Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/r0oZo3WA38lW3ySIXFVVQ1Mcc0o.roa
File:                     r0oZo3WA38lW3ySIXFVVQ1Mcc0o.roa (raw, json)
Hash identifier:          X0Ze6o20aWUQhbfuVoIUFK/Jgvo7r1HvEesCEMMLQEY=
Subject key identifier:   AF:4A:19:A3:75:80:DF:C9:56:DF:24:88:5C:55:55:43:53:1C:73:4A
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       0194258F50338C38143FAA6D8F2B11E7C29C
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/r0oZo3WA38lW3ySIXFVVQ1Mcc0o.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200497
IP address blocks:        151.248.12.0/24 maxlen: 24
                          151.248.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:50:33:8c:38:14:3f:aa:6d:8f:2b:11:e7:c2:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af4a19a37580dfc956df24885c555543531c734a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1f:45:78:d3:d9:53:53:9e:03:28:47:a8:94:
                    fc:f2:59:42:42:29:99:17:06:1c:a6:7b:32:47:0a:
                    6c:82:a3:3a:8b:1d:05:75:e5:fb:33:33:08:0f:23:
                    1f:1e:a0:76:cb:a7:10:54:13:0f:17:15:b3:ac:24:
                    ff:1e:f1:4a:11:d0:b5:78:63:ce:b2:a8:91:ea:a2:
                    da:b4:06:2e:9b:cb:72:f5:9c:eb:19:2b:ef:90:a9:
                    a4:7a:b7:96:75:5b:8e:2c:69:48:5d:78:5b:3b:e6:
                    f7:1f:6e:85:c5:6f:d1:82:d7:cd:c3:8c:77:53:45:
                    12:d4:48:7e:3d:fc:38:f7:45:f5:a4:a4:0a:fa:6b:
                    3f:e9:4c:7b:ea:89:c1:4f:4e:e0:67:db:5e:20:9a:
                    3c:5d:43:4b:45:e6:8c:ba:71:53:88:7c:ed:99:1d:
                    59:e0:25:16:97:3c:04:25:0f:af:37:c6:9b:e0:82:
                    de:5d:5e:c4:ce:63:24:45:62:33:de:38:88:6a:de:
                    f9:8e:97:c8:80:20:34:c8:ec:14:aa:69:a1:e3:59:
                    fd:ed:f5:54:ff:e5:dd:9d:9a:c7:ce:7d:a9:5e:74:
                    65:f2:dc:a0:d4:60:ab:d1:92:e8:37:66:48:a3:bf:
                    e0:e4:a2:5d:03:90:00:33:d2:b6:e9:9c:63:99:59:
                    b4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:4A:19:A3:75:80:DF:C9:56:DF:24:88:5C:55:55:43:53:1C:73:4A
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/r0oZo3WA38lW3ySIXFVVQ1Mcc0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.12.0/24
                  151.248.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:b7:97:4e:a8:fd:b1:66:84:c1:fc:85:bc:80:59:ae:e9:82:
         1d:a4:86:1e:79:a4:67:20:df:86:d5:3f:33:40:5e:6d:2a:32:
         16:0d:87:ad:c3:da:34:c6:54:84:48:dd:df:70:4f:22:61:6f:
         ea:86:c7:7a:49:ac:f7:e4:77:9c:7a:60:6d:87:73:79:6b:11:
         a7:34:0b:e7:bc:0f:2a:93:05:86:51:8b:26:4e:bb:e7:e4:3c:
         98:cd:78:c2:ec:55:16:84:4f:82:54:9b:85:17:ca:19:4a:32:
         0f:73:50:7e:60:bf:7b:b3:cb:7a:58:3c:90:15:32:13:a8:bd:
         2b:37:f5:cc:15:71:11:f1:18:e6:f7:0e:6f:a5:ee:04:88:01:
         e1:d8:83:9c:a0:14:55:93:d1:3e:53:74:b9:c8:13:51:28:e3:
         7d:d7:cb:bb:1d:21:e1:25:60:af:52:9f:c6:b8:ae:08:9b:3b:
         b9:91:d1:de:54:94:8f:cc:b6:f6:18:0f:23:80:a8:90:54:62:
         d7:e8:a0:0e:81:80:ae:da:ad:29:bd:e7:1c:3b:96:58:2e:1b:
         0b:48:7d:89:f1:48:a5:c2:d1:29:43:f1:06:68:cb:e2:8e:bc:
         19:ca:a0:9a:83:d3:b8:e3:a7:68:c6:18:c9:03:a8:61:aa:c7:
         14:e5:d7:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj1AzjDgUP6ptjysR58KcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjRhMTlhMzc1ODBkZmM5NTZkZjI0ODg1YzU1NTU0MzUzMWM3MzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1R9FeNPZU1OeAyhHqJT88llCQimZ
FwYcpnsyRwpsgqM6ix0FdeX7MzMIDyMfHqB2y6cQVBMPFxWzrCT/HvFKEdC1eGPO
sqiR6qLatAYum8ty9ZzrGSvvkKmkereWdVuOLGlIXXhbO+b3H26FxW/RgtfNw4x3
U0US1Eh+Pfw490X1pKQK+ms/6Ux76onBT07gZ9teIJo8XUNLReaMunFTiHztmR1Z
4CUWlzwEJQ+vN8ab4ILeXV7EzmMkRWIz3jiIat75jpfIgCA0yOwUqmmh41n97fVU
/+XdnZrHzn2pXnRl8tyg1GCr0ZLoN2ZIo7/g5KJdA5AAM9K26ZxjmVm0uwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK9KGaN1gN/JVt8kiFxVVUNTHHNKMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvcjBvWm8zV0EzOGxXM3lTSVhGVlZRMU1jYzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/gMAwQA
l/gPMA0GCSqGSIb3DQEBCwUAA4IBAQAYt5dOqP2xZoTB/IW8gFmu6YIdpIYeeaRn
IN+G1T8zQF5tKjIWDYetw9o0xlSESN3fcE8iYW/qhsd6Saz35HecemBth3N5axGn
NAvnvA8qkwWGUYsmTrvn5DyYzXjC7FUWhE+CVJuFF8oZSjIPc1B+YL97s8t6WDyQ
FTITqL0rN/XMFXER8Rjm9w5vpe4EiAHh2IOcoBRVk9E+U3S5yBNRKON918u7HSHh
JWCvUp/GuK4Imzu5kdHeVJSPzLb2GA8jgKiQVGLX6KAOgYCu2q0pveccO5ZYLhsL
SH2J8UilwtEpQ/EGaMvijrwZyqCag9O446doxhjJA6hhqscU5de8
-----END CERTIFICATE-----