Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-8adh7yr9n36hbkZJMGaeDntm3w.roa
File:                     1-8adh7yr9n36hbkZJMGaeDntm3w.roa (raw, json)
Hash identifier:          c16elyHnlYR9+ro+h6ORLmvwsytizxuzbUUAClbfheo=
Subject key identifier:   FB:C6:9D:87:BC:AB:F6:7D:FA:85:B9:19:24:C1:9A:78:39:ED:9B:7C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198466DEB668024A39E79BC1072D3304259
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-8adh7yr9n36hbkZJMGaeDntm3w.roa
Signing time:             Sat 26 Jul 2025 11:11:05 +0000
ROA not before:           Sat 26 Jul 2025 11:11:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207158
IP address blocks:        151.243.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:46:6d:eb:66:80:24:a3:9e:79:bc:10:72:d3:30:42:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 26 11:11:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbc69d87bcabf67dfa85b91924c19a7839ed9b7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:63:fe:f6:e7:66:69:47:c0:93:9d:d8:32:7b:
                    cb:4b:4b:fc:d3:fb:95:50:1d:9f:cd:e2:30:5e:69:
                    c5:29:11:d6:3e:de:77:ac:c3:4b:1f:6e:9b:f4:03:
                    6b:b1:5e:c3:45:9d:50:30:27:c1:3b:2f:cb:88:e2:
                    1b:80:8b:46:a5:3b:89:fb:55:b6:38:8d:c4:42:bb:
                    50:2d:95:3c:98:16:7b:c1:d6:b8:2d:c4:87:c1:02:
                    ac:b3:ac:1d:c5:51:d5:ce:a3:87:c6:72:f0:2a:98:
                    a8:70:f0:f1:10:51:fc:46:2d:5e:19:ed:da:ab:3b:
                    cb:c4:2b:0c:b8:08:7f:28:5f:62:6a:a0:9d:38:61:
                    91:8b:71:25:b4:62:ed:dd:1f:b5:85:0e:40:c9:84:
                    ad:e6:bd:dc:4e:39:a2:c0:0c:eb:0b:a2:73:1d:1c:
                    f0:79:f2:d2:6d:d2:ff:d2:17:c0:cc:81:7f:ab:58:
                    f1:8f:66:2f:64:bf:6e:02:de:21:44:21:50:ad:ff:
                    a8:2a:00:15:c3:ea:a0:61:6c:df:59:cf:c1:8b:0b:
                    49:be:94:82:28:9c:bb:9f:ec:ba:61:f9:f0:58:48:
                    9b:e3:cc:05:ea:cd:43:69:00:73:57:0d:c4:bf:ed:
                    5b:13:e9:03:4c:cd:00:68:2d:39:a8:66:19:67:9a:
                    56:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:C6:9D:87:BC:AB:F6:7D:FA:85:B9:19:24:C1:9A:78:39:ED:9B:7C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-8adh7yr9n36hbkZJMGaeDntm3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:14:b7:d7:26:a6:3c:31:ae:85:37:54:2a:28:2d:46:65:7c:
         da:5b:1c:d4:d5:d5:ea:c3:92:2e:73:b2:bf:c8:de:bc:9b:22:
         af:48:eb:c9:bc:56:79:db:3f:c9:75:cd:d6:14:16:2b:87:1d:
         f4:85:b5:d0:09:80:e9:e3:bd:e9:45:99:76:e7:b4:e9:e5:c6:
         51:de:b3:64:27:ae:8b:ce:46:4c:31:f1:bf:2c:cb:35:af:e1:
         5a:26:c1:82:e6:02:a2:e4:92:e6:5d:a8:37:25:34:27:d2:a5:
         b5:fd:15:04:33:fe:1c:cb:9e:6a:aa:76:9f:e5:01:6d:13:3d:
         16:4d:9b:38:85:34:c6:af:d6:17:cb:31:45:fa:27:c7:0b:c0:
         a6:82:f8:af:cb:d0:df:e5:aa:23:22:21:3c:34:b4:d1:0b:9f:
         1e:e3:88:cb:27:14:81:42:78:23:22:e4:f7:73:f8:84:7a:10:
         5a:c4:53:82:cf:c1:e8:9a:a9:f1:74:47:db:67:21:b1:d3:28:
         ba:20:2f:76:c8:35:4d:df:f0:8b:79:c8:ca:f1:0e:eb:8f:e4:
         5b:84:73:4c:af:45:af:96:bf:eb:fd:1d:d4:46:c3:a6:2b:6e:
         b7:ab:b6:8e:ff:5d:27:db:64:86:1c:d0:71:ad:82:79:dc:fd:
         2f:da:25:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhGbetmgCSjnnm8EHLTMEJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzI2MTExMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmM2OWQ4N2JjYWJmNjdkZmE4NWI5MTkyNGMxOWE3ODM5ZWQ5YjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmP+9udmaUfAk53YMnvLS0v80/uV
UB2fzeIwXmnFKRHWPt53rMNLH26b9ANrsV7DRZ1QMCfBOy/LiOIbgItGpTuJ+1W2
OI3EQrtQLZU8mBZ7wda4LcSHwQKss6wdxVHVzqOHxnLwKpiocPDxEFH8Ri1eGe3a
qzvLxCsMuAh/KF9iaqCdOGGRi3EltGLt3R+1hQ5AyYSt5r3cTjmiwAzrC6JzHRzw
efLSbdL/0hfAzIF/q1jxj2YvZL9uAt4hRCFQrf+oKgAVw+qgYWzfWc/BiwtJvpSC
KJy7n+y6YfnwWEib48wF6s1DaQBzVw3Ev+1bE+kDTM0AaC05qGYZZ5pWkQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvGnYe8q/Z9+oW5GSTBmng57Zt8MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMS04YWRoN3lyOW4zNmhia1pKTUdhZURudG0zdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGUvZjQzYjFkLTllNTAtNDU1MS1hZTZhLTE3YjlkZTE0MTI1
Mi8xL3htSm05R2I3SkppamxGbXpOUzJpVVZHbHBNQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJfz+jAN
BgkqhkiG9w0BAQsFAAOCAQEAFRS31yamPDGuhTdUKigtRmV82lsc1NXV6sOSLnOy
v8jevJsir0jrybxWeds/yXXN1hQWK4cd9IW10AmA6eO96UWZdue06eXGUd6zZCeu
i85GTDHxvyzLNa/hWibBguYCouSS5l2oNyU0J9Kltf0VBDP+HMueaqp2n+UBbRM9
Fk2bOIU0xq/WF8sxRfonxwvApoL4r8vQ3+WqIyIhPDS00QufHuOIyycUgUJ4IyLk
93P4hHoQWsRTgs/B6Jqp8XRH22chsdMouiAvdsg1Td/wi3nIyvEO64/kW4RzTK9F
r5a/6/0d1EbDpitut6u2jv9dJ9tkhhzQca2Cedz9L9olqg==
-----END CERTIFICATE-----