Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/z4MLRw_lxW4Qhi3UA0OSJgFGYzI.roa
File:                     z4MLRw_lxW4Qhi3UA0OSJgFGYzI.roa (raw, json)
Hash identifier:          1C2Gk+P6I8/iLX/MZ7xuhkpyifcZCLzbxFT8yZBdi70=
Subject key identifier:   CF:83:0B:47:0F:E5:C5:6E:10:86:2D:D4:03:43:92:26:01:46:63:32
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       0190306614DDE5831FCCED04AFFD751440C7
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/z4MLRw_lxW4Qhi3UA0OSJgFGYzI.roa
Signing time:             Wed 19 Jun 2024 12:08:34 +0000
ROA not before:           Wed 19 Jun 2024 12:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199606
IP address blocks:        151.248.8.0/21 maxlen: 24
                          151.248.8.0/22 maxlen: 22
                          2a01:a7c0::/32 maxlen: 37

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:66:14:dd:e5:83:1f:cc:ed:04:af:fd:75:14:40:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jun 19 12:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf830b470fe5c56e10862dd40343922601466332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:d5:03:e4:ef:49:ec:1a:6d:d2:f6:4c:cb:85:
                    f9:d9:07:cc:c5:cb:72:57:fe:7f:a1:d6:13:3e:c7:
                    88:47:0a:96:5b:e5:6f:fc:7f:8b:67:45:2a:b1:cf:
                    ff:73:7c:2e:97:47:70:71:73:1c:ce:bc:30:4e:b8:
                    7f:ec:1d:c8:7f:57:9f:96:fa:b9:64:ae:a4:5e:22:
                    3c:90:86:2c:ad:7e:55:63:b8:c7:c3:a1:0b:1b:a6:
                    8b:18:7c:99:91:2a:8e:b1:c2:ff:91:d6:76:7d:3f:
                    69:88:c1:c0:19:81:a7:25:a7:3c:3e:33:ff:1b:fa:
                    36:11:96:12:b4:2b:ca:a6:08:3d:1e:a3:a3:37:de:
                    a8:38:80:1f:e3:fa:2f:e9:ae:7b:e1:7b:ea:1a:3c:
                    c7:13:4e:07:8c:65:09:1a:cf:da:0a:63:77:6c:29:
                    65:4e:bf:96:6c:1f:17:94:ac:0b:58:bf:68:c5:45:
                    3f:2c:49:b8:06:b7:fd:61:4f:50:b4:d9:26:cb:3a:
                    08:50:93:d3:61:14:35:00:c4:e9:5f:a0:07:97:86:
                    3e:7a:78:77:81:01:af:51:e7:c5:80:1a:24:8b:f7:
                    3e:1a:bc:f3:e8:bc:c3:65:3e:0b:e0:e3:05:5f:8a:
                    34:8b:59:b8:8e:34:6f:51:e5:f0:8c:09:e4:b5:5f:
                    80:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:83:0B:47:0F:E5:C5:6E:10:86:2D:D4:03:43:92:26:01:46:63:32
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/z4MLRw_lxW4Qhi3UA0OSJgFGYzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.8.0/21
                IPv6:
                  2a01:a7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:db:fb:ce:d7:1e:27:bb:ed:fe:1e:c6:d2:2c:5a:a3:c3:66:
         d3:95:d4:73:d5:fa:dc:7e:0c:12:a1:9c:02:76:d7:f1:6b:7a:
         3c:3b:4e:18:c2:4a:bd:c7:77:5f:e0:61:c4:0b:63:42:3b:5a:
         6e:68:e9:0c:d7:b7:50:40:cd:49:53:57:7e:6f:c7:32:3d:02:
         da:9f:f5:d9:cb:78:f2:a7:b8:84:08:88:f0:d6:e0:85:f9:cd:
         b6:03:8d:38:1d:82:a9:cc:86:18:99:02:b0:fe:ed:7b:98:d7:
         20:ad:e4:b2:a2:f9:12:ff:49:bd:1a:80:0e:23:d7:21:49:ea:
         b9:c8:f9:71:ec:fe:5b:bf:e3:c6:e8:a6:ab:79:2d:ae:ae:88:
         35:27:00:bf:8f:3f:0c:a0:8a:a5:0c:32:55:75:29:8d:9c:d7:
         26:c8:f8:99:26:90:20:92:b4:2e:25:a7:1e:bc:d5:3b:3f:32:
         d5:54:da:36:46:33:13:15:52:26:3a:3c:77:5f:69:e4:b8:43:
         bb:b3:26:d5:8f:cc:72:82:01:1e:90:89:f1:90:b2:af:5a:0a:
         fe:51:2d:72:8e:2c:21:71:f2:5b:1d:7a:a6:42:75:d0:48:48:
         65:1e:73:5d:c6:ed:aa:f8:71:49:a4:85:d6:67:4a:8f:c1:8e:
         f9:ed:56:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAwZhTd5YMfzO0Er/11FEDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjQwNjE5MTIwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjgzMGI0NzBmZTVjNTZlMTA4NjJkZDQwMzQzOTIyNjAxNDY2MzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA69UD5O9J7Bpt0vZMy4X52QfMxcty
V/5/odYTPseIRwqWW+Vv/H+LZ0Uqsc//c3wul0dwcXMczrwwTrh/7B3If1eflvq5
ZK6kXiI8kIYsrX5VY7jHw6ELG6aLGHyZkSqOscL/kdZ2fT9piMHAGYGnJac8PjP/
G/o2EZYStCvKpgg9HqOjN96oOIAf4/ov6a574XvqGjzHE04HjGUJGs/aCmN3bCll
Tr+WbB8XlKwLWL9oxUU/LEm4Brf9YU9QtNkmyzoIUJPTYRQ1AMTpX6AHl4Y+enh3
gQGvUefFgBoki/c+Grzz6LzDZT4L4OMFX4o0i1m4jjRvUeXwjAnktV+AjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM+DC0cP5cVuEIYt1ANDkiYBRmMyMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvejRNTFJ3X2x4VzRRaGkzVUEwT1NKZ0ZHWXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDl/gIMA0E
AgACMAcDBQAqAafAMA0GCSqGSIb3DQEBCwUAA4IBAQBC2/vO1x4nu+3+HsbSLFqj
w2bTldRz1frcfgwSoZwCdtfxa3o8O04Ywkq9x3df4GHEC2NCO1puaOkM17dQQM1J
U1d+b8cyPQLan/XZy3jyp7iECIjw1uCF+c22A404HYKpzIYYmQKw/u17mNcgreSy
ovkS/0m9GoAOI9chSeq5yPlx7P5bv+PG6KareS2urog1JwC/jz8MoIqlDDJVdSmN
nNcmyPiZJpAgkrQuJacevNU7PzLVVNo2RjMTFVImOjx3X2nkuEO7sybVj8xyggEe
kInxkLKvWgr+US1yjiwhcfJbHXqmQnXQSEhlHnNdxu2q+HFJpIXWZ0qPwY757VbW
-----END CERTIFICATE-----