Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1dAKsS-7oUmmbVr8qM1ZPRHjN-0.roa
File:                     1dAKsS-7oUmmbVr8qM1ZPRHjN-0.roa (raw, json)
Hash identifier:          JCoY2Vku6VBUyeQuSVi2jOnqEX42zQlCAW4Sv2xjg5E=
Subject key identifier:   D5:D0:0A:B1:2F:BB:A1:49:A6:6D:5A:FC:A8:CD:59:3D:11:E3:37:ED
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019A4948E0511B058E433894FF974143EEE9
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1dAKsS-7oUmmbVr8qM1ZPRHjN-0.roa
Signing time:             Mon 03 Nov 2025 10:35:03 +0000
ROA not before:           Mon 03 Nov 2025 10:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211484
IP address blocks:        151.246.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:48:e0:51:1b:05:8e:43:38:94:ff:97:41:43:ee:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov  3 10:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5d00ab12fbba149a66d5afca8cd593d11e337ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:56:01:7a:2d:ac:37:35:43:ef:13:54:04:6d:
                    0e:70:25:c4:93:fa:08:32:47:43:1f:4a:8e:6b:89:
                    1c:06:1a:42:53:86:11:c5:7b:b0:a2:ed:bd:5c:87:
                    20:80:db:c3:0e:7e:15:f4:dc:00:6c:43:11:5c:b9:
                    54:f6:19:f1:a9:e8:5b:e8:35:c1:b7:da:6b:27:02:
                    70:b1:a1:6b:34:f5:4d:b1:35:a2:82:95:b6:37:8f:
                    e2:20:fe:14:f3:a7:71:20:1b:fc:df:bd:c8:7b:f9:
                    13:00:6e:8b:66:e9:af:8b:56:c3:cb:c6:12:f9:d3:
                    49:c4:0b:85:37:f9:c8:db:e1:9e:49:95:4a:f2:db:
                    d2:2c:0a:11:37:04:a0:18:36:4e:31:20:d6:0a:80:
                    f6:26:de:79:68:54:92:4f:fd:dd:c9:60:60:fc:da:
                    ef:6e:d6:b0:b0:9e:a6:82:e2:b5:7a:75:15:d0:28:
                    75:99:ed:ff:1f:00:54:84:b4:07:80:5a:09:53:ed:
                    3f:43:eb:2b:59:ef:d9:c3:59:7c:17:a5:ec:d2:de:
                    80:8a:be:77:27:63:06:9f:6f:31:c2:e2:76:96:44:
                    d7:f4:3c:28:a9:d2:00:27:8a:a1:bf:93:fb:7c:26:
                    43:70:83:29:27:35:f7:f1:a1:34:bd:52:33:4c:d7:
                    34:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D0:0A:B1:2F:BB:A1:49:A6:6D:5A:FC:A8:CD:59:3D:11:E3:37:ED
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1dAKsS-7oUmmbVr8qM1ZPRHjN-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:f8:e0:8b:96:16:f9:04:b9:99:89:22:9c:65:f8:50:a8:ef:
         11:e5:cd:d4:74:9e:fb:14:f6:62:39:d0:3b:c7:ff:2a:5e:78:
         21:2b:93:b2:89:fb:5f:c7:0f:14:98:d6:04:25:eb:c8:44:d3:
         ae:87:24:3f:27:4e:45:72:a3:0f:62:ee:cf:bb:e5:08:5c:63:
         92:f3:bc:4f:21:d2:4e:89:58:08:13:2d:7d:bc:03:19:6b:13:
         80:6e:87:19:6b:70:cb:fa:b5:ac:f3:00:57:39:34:8d:ad:24:
         37:e1:c1:87:e8:42:7d:c7:2e:f4:48:a9:12:03:ea:21:d7:0d:
         87:2b:d1:dc:85:fc:29:68:a5:56:8f:20:ce:ef:dc:a6:1f:ad:
         b2:9e:91:0c:f5:45:2c:ed:ea:76:30:78:6a:69:70:ef:36:5f:
         5d:8d:75:ff:33:5f:c9:af:e4:12:da:f9:90:5c:67:b7:fe:de:
         81:ae:61:77:82:96:c3:e1:de:24:70:de:2a:f0:53:df:23:9e:
         f0:13:b1:e4:80:ec:9a:16:af:f3:7b:cc:b0:41:e2:10:d3:d1:
         d7:1c:07:19:52:ad:75:9d:2d:f4:81:61:93:33:5b:a2:44:f9:
         9e:d4:bc:c9:77:94:cc:11:fa:35:50:6a:52:f0:af:cd:cb:6a:
         e5:06:1c:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpJSOBRGwWOQziU/5dBQ+7pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTAzMTAzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWQwMGFiMTJmYmJhMTQ5YTY2ZDVhZmNhOGNkNTkzZDExZTMzN2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVYBei2sNzVD7xNUBG0OcCXEk/oI
MkdDH0qOa4kcBhpCU4YRxXuwou29XIcggNvDDn4V9NwAbEMRXLlU9hnxqehb6DXB
t9prJwJwsaFrNPVNsTWigpW2N4/iIP4U86dxIBv8373Ie/kTAG6LZumvi1bDy8YS
+dNJxAuFN/nI2+GeSZVK8tvSLAoRNwSgGDZOMSDWCoD2Jt55aFSST/3dyWBg/Nrv
btawsJ6mguK1enUV0Ch1me3/HwBUhLQHgFoJU+0/Q+srWe/Zw1l8F6Xs0t6Air53
J2MGn28xwuJ2lkTX9DwoqdIAJ4qhv5P7fCZDcIMpJzX38aE0vVIzTNc0DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXQCrEvu6FJpm1a/KjNWT0R4zftMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMWRBS3NTLTdvVW1tYlZyOHFNMVpQUkhqTi0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/bIMA0G
CSqGSIb3DQEBCwUAA4IBAQBl+OCLlhb5BLmZiSKcZfhQqO8R5c3UdJ77FPZiOdA7
x/8qXnghK5Oyiftfxw8UmNYEJevIRNOuhyQ/J05FcqMPYu7Pu+UIXGOS87xPIdJO
iVgIEy19vAMZaxOAbocZa3DL+rWs8wBXOTSNrSQ34cGH6EJ9xy70SKkSA+oh1w2H
K9HchfwpaKVWjyDO79ymH62ynpEM9UUs7ep2MHhqaXDvNl9djXX/M1/Jr+QS2vmQ
XGe3/t6BrmF3gpbD4d4kcN4q8FPfI57wE7HkgOyaFq/ze8ywQeIQ09HXHAcZUq11
nS30gWGTM1uiRPme1LzJd5TMEfo1UGpS8K/Ny2rlBhxZ
-----END CERTIFICATE-----