86:fd:80:ba:c7:26:fc:48:ff:95:e9:87:
         53:ba:e0:a6:3b:80:93:6e:ed:0a:ed:9f:22:9b:53:51:1e:3b:
         35:18:5f:d5:a2:dc:74:a2:8d:0d:87:dd:a4:26:92:cc:20:a6:
         c6:10:c6:90:6e:bf:9c:4d:e4:a4:1f:1f:6d:19:18:01:0b:3f:
         7f:ad:99:9d:e0:e5:04:df:bd:92:b1:5e:35:2a:f4:9e:5b:c7:
         8f:7b:fc:cf:38:fd:fb:96:a6:b7:ba:64:6f:3d:c0:64:4f:2a:
         80:3f:e0:05:75:63:e7:8b:0c:fa:41:c3:23:18:6b:e8:08:a9:
         98:c3:d3:a5:6c:79:90:6b:13:dc:b0:39:c6:91:8b:40:26:00:
         3e:fc:d0:97:4d:87:e8:e4:3d:97:62:e7:5f:2f:17:06:b6:1c:
         a8:75:f3:51:ea:bd:52:ab:e8:a1:00:93:5b:97:58:d5:50:77:
         ff:75:dd:90:7f:66:bd:f4:8c:d6:c0:51:32:df:6a:8f:18:5d:
         4d:d7:e1:16:ed:d8:b5:6d:a4:ea:e9:b5:16:27:bf:46:66:1c:
         ce:23:da:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj0+zkdE7yGvaJ531vOpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTgxOWNiYTExMTYxYTk3NWE4YjJiYzA0MjE2YTE4YmEyNDY5Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAITs2DqgvfRfDr2C2RSrVYmkbhw
FTn8w7hhnuwl2MwWfmWBptQawRqH1n7JDQtlSZM4OkTLxGeJeiijOHW/W/yi8VgW
W/1an6q9w1FaP2q5NypwrqCOSxkypRDQerR/t9PNU/npktCHTF0hyrOLs9NZdsP7
CvHMAv5ihd0GGt/GuDdkfvAq09qsacGfpZqyS+THVxGhqb+uBDYQ/vIfSlu59bf5
LVKiledge8mWdfZKB90ix8SQXsXHfJfS2u9H6Mgvmja4L3DoVUa3/xbR90esbR2b
5AfBFhjriMfLSLHYiJqnMdiZ7rBHs6bsL/n63jWfknuke9wo7btOihzXFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCqBnLoRFhqXWosrwEIWoYuiRp93MB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvS29HY3VoRVdHcGRhaXl2QVFoYWhpNkpHbjNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDl/gIMA0E
AgACMAcDBQAqAafAMA0GCSqGSIb3DQEBCwUAA4IBAQBoTP0IyqdT9OjTEhFsLW88
RJ0FRKRydbB8eJPPnN09hvEqD5nHwrSJl3mG/YC6xyb8SP+V6YdTuuCmO4CTbu0K
7Z8im1NRHjs1GF/Votx0oo0Nh92kJpLMIKbGEMaQbr+cTeSkHx9tGRgBCz9/rZmd
4OUE372SsV41KvSeW8ePe/zPOP37lqa3umRvPcBkTyqAP+AFdWPniwz6QcMjGGvo
CKmYw9OlbHmQaxPcsDnGkYtAJgA+/NCXTYfo5D2XYudfLxcGthyodfNR6r1Sq+ih
AJNbl1jVUHf/dd2Qf2a99IzWwFEy32qPGF1N1+EW7di1baTq6bUWJ79GZhzOI9oH
-----END CERTIFICATE-----