Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/00KZRUIFdPCV8vA7cfGjLZc0Z2s.roa
File:                     00KZRUIFdPCV8vA7cfGjLZc0Z2s.roa (raw, json)
Hash identifier:          SkcSVfSrEdW5T+ettA4VUXKRa+PyCdLZwU12mUC1IfI=
Subject key identifier:   D3:42:99:45:42:05:74:F0:95:F2:F0:3B:71:F1:A3:2D:97:34:67:6B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019657C41740E236D669D2ADEF3C36407E75
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/00KZRUIFdPCV8vA7cfGjLZc0Z2s.roa
Signing time:             Mon 21 Apr 2025 09:53:10 +0000
ROA not before:           Mon 21 Apr 2025 09:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        151.243.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:57:c4:17:40:e2:36:d6:69:d2:ad:ef:3c:36:40:7e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 21 09:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3429945420574f095f2f03b71f1a32d9734676b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:43:25:62:d1:41:03:f8:78:43:05:f4:85:b6:
                    1b:8c:23:4a:1c:b9:96:45:75:78:ec:c7:2e:82:83:
                    22:6a:92:f4:e4:22:63:76:16:c4:ec:61:a5:a4:c0:
                    c9:0f:97:6e:96:e1:f0:16:82:e9:a7:2f:71:c6:07:
                    73:43:48:16:38:98:07:de:5e:3a:f7:3e:02:4b:08:
                    fb:f1:84:68:ca:c2:75:26:68:6e:5e:96:82:6e:47:
                    d2:65:7f:24:c9:db:95:40:12:6e:56:3c:21:da:80:
                    5e:e0:01:8e:bd:b9:2c:d3:de:ab:fd:18:f9:c0:bf:
                    ff:6f:da:61:cb:82:89:c0:d5:5a:d3:3c:d6:94:5b:
                    f9:dc:5b:80:92:87:c0:3c:5e:12:1e:bc:be:3c:75:
                    6d:b4:1e:43:8f:b0:9f:c3:fd:b2:f1:d7:7f:09:c5:
                    24:3b:73:cd:8a:33:14:c5:90:18:c0:1d:70:6f:3d:
                    00:8c:73:f3:ec:12:7d:a0:2c:d7:9d:c8:1f:41:c7:
                    98:ce:9d:09:34:bc:36:90:b3:08:7c:f6:0a:61:22:
                    62:5f:94:1c:42:dc:ae:a9:d3:8d:93:09:ec:7c:a3:
                    6d:16:6d:d1:aa:ab:ff:a6:a7:f0:6d:9e:77:4a:9b:
                    69:8a:1e:c8:71:a8:e4:4f:95:69:a9:2c:5f:6b:5d:
                    ae:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:42:99:45:42:05:74:F0:95:F2:F0:3B:71:F1:A3:2D:97:34:67:6B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/00KZRUIFdPCV8vA7cfGjLZc0Z2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:07:ab:79:7e:68:9c:78:37:18:0e:c7:a5:02:8f:81:94:76:
         e2:a8:d1:1d:41:a2:6e:50:4c:b2:26:46:83:40:f1:24:86:c3:
         3e:2c:64:ff:6a:60:0a:2f:5f:8a:8a:29:de:7e:44:85:1b:dd:
         5d:de:d6:98:74:f0:31:e5:8b:c1:6c:d4:66:16:c7:10:f5:19:
         e8:76:b5:6a:22:29:93:12:ef:52:c0:61:47:72:fe:ef:40:ee:
         35:49:38:e3:df:d9:84:bf:5c:99:50:83:d3:95:01:7b:4f:ca:
         10:fa:16:a1:ec:52:55:15:61:76:ca:33:bb:99:41:de:ed:cf:
         f9:c3:c1:ed:94:dc:fa:30:10:55:f0:c8:4b:98:f0:f2:32:da:
         e8:ac:fa:41:59:68:cf:3e:6d:b5:42:56:5b:f2:37:32:bf:83:
         8e:9e:2c:31:a4:77:d5:3e:c0:14:c0:b4:50:ab:a8:f9:9e:b4:
         33:bb:10:c0:3d:aa:8a:15:13:dd:14:9e:4a:c7:e4:c8:42:40:
         c3:e2:48:ad:76:9d:62:ee:01:17:66:17:f8:60:5e:67:ab:a9:
         96:ef:62:03:d5:ec:03:af:fa:f2:64:9f:27:05:8a:9b:e5:8e:
         08:d1:90:91:e1:a5:c3:d6:65:a5:44:a8:37:c7:9b:29:a1:7f:
         22:5f:08:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZXxBdA4jbWadKt7zw2QH51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDIxMDk1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzQyOTk0NTQyMDU3NGYwOTVmMmYwM2I3MWYxYTMyZDk3MzQ2NzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEMlYtFBA/h4QwX0hbYbjCNKHLmW
RXV47McugoMiapL05CJjdhbE7GGlpMDJD5duluHwFoLppy9xxgdzQ0gWOJgH3l46
9z4CSwj78YRoysJ1JmhuXpaCbkfSZX8kyduVQBJuVjwh2oBe4AGOvbks096r/Rj5
wL//b9phy4KJwNVa0zzWlFv53FuAkofAPF4SHry+PHVttB5Dj7Cfw/2y8dd/CcUk
O3PNijMUxZAYwB1wbz0AjHPz7BJ9oCzXncgfQceYzp0JNLw2kLMIfPYKYSJiX5Qc
QtyuqdONkwnsfKNtFm3Rqqv/pqfwbZ53Sptpih7IcajkT5VpqSxfa12u8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNCmUVCBXTwlfLwO3Hxoy2XNGdrMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMDBLWlJVSUZkUENWOHZBN2NmR2pMWmMwWjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NRMA0G
CSqGSIb3DQEBCwUAA4IBAQC1B6t5fmiceDcYDselAo+BlHbiqNEdQaJuUEyyJkaD
QPEkhsM+LGT/amAKL1+KiinefkSFG91d3taYdPAx5YvBbNRmFscQ9RnodrVqIimT
Eu9SwGFHcv7vQO41STjj39mEv1yZUIPTlQF7T8oQ+hah7FJVFWF2yjO7mUHe7c/5
w8HtlNz6MBBV8MhLmPDyMtrorPpBWWjPPm21QlZb8jcyv4OOniwxpHfVPsAUwLRQ
q6j5nrQzuxDAPaqKFRPdFJ5Kx+TIQkDD4kitdp1i7gEXZhf4YF5nq6mW72ID1ewD
r/ryZJ8nBYqb5Y4I0ZCR4aXD1mWlRKg3x5spoX8iXwiC
-----END CERTIFICATE-----