Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/sRwp4wkcyat-VD_6iWN_6BJFP9s.roa
File:                     sRwp4wkcyat-VD_6iWN_6BJFP9s.roa (raw, json)
Hash identifier:          fiitcjz2N5DzPFb3Kem3tlILOCRrIXpcf4WMt3VTx2c=
Subject key identifier:   B1:1C:29:E3:09:1C:C9:AB:7E:54:3F:FA:89:63:7F:E8:12:45:3F:DB
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       018CC56E639CDC07BC9B62CFF23F14BCFBDA
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/sRwp4wkcyat-VD_6iWN_6BJFP9s.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62093
IP address blocks:        151.248.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:63:9c:dc:07:bc:9b:62:cf:f2:3f:14:bc:fb:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b11c29e3091cc9ab7e543ffa89637fe812453fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b6:51:fa:5b:4e:55:f3:15:b1:69:f5:37:96:
                    23:36:56:5f:53:ed:9c:18:77:74:3f:ce:d5:60:b0:
                    e0:74:9e:9e:a4:b7:3f:2b:e7:66:2e:76:52:ee:b2:
                    f1:a4:b4:da:f8:96:09:34:db:e6:b0:e2:a0:48:0c:
                    b0:f2:72:af:7f:dc:f1:f2:ef:50:44:f6:9b:29:40:
                    bc:3e:f9:83:ef:f6:2c:f0:01:99:96:f8:a5:d1:52:
                    6c:ff:e9:a4:2e:2c:d5:32:27:9c:7f:9a:56:9d:16:
                    30:be:c2:a2:9d:90:09:48:48:d5:6c:be:e4:68:a2:
                    2e:7c:9a:9d:e5:0b:d3:91:fb:14:81:ea:b8:6b:d9:
                    32:ba:06:f6:5d:4a:83:bf:d0:f3:b1:e3:bf:f9:6e:
                    34:76:53:35:63:26:81:3a:83:4c:b2:ca:a9:4a:7d:
                    1a:ff:9b:43:f9:65:81:6c:60:b2:11:2b:d6:0b:df:
                    40:b7:d7:22:07:f6:a8:e7:7e:2c:63:6d:79:59:41:
                    01:be:d6:9e:56:d1:03:d8:9e:91:2b:61:a4:82:8d:
                    a9:56:79:af:31:d2:36:cd:21:75:80:67:cf:5a:7b:
                    68:d3:22:19:46:78:b3:f3:8e:da:e9:22:56:3a:fb:
                    39:90:92:0f:0f:09:97:ed:3c:bb:f6:ff:b1:43:b2:
                    58:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:1C:29:E3:09:1C:C9:AB:7E:54:3F:FA:89:63:7F:E8:12:45:3F:DB
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/sRwp4wkcyat-VD_6iWN_6BJFP9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:19:e6:6f:2b:56:bf:9c:b0:8c:fd:50:65:14:aa:5e:18:6d:
         17:6b:e9:52:92:38:91:0b:3a:85:cf:2f:71:96:52:c9:71:a4:
         2d:3c:0c:b8:8a:be:09:f3:aa:5a:60:cc:23:da:00:c3:5b:4e:
         3f:b3:0c:df:ff:c1:6e:3b:8d:02:df:d8:fd:e7:c5:d0:80:df:
         84:3c:e1:14:2d:c6:69:11:54:5f:f5:52:7a:09:08:19:1b:50:
         90:08:9c:68:be:8f:a1:84:52:45:7c:7d:2d:aa:64:e4:18:b3:
         91:ad:c2:74:77:2b:01:90:4e:78:ce:ba:62:c0:f5:b3:c0:8c:
         39:43:ad:e1:02:dd:82:a9:4e:93:7c:cf:5f:f9:a3:28:a0:e5:
         aa:86:4d:c9:83:c3:a6:f4:41:97:57:1a:c0:e9:df:b1:cb:73:
         8f:c5:e9:d9:b9:20:4c:3c:99:16:cb:9b:8d:33:e0:ad:80:15:
         ec:9b:ad:51:81:8c:15:c3:ca:12:04:b3:4e:22:12:cb:74:2f:
         e9:b1:e8:ff:2a:a3:23:f0:f0:a0:08:52:98:09:0f:71:8c:27:
         e0:26:cc:e7:37:8f:da:04:3f:36:d0:49:42:e3:8b:0c:7b:e3:
         06:70:a4:d0:9c:d4:1f:b0:cf:24:3d:ae:96:90:92:13:c7:a4:
         52:2f:3f:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmOc3Ae8m2LP8j8UvPvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTFjMjllMzA5MWNjOWFiN2U1NDNmZmE4OTYzN2ZlODEyNDUzZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbZR+ltOVfMVsWn1N5YjNlZfU+2c
GHd0P87VYLDgdJ6epLc/K+dmLnZS7rLxpLTa+JYJNNvmsOKgSAyw8nKvf9zx8u9Q
RPabKUC8PvmD7/Ys8AGZlvil0VJs/+mkLizVMiecf5pWnRYwvsKinZAJSEjVbL7k
aKIufJqd5QvTkfsUgeq4a9kyugb2XUqDv9DzseO/+W40dlM1YyaBOoNMssqpSn0a
/5tD+WWBbGCyESvWC99At9ciB/ao534sY215WUEBvtaeVtED2J6RK2Gkgo2pVnmv
MdI2zSF1gGfPWnto0yIZRniz847a6SJWOvs5kJIPDwmX7Ty79v+xQ7JYJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEcKeMJHMmrflQ/+oljf+gSRT/bMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvc1J3cDR3a2N5YXQtVkRfNmlXTl82QkpGUDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/gPMA0G
CSqGSIb3DQEBCwUAA4IBAQBrGeZvK1a/nLCM/VBlFKpeGG0Xa+lSkjiRCzqFzy9x
llLJcaQtPAy4ir4J86paYMwj2gDDW04/swzf/8FuO40C39j958XQgN+EPOEULcZp
EVRf9VJ6CQgZG1CQCJxovo+hhFJFfH0tqmTkGLORrcJ0dysBkE54zrpiwPWzwIw5
Q63hAt2CqU6TfM9f+aMooOWqhk3Jg8Om9EGXVxrA6d+xy3OPxenZuSBMPJkWy5uN
M+CtgBXsm61RgYwVw8oSBLNOIhLLdC/psej/KqMj8PCgCFKYCQ9xjCfgJsznN4/a
BD820ElC44sMe+MGcKTQnNQfsM8kPa6WkJITx6RSLz8N
-----END CERTIFICATE-----