Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/vGDRaD0M2zQ0S_19EgotkQ-55Gg.roa
File:                     vGDRaD0M2zQ0S_19EgotkQ-55Gg.roa (raw, json)
Hash identifier:          CVuN3R6b2jI+N5xnnTuZWQEFrPWF5Kx5q+UbyK3ICzc=
Subject key identifier:   BC:60:D1:68:3D:0C:DB:34:34:4B:FD:7D:12:0A:2D:91:0F:B9:E4:68
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       01903066148059794DD481DB4B9477E4FC57
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/vGDRaD0M2zQ0S_19EgotkQ-55Gg.roa
Signing time:             Wed 19 Jun 2024 12:08:34 +0000
ROA not before:           Wed 19 Jun 2024 12:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198399
IP address blocks:        151.248.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:66:14:80:59:79:4d:d4:81:db:4b:94:77:e4:fc:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jun 19 12:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc60d1683d0cdb34344bfd7d120a2d910fb9e468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c7:50:7a:95:ab:2c:cd:3c:9b:0e:98:16:56:
                    45:75:28:d0:54:8a:66:80:6f:ee:68:96:d8:e6:7a:
                    a4:ad:01:a7:a1:57:64:bd:23:01:43:8c:7c:51:ab:
                    16:15:45:8a:75:e4:00:39:df:f7:55:22:01:cd:d9:
                    d4:0b:8a:69:45:90:81:f5:ab:8b:eb:d9:5f:95:cf:
                    7c:73:aa:a6:99:85:2c:ac:09:64:a3:07:3a:4f:c1:
                    18:c6:7a:68:8a:ec:47:cb:14:a7:16:f3:0e:05:23:
                    a8:42:58:a0:dd:6e:e4:1d:b6:56:d8:8a:c1:bb:3a:
                    43:bf:07:fa:fb:36:f1:72:de:45:55:12:d2:be:f6:
                    91:c6:e7:72:62:c9:dc:ea:28:03:32:e0:f4:62:fb:
                    77:73:91:c8:d9:8b:bd:67:20:27:ba:e7:ad:e2:58:
                    3d:5b:4c:e9:d9:19:ff:2b:bf:37:69:ed:a7:b0:72:
                    a3:32:b6:4a:df:88:20:08:d9:bd:40:a9:42:04:87:
                    e2:ad:69:b6:40:4b:1c:e8:2c:cc:9f:1e:cc:02:40:
                    fc:fc:67:3e:4e:9b:f8:e0:56:68:42:77:92:b2:e6:
                    9b:44:68:7a:33:10:e0:87:45:d3:a9:7b:c5:b8:1a:
                    a5:b1:f2:83:5f:0e:69:a9:69:a5:a2:4a:e0:90:b7:
                    f6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:60:D1:68:3D:0C:DB:34:34:4B:FD:7D:12:0A:2D:91:0F:B9:E4:68
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/vGDRaD0M2zQ0S_19EgotkQ-55Gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:7a:23:4c:cb:ef:1f:60:cd:8b:bd:99:27:7c:4b:b7:b3:1c:
         22:a4:11:9e:c4:56:b5:30:06:34:87:95:fe:77:91:ba:e9:c0:
         be:6f:60:da:ac:4b:61:52:a1:b9:e5:e6:ff:2c:b3:16:77:d4:
         c3:87:62:d4:2d:0e:46:ca:fd:26:03:a4:9c:80:48:c5:a4:42:
         bf:f8:f8:74:2c:85:73:d8:ef:ef:97:80:4d:2e:de:7a:80:ed:
         69:5c:a4:e8:33:1e:88:e5:f5:33:eb:33:4c:bf:d8:ab:00:0d:
         ac:f0:ed:6c:2c:7c:40:8c:55:80:a4:69:00:8a:5a:43:36:dd:
         c5:0e:8e:f8:24:71:0d:aa:bc:b4:73:1f:35:fd:27:cd:4b:33:
         31:fd:b8:06:33:12:e3:ed:e3:80:14:4a:48:36:29:ab:d8:eb:
         75:e0:f5:7c:c3:01:5d:6a:aa:4f:3a:12:53:0d:f9:41:87:95:
         ad:e7:92:4f:1c:d6:a0:a0:55:59:96:df:78:98:c3:23:37:65:
         14:e6:57:b9:aa:f3:39:09:ef:57:7f:04:69:a8:b7:fc:22:c6:
         f0:dd:de:06:77:9b:ce:39:b6:eb:2c:11:53:c0:62:1d:f2:00:
         b8:01:c0:bc:0b:45:90:66:93:76:ea:83:12:76:55:f0:56:04:
         a2:31:f5:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAwZhSAWXlN1IHbS5R35PxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjQwNjE5MTIwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzYwZDE2ODNkMGNkYjM0MzQ0YmZkN2QxMjBhMmQ5MTBmYjllNDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcdQepWrLM08mw6YFlZFdSjQVIpm
gG/uaJbY5nqkrQGnoVdkvSMBQ4x8UasWFUWKdeQAOd/3VSIBzdnUC4ppRZCB9auL
69lflc98c6qmmYUsrAlkowc6T8EYxnpoiuxHyxSnFvMOBSOoQlig3W7kHbZW2IrB
uzpDvwf6+zbxct5FVRLSvvaRxudyYsnc6igDMuD0Yvt3c5HI2Yu9ZyAnuuet4lg9
W0zp2Rn/K783ae2nsHKjMrZK34ggCNm9QKlCBIfirWm2QEsc6CzMnx7MAkD8/Gc+
Tpv44FZoQneSsuabRGh6MxDgh0XTqXvFuBqlsfKDXw5pqWmlokrgkLf2kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxg0Wg9DNs0NEv9fRIKLZEPueRoMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvdkdEUmFEME0yelEwU18xOUVnb3RrUS01NUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/gIMA0G
CSqGSIb3DQEBCwUAA4IBAQAMeiNMy+8fYM2LvZknfEu3sxwipBGexFa1MAY0h5X+
d5G66cC+b2DarEthUqG55eb/LLMWd9TDh2LULQ5Gyv0mA6ScgEjFpEK/+Ph0LIVz
2O/vl4BNLt56gO1pXKToMx6I5fUz6zNMv9irAA2s8O1sLHxAjFWApGkAilpDNt3F
Do74JHENqry0cx81/SfNSzMx/bgGMxLj7eOAFEpINimr2Ot14PV8wwFdaqpPOhJT
DflBh5Wt55JPHNagoFVZlt94mMMjN2UU5le5qvM5Ce9XfwRpqLf8Isbw3d4Gd5vO
ObbrLBFTwGId8gC4AcC8C0WQZpN26oMSdlXwVgSiMfWH
-----END CERTIFICATE-----