Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/xS09c8meBokU8ZKN0XhODBRgaWI.roa
File:                     xS09c8meBokU8ZKN0XhODBRgaWI.roa (raw, json)
Hash identifier:          DPHcqqc0ZyQ7tYPGBLBwkSdQYDh8/6Exs+WG64kYt2Y=
Subject key identifier:   C5:2D:3D:73:C9:9E:06:89:14:F1:92:8D:D1:78:4E:0C:14:60:69:62
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       018CC56E63DD0A71ABAF9FA796EE3FE7F451
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/xS09c8meBokU8ZKN0XhODBRgaWI.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197075
IP address blocks:        151.248.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:63:dd:0a:71:ab:af:9f:a7:96:ee:3f:e7:f4:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c52d3d73c99e068914f1928dd1784e0c14606962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bd:b2:2c:5b:12:d2:5d:15:c1:83:43:70:e3:
                    f4:e2:4b:77:0a:1b:93:b4:57:62:2b:2e:e8:b5:28:
                    32:52:40:52:99:15:0f:26:dd:c5:18:69:a6:56:5f:
                    ca:f2:14:de:c1:0a:e7:2a:3c:90:f1:63:59:21:66:
                    1b:fd:38:93:8f:d0:cd:05:c6:56:14:69:69:14:9e:
                    a6:b3:3c:da:15:03:78:3c:e5:41:1f:61:16:d2:76:
                    30:37:6b:5f:57:c3:fd:96:a1:e6:f1:93:f1:f9:30:
                    30:d6:ee:77:7f:4c:5c:d3:b1:6e:00:b2:6a:f4:60:
                    ee:d3:d0:9f:11:53:e8:e6:24:ce:0d:30:2a:85:9f:
                    54:06:88:77:87:77:a0:b5:42:af:57:7c:20:99:df:
                    e4:d0:fc:b4:d8:8a:a9:22:9f:f0:a6:9c:53:52:23:
                    4e:ab:1c:a7:29:2d:37:aa:7e:67:13:c5:a4:40:74:
                    89:63:28:d6:69:72:67:bc:e1:7e:70:b7:3a:76:97:
                    b1:97:48:a3:08:7f:1e:08:05:8b:cb:d7:80:30:3f:
                    20:f2:e1:be:3d:c2:e2:d4:1f:e6:31:08:8f:f5:60:
                    cc:2c:9f:de:06:f1:25:d0:cc:ed:2f:75:0a:73:03:
                    d2:00:9f:52:43:43:51:b5:4f:de:cd:b3:b6:82:27:
                    dc:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2D:3D:73:C9:9E:06:89:14:F1:92:8D:D1:78:4E:0C:14:60:69:62
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/xS09c8meBokU8ZKN0XhODBRgaWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:ae:83:61:8a:c4:3d:b0:4b:a6:40:0d:a4:21:c8:11:1a:70:
         66:9d:4d:ec:5d:37:62:f5:b0:3f:2f:a9:a8:ab:73:e0:e7:d9:
         5a:5b:b3:55:0c:ed:20:03:33:bf:e0:24:ee:92:85:bb:17:2e:
         81:14:d2:d3:31:86:b8:66:52:d7:98:6c:4e:74:47:fa:00:8d:
         4b:13:21:38:79:35:40:c0:cd:45:cc:f6:79:8e:bc:ae:99:b6:
         b5:ae:f9:7c:01:c5:dc:9f:22:22:df:55:e6:a9:16:eb:3d:a4:
         b1:e0:9c:b0:61:f3:16:3b:2d:71:b1:00:05:ba:61:69:90:ef:
         0c:d6:ac:68:a2:8c:86:c3:26:bd:c0:f1:2f:18:80:00:c0:ab:
         88:86:91:c5:97:6e:12:a3:e6:05:ae:c4:ef:d0:22:fc:b8:0c:
         76:f2:c2:b9:f9:db:79:6b:da:9c:17:cb:6a:e2:e7:ee:05:88:
         3d:a8:7d:60:f7:5c:7d:02:73:83:b7:dc:fb:c2:67:49:6b:53:
         f5:d9:95:b6:44:13:fd:0a:6f:c9:3e:22:4c:05:47:c8:3b:0b:
         5a:eb:9a:99:69:cc:64:af:50:89:84:fd:07:b0:65:80:7d:f1:
         a5:fe:00:78:ca:a0:2a:06:e4:7f:ee:ad:8f:96:8a:85:3c:6f:
         63:7a:a3:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmPdCnGrr5+nlu4/5/RRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTJkM2Q3M2M5OWUwNjg5MTRmMTkyOGRkMTc4NGUwYzE0NjA2OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb2yLFsS0l0VwYNDcOP04kt3ChuT
tFdiKy7otSgyUkBSmRUPJt3FGGmmVl/K8hTewQrnKjyQ8WNZIWYb/TiTj9DNBcZW
FGlpFJ6mszzaFQN4POVBH2EW0nYwN2tfV8P9lqHm8ZPx+TAw1u53f0xc07FuALJq
9GDu09CfEVPo5iTODTAqhZ9UBoh3h3egtUKvV3wgmd/k0Py02IqpIp/wppxTUiNO
qxynKS03qn5nE8WkQHSJYyjWaXJnvOF+cLc6dpexl0ijCH8eCAWLy9eAMD8g8uG+
PcLi1B/mMQiP9WDMLJ/eBvEl0MztL3UKcwPSAJ9SQ0NRtU/ezbO2gifcQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUtPXPJngaJFPGSjdF4TgwUYGliMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEveFMwOWM4bWVCb2tVOFpLTjBYaE9EQlJnYVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/gOMA0G
CSqGSIb3DQEBCwUAA4IBAQBNroNhisQ9sEumQA2kIcgRGnBmnU3sXTdi9bA/L6mo
q3Pg59laW7NVDO0gAzO/4CTukoW7Fy6BFNLTMYa4ZlLXmGxOdEf6AI1LEyE4eTVA
wM1FzPZ5jryumba1rvl8AcXcnyIi31XmqRbrPaSx4JywYfMWOy1xsQAFumFpkO8M
1qxoooyGwya9wPEvGIAAwKuIhpHFl24So+YFrsTv0CL8uAx28sK5+dt5a9qcF8tq
4ufuBYg9qH1g91x9AnODt9z7wmdJa1P12ZW2RBP9Cm/JPiJMBUfIOwta65qZacxk
r1CJhP0HsGWAffGl/gB4yqAqBuR/7q2PloqFPG9jeqPw
-----END CERTIFICATE-----