Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/cLFXpbvXQ7ewA43ckj0WniT4JUE.roa
File:                     cLFXpbvXQ7ewA43ckj0WniT4JUE.roa (raw, json)
Hash identifier:          MA0V95ed/gECxNSaptpMKxS+abLgaLPgcexWWf8XVhY=
Subject key identifier:   70:B1:57:A5:BB:D7:43:B7:B0:03:8D:DC:92:3D:16:9E:24:F8:25:41
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       01959079184B2D1C6C052C1D6CC8BDB4B386
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/cLFXpbvXQ7ewA43ckj0WniT4JUE.roa
Signing time:             Thu 13 Mar 2025 17:06:49 +0000
ROA not before:           Thu 13 Mar 2025 17:06:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200497
IP address blocks:        151.248.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:90:79:18:4b:2d:1c:6c:05:2c:1d:6c:c8:bd:b4:b3:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Mar 13 17:06:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70b157a5bbd743b7b0038ddc923d169e24f82541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:08:0b:b5:d8:e1:2d:a9:63:10:5e:e0:1a:e9:
                    11:c3:a3:c6:ce:dd:6f:99:c1:39:c6:ab:82:26:e0:
                    05:87:79:b6:f6:eb:f1:79:c3:46:9f:70:29:b3:62:
                    da:1b:ac:ee:8d:87:3c:f6:68:48:1d:0e:9d:51:88:
                    43:4a:9f:49:7b:60:bf:18:61:1d:f3:c3:61:7e:c8:
                    ca:c3:4a:a9:3d:03:9f:65:78:a1:77:42:2e:e5:72:
                    07:a3:0b:80:6f:88:d8:48:52:1f:0d:1d:de:c8:61:
                    75:81:c8:7f:15:61:2a:cc:5b:72:93:2b:55:06:43:
                    17:49:c6:41:66:41:2a:ec:06:93:1e:1c:82:42:cb:
                    ff:a7:f1:92:c4:bd:aa:e1:78:e7:42:a7:86:6c:ae:
                    45:0a:48:bd:fd:3b:1a:62:7e:ae:42:ba:12:fb:dd:
                    d3:1a:b1:61:71:1f:4f:c5:d9:16:1e:31:18:a3:06:
                    cc:9c:24:00:5c:e7:c4:1f:a5:67:55:df:60:15:e5:
                    d6:54:fe:43:08:e5:1a:0e:a9:52:0c:07:1a:3b:12:
                    f7:68:7e:48:06:06:8c:1e:eb:72:3d:9f:cc:f8:93:
                    27:98:71:36:e6:55:c4:7a:e2:5a:b8:98:4e:b0:49:
                    0e:3b:a4:74:cc:a4:16:14:d8:56:84:72:a9:ce:36:
                    96:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B1:57:A5:BB:D7:43:B7:B0:03:8D:DC:92:3D:16:9E:24:F8:25:41
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/cLFXpbvXQ7ewA43ckj0WniT4JUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:7e:28:5d:db:96:71:73:f3:87:dc:f6:57:23:b6:33:1c:3f:
         3a:9e:18:03:93:ce:a3:c0:78:9f:6b:6b:31:4e:12:70:2d:74:
         24:78:a4:cf:9d:a0:ce:05:8e:e9:ef:7a:3e:61:83:6b:79:40:
         b7:ce:3c:69:93:5a:af:87:59:d5:3b:0e:0e:99:24:4c:7a:e2:
         5c:85:3a:4a:9c:42:01:04:b4:31:17:c4:61:51:58:b5:06:9d:
         1e:ff:e6:af:cb:8c:80:48:bd:2b:89:ec:04:57:ae:e7:39:fb:
         69:dd:9c:4f:9d:d7:f0:9a:af:f9:2b:a4:0f:82:42:6c:cd:86:
         0b:c5:42:6c:e7:9d:c6:91:04:28:47:53:54:89:6d:d8:ac:3d:
         ba:aa:39:1a:85:d8:36:4c:c9:cc:c4:c7:4f:03:54:00:2a:45:
         c2:01:45:5e:26:b6:3d:7f:82:4b:21:fb:30:0b:07:c7:80:59:
         b8:b1:a8:65:b6:95:72:78:4a:37:73:16:05:14:d7:ee:91:41:
         01:9e:99:5b:d4:5d:31:8c:8f:52:c9:8c:28:9a:5b:12:9e:71:
         40:37:ee:a2:ba:5d:ad:19:44:64:73:73:74:12:7d:04:63:a1:
         5b:b8:fd:4a:e7:84:6c:d2:c2:45:5a:2c:bf:d2:43:00:c5:be:
         e3:67:7f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWQeRhLLRxsBSwdbMi9tLOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjUwMzEzMTcwNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGIxNTdhNWJiZDc0M2I3YjAwMzhkZGM5MjNkMTY5ZTI0ZjgyNTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjggLtdjhLaljEF7gGukRw6PGzt1v
mcE5xquCJuAFh3m29uvxecNGn3Aps2LaG6zujYc89mhIHQ6dUYhDSp9Je2C/GGEd
88NhfsjKw0qpPQOfZXihd0Iu5XIHowuAb4jYSFIfDR3eyGF1gch/FWEqzFtykytV
BkMXScZBZkEq7AaTHhyCQsv/p/GSxL2q4XjnQqeGbK5FCki9/TsaYn6uQroS+93T
GrFhcR9PxdkWHjEYowbMnCQAXOfEH6VnVd9gFeXWVP5DCOUaDqlSDAcaOxL3aH5I
BgaMHutyPZ/M+JMnmHE25lXEeuJauJhOsEkOO6R0zKQWFNhWhHKpzjaWEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCxV6W710O3sAON3JI9Fp4k+CVBMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvY0xGWHBidlhRN2V3QTQzY2tqMFduaVQ0SlVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/gMMA0G
CSqGSIb3DQEBCwUAA4IBAQBmfihd25Zxc/OH3PZXI7YzHD86nhgDk86jwHifa2sx
ThJwLXQkeKTPnaDOBY7p73o+YYNreUC3zjxpk1qvh1nVOw4OmSRMeuJchTpKnEIB
BLQxF8RhUVi1Bp0e/+avy4yASL0riewEV67nOftp3ZxPndfwmq/5K6QPgkJszYYL
xUJs553GkQQoR1NUiW3YrD26qjkahdg2TMnMxMdPA1QAKkXCAUVeJrY9f4JLIfsw
CwfHgFm4sahltpVyeEo3cxYFFNfukUEBnplb1F0xjI9SyYwomlsSnnFAN+6iul2t
GURkc3N0En0EY6FbuP1K54Rs0sJFWiy/0kMAxb7jZ39J
-----END CERTIFICATE-----