Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0AvSE8vbn3RAz6MRW544RTEBEGI.roa
File:                     0AvSE8vbn3RAz6MRW544RTEBEGI.roa (raw, json)
Hash identifier:          30yqS4cqPQQ9SJyGQJTH678oHaTAKjpY2DXOhPjzmlQ=
Subject key identifier:   D0:0B:D2:13:CB:DB:9F:74:40:CF:A3:11:5B:9E:38:45:31:01:10:62
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01965BC1D142DEFDC147DD383AB377C258C4
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0AvSE8vbn3RAz6MRW544RTEBEGI.roa
Signing time:             Tue 22 Apr 2025 04:29:10 +0000
ROA not before:           Tue 22 Apr 2025 04:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22427
IP address blocks:        151.241.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5b:c1:d1:42:de:fd:c1:47:dd:38:3a:b3:77:c2:58:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 22 04:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d00bd213cbdb9f7440cfa3115b9e384531011062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d1:dd:b6:27:49:36:3c:b2:dd:7e:65:87:a5:
                    47:12:15:c1:2e:a5:29:5a:14:7d:b0:04:3b:6e:4c:
                    33:7e:9f:99:c1:fa:58:3b:2d:d8:85:1a:9f:60:3b:
                    9b:a3:e6:f5:77:4a:0c:de:97:62:b4:4d:73:d2:c7:
                    48:7d:84:af:78:e4:60:8a:a6:66:cb:6a:7c:43:fb:
                    b2:25:9c:ae:8e:ae:3c:ec:27:3e:fa:18:28:6c:7c:
                    2a:92:7c:e0:ef:15:2f:2f:30:7c:3a:d5:da:ab:30:
                    48:c9:5e:ec:98:0b:55:93:e4:1a:eb:4c:88:8f:85:
                    c0:6a:80:48:95:a9:2b:e4:c9:a5:a1:0a:56:d1:48:
                    af:2c:76:74:ed:e3:bc:e6:ab:da:5f:f6:79:17:68:
                    8a:fe:54:9a:78:4f:32:7c:42:bd:77:ff:87:ad:d0:
                    91:76:fc:9c:a5:ee:a5:e1:ab:d9:32:1b:7d:26:74:
                    2f:49:31:72:b1:d0:36:7e:73:bf:cb:a0:d8:0b:8b:
                    32:54:13:f8:9e:9f:f6:84:f6:c9:8c:07:16:da:b9:
                    ac:ac:50:a0:94:58:f0:ac:55:62:44:63:0e:b0:8e:
                    64:2b:82:62:24:b6:cf:79:99:71:62:31:a4:d0:d3:
                    ce:40:a8:23:37:01:09:4c:5e:31:2a:04:7f:f9:ca:
                    ae:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:0B:D2:13:CB:DB:9F:74:40:CF:A3:11:5B:9E:38:45:31:01:10:62
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0AvSE8vbn3RAz6MRW544RTEBEGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:d2:16:7d:1c:26:0c:de:e9:a6:2f:fc:71:81:9b:9e:1d:11:
         db:7e:07:e5:83:60:b0:15:80:c1:c8:61:74:72:56:a8:fa:91:
         ae:a4:8a:c6:e0:b5:f1:00:7a:e5:3a:6a:85:4b:94:1c:6e:db:
         02:74:8d:b2:e1:92:23:f7:5e:3a:c1:a4:58:68:02:28:18:c7:
         12:37:f3:a5:42:3d:85:bf:e1:d6:6f:26:ff:f7:24:56:65:d6:
         c2:4a:80:b6:c5:46:35:86:7f:ae:d4:7a:22:a2:e6:06:65:00:
         59:46:f5:cc:2f:6b:39:a3:e4:6f:a4:16:92:be:45:41:ec:f2:
         03:b6:dd:14:bd:7e:bb:33:56:99:ed:36:62:de:54:fe:94:20:
         28:ab:75:15:4b:cc:fa:53:11:73:78:51:51:b1:a0:58:fb:09:
         b4:de:cc:79:73:95:14:26:5e:51:e3:12:de:da:f6:45:3d:70:
         f4:df:89:05:ba:88:db:5c:3e:86:f1:79:f6:3e:d2:6f:3c:80:
         15:99:d0:71:38:3f:23:d0:a8:a2:ed:f9:47:e5:28:01:58:8b:
         50:0c:aa:cf:eb:1e:dd:b3:a7:ec:39:e0:05:8c:01:58:27:83:
         eb:d1:1f:61:63:2a:4b:e4:61:e8:a3:64:21:b6:8a:e5:d0:70:
         52:be:ca:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZbwdFC3v3BR904OrN3wljEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDIyMDQyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDBiZDIxM2NiZGI5Zjc0NDBjZmEzMTE1YjllMzg0NTMxMDExMDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNHdtidJNjyy3X5lh6VHEhXBLqUp
WhR9sAQ7bkwzfp+ZwfpYOy3YhRqfYDubo+b1d0oM3pditE1z0sdIfYSveORgiqZm
y2p8Q/uyJZyujq487Cc++hgobHwqknzg7xUvLzB8OtXaqzBIyV7smAtVk+Qa60yI
j4XAaoBIlakr5MmloQpW0UivLHZ07eO85qvaX/Z5F2iK/lSaeE8yfEK9d/+HrdCR
dvycpe6l4avZMht9JnQvSTFysdA2fnO/y6DYC4syVBP4np/2hPbJjAcW2rmsrFCg
lFjwrFViRGMOsI5kK4JiJLbPeZlxYjGk0NPOQKgjNwEJTF4xKgR/+cqugQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAL0hPL2590QM+jEVueOEUxARBiMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMEF2U0U4dmJuM1JBejZNUlc1NDRSVEVCRUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/F/MA0G
CSqGSIb3DQEBCwUAA4IBAQCt0hZ9HCYM3ummL/xxgZueHRHbfgflg2CwFYDByGF0
clao+pGupIrG4LXxAHrlOmqFS5QcbtsCdI2y4ZIj9146waRYaAIoGMcSN/OlQj2F
v+HWbyb/9yRWZdbCSoC2xUY1hn+u1HoiouYGZQBZRvXML2s5o+RvpBaSvkVB7PID
tt0UvX67M1aZ7TZi3lT+lCAoq3UVS8z6UxFzeFFRsaBY+wm03sx5c5UUJl5R4xLe
2vZFPXD034kFuojbXD6G8Xn2PtJvPIAVmdBxOD8j0Kii7flH5SgBWItQDKrP6x7d
s6fsOeAFjAFYJ4Pr0R9hYypL5GHoo2Qhtorl0HBSvsr5
-----END CERTIFICATE-----