Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ejg2o5Q2dvoWaESAzfB0HEPf7xI.roa
File:                     ejg2o5Q2dvoWaESAzfB0HEPf7xI.roa (raw, json)
Hash identifier:          s8Vh1yl+9P0cPDEhtTkn7ElHKgWmn1YwQsHChgTqjlY=
Subject key identifier:   7A:38:36:A3:94:36:76:FA:16:68:44:80:CD:F0:74:1C:43:DF:EF:12
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       0194258F4DF8784E9EB509C397AA74509DD5
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ejg2o5Q2dvoWaESAzfB0HEPf7xI.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30848
IP address blocks:        151.248.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4d:f8:78:4e:9e:b5:09:c3:97:aa:74:50:9d:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a3836a3943676fa16684480cdf0741c43dfef12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8c:b2:2b:dd:6e:b1:ed:5c:96:2c:28:b7:e4:
                    7a:5d:f8:32:a0:63:74:60:b8:b1:e7:a8:fb:3b:55:
                    34:84:3d:51:cc:da:ac:ab:24:2d:33:ac:76:67:93:
                    81:d8:de:ec:74:e1:e9:42:ab:25:59:0c:e7:b6:1e:
                    c0:48:55:fe:7c:86:90:5d:eb:42:ac:e4:02:7c:03:
                    3f:e9:ae:d0:4d:d5:87:38:23:44:ca:58:b5:4d:08:
                    65:f3:b5:a0:e3:0c:93:bd:b2:b2:13:74:b5:27:00:
                    a1:d5:e6:bb:97:74:a0:14:ea:85:87:e0:d2:a6:be:
                    49:bb:a4:4c:46:cd:ee:62:20:b5:8b:8c:e3:a9:8a:
                    77:49:a4:d9:70:4c:6d:04:e6:c7:c5:bb:f9:c8:d9:
                    c0:c0:6e:7b:6b:c0:dc:d6:42:a6:53:13:f0:b7:a2:
                    d4:b0:31:8f:bd:63:9f:d1:1e:76:df:a2:73:62:a7:
                    74:6b:64:f9:c4:a4:32:9c:49:c3:47:b7:d3:2c:0f:
                    cf:f9:ae:59:bc:91:37:9a:46:d2:23:ae:f4:64:c5:
                    7e:65:f1:90:19:0b:8d:38:fa:b1:03:3f:b7:52:9d:
                    f9:ae:24:28:f9:ac:5d:a4:51:f6:22:14:c7:d7:9f:
                    f5:61:ef:23:76:af:80:4a:94:77:e6:91:86:e7:90:
                    ff:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:38:36:A3:94:36:76:FA:16:68:44:80:CD:F0:74:1C:43:DF:EF:12
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ejg2o5Q2dvoWaESAzfB0HEPf7xI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:07:9c:27:ae:6e:0f:03:0d:03:23:15:dd:20:f4:5b:5e:e5:
         01:f2:d2:97:1d:0c:c5:02:be:29:e8:9e:f8:da:fd:36:08:d4:
         27:87:a2:88:da:8f:05:8d:21:4d:5f:e4:95:66:e8:9d:84:c5:
         21:9f:b8:ac:13:bc:42:23:9b:09:bc:b8:92:ad:4a:71:9d:b4:
         75:bf:c9:1a:d4:59:7f:8a:e4:30:32:07:2a:0a:e6:0d:8e:fa:
         9c:cd:57:b4:14:29:18:00:50:51:21:22:73:10:0f:c4:88:3a:
         04:0c:1a:22:15:83:4b:8c:23:e0:94:d0:a9:7e:ff:b7:2a:d4:
         c4:b6:4a:53:7e:63:d3:9a:18:88:fe:84:13:0f:d9:ac:e4:b9:
         b3:56:e9:38:de:49:30:38:ca:2c:25:da:11:b7:b5:84:3c:8e:
         c5:26:31:47:ef:b0:12:84:4d:f0:03:ac:c3:a5:ca:b0:38:27:
         f6:38:39:56:bf:76:79:ee:4e:4f:bd:4f:44:0d:e2:1c:5d:44:
         7a:1b:24:59:d6:ea:2b:41:44:30:1a:07:07:24:34:ad:8e:cf:
         51:98:c2:11:3f:e4:bd:94:0e:2a:86:a2:2c:f0:c9:ab:2e:65:
         6c:0e:ac:6d:27:42:78:d0:7e:82:05:7c:75:fd:b9:71:82:f6:
         87:3e:0a:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj034eE6etQnDl6p0UJ3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTM4MzZhMzk0MzY3NmZhMTY2ODQ0ODBjZGYwNzQxYzQzZGZlZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYyyK91use1cliwot+R6XfgyoGN0
YLix56j7O1U0hD1RzNqsqyQtM6x2Z5OB2N7sdOHpQqslWQznth7ASFX+fIaQXetC
rOQCfAM/6a7QTdWHOCNEyli1TQhl87Wg4wyTvbKyE3S1JwCh1ea7l3SgFOqFh+DS
pr5Ju6RMRs3uYiC1i4zjqYp3SaTZcExtBObHxbv5yNnAwG57a8Dc1kKmUxPwt6LU
sDGPvWOf0R5236JzYqd0a2T5xKQynEnDR7fTLA/P+a5ZvJE3mkbSI670ZMV+ZfGQ
GQuNOPqxAz+3Up35riQo+axdpFH2IhTH15/1Ye8jdq+ASpR35pGG55D/EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHo4NqOUNnb6FmhEgM3wdBxD3+8SMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvZWpnMm81UTJkdm9XYUVTQXpmQjBIRVBmN3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/gNMA0G
CSqGSIb3DQEBCwUAA4IBAQBnB5wnrm4PAw0DIxXdIPRbXuUB8tKXHQzFAr4p6J74
2v02CNQnh6KI2o8FjSFNX+SVZuidhMUhn7isE7xCI5sJvLiSrUpxnbR1v8ka1Fl/
iuQwMgcqCuYNjvqczVe0FCkYAFBRISJzEA/EiDoEDBoiFYNLjCPglNCpfv+3KtTE
tkpTfmPTmhiI/oQTD9ms5LmzVuk43kkwOMosJdoRt7WEPI7FJjFH77AShE3wA6zD
pcqwOCf2ODlWv3Z57k5PvU9EDeIcXUR6GyRZ1uorQUQwGgcHJDStjs9RmMIRP+S9
lA4qhqIs8MmrLmVsDqxtJ0J40H6CBXx1/blxgvaHPgpr
-----END CERTIFICATE-----