Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8qT_c0HeNsf-PU3nC4xPKDR2-VQ.roa
File:                     8qT_c0HeNsf-PU3nC4xPKDR2-VQ.roa (raw, json)
Hash identifier:          h6GKKAjr+40O3loe0OASe/OIEsjG6H5vsVPhgoKAA5Y=
Subject key identifier:   F2:A4:FF:73:41:DE:36:C7:FE:3D:4D:E7:0B:8C:4F:28:34:76:F9:54
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196706D90926016E8765ED6CA5F9B72E301
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8qT_c0HeNsf-PU3nC4xPKDR2-VQ.roa
Signing time:             Sat 26 Apr 2025 04:49:10 +0000
ROA not before:           Sat 26 Apr 2025 04:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        151.242.52.0/22 maxlen: 24
                          151.244.128.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:70:6d:90:92:60:16:e8:76:5e:d6:ca:5f:9b:72:e3:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 26 04:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2a4ff7341de36c7fe3d4de70b8c4f283476f954
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:59:22:85:d4:5a:1e:e0:07:ef:b3:10:84:6e:
                    a1:0c:83:90:66:dc:13:bb:cc:5a:f4:c9:f9:32:70:
                    d0:60:8d:a9:67:16:7f:8c:de:5a:02:ad:b9:ab:bb:
                    bd:01:2a:87:a7:fc:94:d4:48:6a:a1:0a:a8:d8:64:
                    3f:ca:24:70:47:ac:35:3c:e9:19:80:5d:63:9d:38:
                    d4:67:0e:52:17:a2:bf:af:d8:1b:96:a5:6d:ac:19:
                    ae:23:f7:9a:37:cd:99:f0:e2:f5:43:d5:49:a3:a1:
                    4d:92:88:81:81:e4:52:5e:62:1e:0a:2d:7e:f8:50:
                    46:1a:94:99:92:d1:6e:bd:00:25:50:b3:a9:f5:8d:
                    4c:00:56:79:39:47:3c:6b:38:14:09:3e:6f:6d:0c:
                    4f:41:b1:65:bf:c4:55:0d:70:17:4f:be:5a:95:a1:
                    3f:ff:4f:68:08:5d:58:1a:bc:27:ca:9c:41:81:b6:
                    eb:c2:66:09:d7:9f:4c:10:03:49:40:0c:86:cb:66:
                    4d:87:b6:b8:86:55:27:0c:a5:e8:e7:5c:d2:74:bf:
                    cb:32:f1:0c:b1:4e:28:2f:67:e5:62:cf:48:86:22:
                    4d:82:c3:f3:03:94:86:a5:fa:a0:3a:dc:70:19:c2:
                    67:1e:01:ab:10:0b:7b:80:cb:e3:3d:bf:a1:1b:e0:
                    9b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A4:FF:73:41:DE:36:C7:FE:3D:4D:E7:0B:8C:4F:28:34:76:F9:54
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8qT_c0HeNsf-PU3nC4xPKDR2-VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.52.0/22
                  151.244.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         46:f9:ee:56:df:f7:77:00:65:9e:bb:c8:36:6d:3f:4a:71:9f:
         21:fd:de:c2:fd:a8:01:23:75:d9:00:79:93:ed:d9:1d:ba:11:
         8e:0f:7b:c2:57:93:1c:af:dc:fa:52:f0:51:01:74:10:32:a5:
         e6:1f:b5:02:fd:33:dc:ea:18:79:4b:9c:61:a5:43:9f:f3:fa:
         75:42:2d:bc:a8:e9:0c:17:40:6e:a3:f7:b5:d2:a6:d2:a3:33:
         24:5a:25:ed:fc:82:e4:d6:13:2e:33:3e:61:11:bc:46:b2:fe:
         75:6d:57:05:90:9a:8f:12:d3:24:f6:af:1a:52:ff:09:5d:ef:
         a6:a3:46:5a:b7:80:3a:96:4e:ca:8f:87:cb:63:0f:a2:d8:7a:
         95:d5:3f:7a:5a:40:8b:41:06:9e:b3:82:95:b0:32:86:a4:04:
         03:73:05:eb:34:33:e5:e8:65:6b:b5:d4:40:03:e0:b5:3f:a5:
         05:66:c0:d2:6f:b2:d6:ae:ea:60:91:33:e2:af:9d:a8:be:5d:
         08:69:5e:b9:79:9b:5a:a0:e3:17:84:37:74:ff:fd:ea:47:2a:
         0d:30:37:e1:03:6b:14:00:fe:c4:31:f7:32:6a:fb:52:7b:e7:
         cf:f3:8a:6e:fa:18:f9:d8:1d:ef:5a:ac:89:85:e5:1c:1d:b9:
         13:4a:d2:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZwbZCSYBbodl7Wyl+bcuMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI2MDQ0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmE0ZmY3MzQxZGUzNmM3ZmUzZDRkZTcwYjhjNGYyODM0NzZmOTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lkihdRaHuAH77MQhG6hDIOQZtwT
u8xa9Mn5MnDQYI2pZxZ/jN5aAq25q7u9ASqHp/yU1EhqoQqo2GQ/yiRwR6w1POkZ
gF1jnTjUZw5SF6K/r9gblqVtrBmuI/eaN82Z8OL1Q9VJo6FNkoiBgeRSXmIeCi1+
+FBGGpSZktFuvQAlULOp9Y1MAFZ5OUc8azgUCT5vbQxPQbFlv8RVDXAXT75alaE/
/09oCF1YGrwnypxBgbbrwmYJ159MEANJQAyGy2ZNh7a4hlUnDKXo51zSdL/LMvEM
sU4oL2flYs9IhiJNgsPzA5SGpfqgOtxwGcJnHgGrEAt7gMvjPb+hG+CbawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPKk/3NB3jbH/j1N5wuMTyg0dvlUMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOHFUX2MwSGVOc2YtUFUzbkM0eFBLRFIyLVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCl/I0AwQG
l/SAMA0GCSqGSIb3DQEBCwUAA4IBAQBG+e5W3/d3AGWeu8g2bT9KcZ8h/d7C/agB
I3XZAHmT7dkduhGOD3vCV5Mcr9z6UvBRAXQQMqXmH7UC/TPc6hh5S5xhpUOf8/p1
Qi28qOkMF0Buo/e10qbSozMkWiXt/ILk1hMuMz5hEbxGsv51bVcFkJqPEtMk9q8a
Uv8JXe+mo0Zat4A6lk7Kj4fLYw+i2HqV1T96WkCLQQaes4KVsDKGpAQDcwXrNDPl
6GVrtdRAA+C1P6UFZsDSb7LWrupgkTPir52ovl0IaV65eZtaoOMXhDd0//3qRyoN
MDfhA2sUAP7EMfcyavtSe+fP84pu+hj52B3vWqyJheUcHbkTStIw
-----END CERTIFICATE-----