Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/cuHLLDDwdTSlcsG0EOMSaYlGmIE.roa
File:                     cuHLLDDwdTSlcsG0EOMSaYlGmIE.roa (raw, json)
Hash identifier:          sy4flCDP25HVq+dkCg4GI6G8jmKr8E+eT87Rky5pxh0=
Subject key identifier:   72:E1:CB:2C:30:F0:75:34:A5:72:C1:B4:10:E3:12:69:89:46:98:81
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       018CC56E64BDE9E6885D9D2C76FB550998A6
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/cuHLLDDwdTSlcsG0EOMSaYlGmIE.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199606
IP address blocks:        151.248.8.0/21 maxlen: 24
                          2a01:a7c0::/32 maxlen: 37

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:64:bd:e9:e6:88:5d:9d:2c:76:fb:55:09:98:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72e1cb2c30f07534a572c1b410e3126989469881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ce:85:8f:b1:df:ed:47:ee:33:be:49:32:38:
                    b4:1f:09:6a:e2:8f:68:5a:76:71:12:5d:2a:53:da:
                    ec:eb:94:af:d0:e6:b7:9f:7b:5a:c5:ce:fd:0d:e7:
                    6e:4c:2f:90:31:1d:a0:d6:9a:40:fc:c8:d5:83:4f:
                    e3:6a:ac:61:e1:ca:f1:70:1b:f5:c2:89:5a:79:6d:
                    08:36:b8:4a:a8:1b:18:61:c9:e9:2a:f3:7d:ea:00:
                    03:ba:bf:e1:47:b4:4c:ed:3e:5d:7a:00:bc:f5:7e:
                    44:30:a3:03:72:54:45:b1:7f:cf:68:a2:8d:55:a1:
                    3c:95:e7:c2:bf:0d:d2:1f:3b:f9:72:ed:84:d9:ad:
                    82:98:f7:ac:be:9b:b9:4c:5b:97:ab:39:2d:c9:19:
                    df:79:d3:a1:93:62:fb:d6:06:c5:59:17:36:a3:56:
                    b8:6b:f5:f7:5d:0f:e3:4d:38:bc:9a:39:cf:ce:10:
                    15:eb:1d:27:10:5a:1e:61:9e:ae:79:d0:07:33:84:
                    6c:de:af:76:94:2c:33:7b:86:0b:59:9f:35:52:02:
                    98:1e:61:c7:ca:22:c9:84:e8:db:67:cf:cd:1c:2c:
                    5c:b3:d7:12:fc:c1:59:45:fa:41:df:79:e7:31:38:
                    31:27:70:4c:6a:eb:6c:73:5f:d9:4b:b5:b9:42:38:
                    79:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E1:CB:2C:30:F0:75:34:A5:72:C1:B4:10:E3:12:69:89:46:98:81
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/cuHLLDDwdTSlcsG0EOMSaYlGmIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.8.0/21
                IPv6:
                  2a01:a7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:50:38:6c:e6:90:96:d2:c1:c4:6c:1a:2b:08:80:22:07:f1:
         1e:5a:1a:6c:c2:9a:28:a7:88:c7:c8:95:e8:b1:69:bd:90:66:
         d4:cc:ff:31:db:5c:77:f2:c9:bf:c7:62:f7:80:65:74:5f:22:
         5a:d2:69:7e:44:a5:63:2b:37:b2:b6:48:f3:e5:4f:a4:6a:47:
         8c:a0:cb:1c:2f:40:e3:f2:81:88:8e:8d:0f:b8:30:29:67:58:
         10:f4:eb:17:37:a0:60:c4:dd:1a:fc:a2:d0:84:06:0e:c5:62:
         6d:42:49:42:27:ad:01:8a:57:08:36:50:b8:80:0a:44:cb:b0:
         43:29:77:42:b2:21:a7:9b:c3:a4:58:e1:99:8c:74:b8:2f:0b:
         f8:ce:95:fb:06:51:87:9c:52:b4:a7:5a:19:fe:39:49:9e:48:
         e0:21:15:cc:62:4f:6d:1c:50:ca:2f:77:31:20:df:01:19:0b:
         1a:3a:83:70:51:13:84:17:3c:62:2f:6d:89:1e:05:1f:84:c7:
         de:8e:97:3e:66:5b:68:3b:13:42:44:26:02:69:e7:d3:ed:0e:
         08:17:59:89:08:a3:12:57:d7:42:a8:cd:c1:a1:a5:0e:e6:d9:
         46:28:8f:34:02:64:7f:9a:0b:9b:f0:ca:64:a7:e3:a1:62:77:
         86:ab:37:a2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbmS96eaIXZ0sdvtVCZimMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmUxY2IyYzMwZjA3NTM0YTU3MmMxYjQxMGUzMTI2OTg5NDY5ODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkc6Fj7Hf7UfuM75JMji0Hwlq4o9o
WnZxEl0qU9rs65Sv0Oa3n3taxc79DeduTC+QMR2g1ppA/MjVg0/jaqxh4crxcBv1
wolaeW0INrhKqBsYYcnpKvN96gADur/hR7RM7T5degC89X5EMKMDclRFsX/PaKKN
VaE8lefCvw3SHzv5cu2E2a2CmPesvpu5TFuXqzktyRnfedOhk2L71gbFWRc2o1a4
a/X3XQ/jTTi8mjnPzhAV6x0nEFoeYZ6uedAHM4Rs3q92lCwze4YLWZ81UgKYHmHH
yiLJhOjbZ8/NHCxcs9cS/MFZRfpB33nnMTgxJ3BMautsc1/ZS7W5Qjh5NwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHLhyyww8HU0pXLBtBDjEmmJRpiBMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvY3VITExERHdkVFNsY3NHMEVPTVNhWWxHbUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDl/gIMA0E
AgACMAcDBQAqAafAMA0GCSqGSIb3DQEBCwUAA4IBAQB9UDhs5pCW0sHEbBorCIAi
B/EeWhpswpoop4jHyJXosWm9kGbUzP8x21x38sm/x2L3gGV0XyJa0ml+RKVjKzey
tkjz5U+kakeMoMscL0Dj8oGIjo0PuDApZ1gQ9OsXN6BgxN0a/KLQhAYOxWJtQklC
J60BilcINlC4gApEy7BDKXdCsiGnm8OkWOGZjHS4Lwv4zpX7BlGHnFK0p1oZ/jlJ
nkjgIRXMYk9tHFDKL3cxIN8BGQsaOoNwUROEFzxiL22JHgUfhMfejpc+ZltoOxNC
RCYCaefT7Q4IF1mJCKMSV9dCqM3BoaUO5tlGKI80AmR/mgub8Mpkp+OhYneGqzei
-----END CERTIFICATE-----