Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9UWvPNH3Yi3bvgTpFV7Uu9ZigEs.roa
File:                     9UWvPNH3Yi3bvgTpFV7Uu9ZigEs.roa (raw, json)
Hash identifier:          gfJfpLxCO3QRIKyTvSHxUDar5iyMXuepbZ2igeg3MJA=
Subject key identifier:   F5:45:AF:3C:D1:F7:62:2D:DB:BE:04:E9:15:5E:D4:BB:D6:62:80:4B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019854CE56E43833299C5FB5CFFF5206E59C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9UWvPNH3Yi3bvgTpFV7Uu9ZigEs.roa
Signing time:             Tue 29 Jul 2025 06:11:05 +0000
ROA not before:           Tue 29 Jul 2025 06:11:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206183
IP address blocks:        151.241.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:54:ce:56:e4:38:33:29:9c:5f:b5:cf:ff:52:06:e5:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 29 06:11:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f545af3cd1f7622ddbbe04e9155ed4bbd662804b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:b0:e4:44:0d:ab:b6:b0:c9:23:d9:a3:d9:73:
                    e3:85:c6:9c:09:39:58:24:0e:50:f9:ca:4e:30:db:
                    8b:4d:cf:17:51:c6:22:36:99:4d:5c:4c:e1:15:ec:
                    c7:ac:6f:ce:0a:ca:64:5c:05:9e:9e:0a:85:75:eb:
                    ea:46:37:0a:d8:d9:9b:16:82:39:67:e7:c2:4a:05:
                    ce:38:2b:fb:72:ac:13:f0:18:75:f2:80:f0:e2:f9:
                    27:ae:45:2c:b6:92:7e:db:36:dc:ec:0d:66:0b:fb:
                    cb:7a:a8:ad:5b:a3:38:b6:11:1f:c2:9b:06:a9:bf:
                    0c:db:fb:a2:fd:79:b3:b7:fb:b7:5a:fe:38:fe:6c:
                    dd:6e:a9:14:05:ba:e2:c6:e5:e2:16:15:74:6b:fa:
                    3e:b7:ad:e6:85:93:bb:f4:cd:fa:ec:31:81:42:21:
                    93:dd:12:13:7c:06:cf:8e:56:3d:0f:70:96:99:1a:
                    7e:c3:71:82:04:3a:15:c6:cf:fe:45:9e:13:d9:ee:
                    ec:b8:41:f9:c8:df:cc:53:0b:1a:c4:29:a9:9c:39:
                    f4:ed:d9:10:ff:3d:4b:59:3d:55:18:10:9a:ca:0a:
                    e8:7d:a1:ce:c6:6b:25:d4:20:7f:46:aa:e3:4e:71:
                    3b:51:8e:98:17:17:8a:e3:04:a9:0b:22:11:7f:24:
                    63:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:45:AF:3C:D1:F7:62:2D:DB:BE:04:E9:15:5E:D4:BB:D6:62:80:4B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9UWvPNH3Yi3bvgTpFV7Uu9ZigEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:b3:39:70:01:dc:4f:5b:be:c5:9e:59:bd:e8:3d:10:29:b4:
         eb:50:09:5c:21:7b:66:86:58:52:aa:03:e2:82:2f:60:5b:cd:
         1e:73:31:a7:60:fd:65:2a:d3:3c:d9:04:10:59:d8:4b:f2:99:
         d4:07:e1:60:c8:c0:2e:80:c1:a0:04:2c:fb:ab:d1:59:fb:e6:
         97:7f:13:4c:1f:e3:e9:c1:4a:a7:7e:45:20:7b:52:06:55:93:
         55:e3:c7:8f:a8:f6:ee:0a:72:40:cf:3d:74:9d:6a:b9:83:2b:
         71:0a:90:91:a4:f7:c2:dd:46:04:b1:42:62:77:66:ed:f5:b9:
         23:15:34:ec:9f:81:27:1b:c3:96:df:e3:97:7a:ac:56:8a:88:
         64:ab:55:d1:91:93:52:fd:2f:9e:91:ba:f3:c0:58:c6:d9:c8:
         63:6f:53:f8:86:04:54:92:ee:29:6b:a9:a7:85:fa:3f:fc:55:
         0e:09:0c:fd:7e:27:3b:18:f3:21:0c:18:f8:41:d7:b7:f4:6c:
         2e:fb:30:14:00:7f:f7:3b:5c:9e:b9:bd:64:a1:96:8c:75:c8:
         c0:5e:7e:62:e9:99:25:1b:a0:9b:bb:ee:72:34:a6:b3:0b:11:
         cc:3e:85:b6:80:e9:52:48:a7:4c:a8:76:2e:25:5a:65:64:3d:
         6f:f2:00:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhUzlbkODMpnF+1z/9SBuWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzI5MDYxMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ1YWYzY2QxZjc2MjJkZGJiZTA0ZTkxNTVlZDRiYmQ2NjI4MDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bDkRA2rtrDJI9mj2XPjhcacCTlY
JA5Q+cpOMNuLTc8XUcYiNplNXEzhFezHrG/OCspkXAWengqFdevqRjcK2NmbFoI5
Z+fCSgXOOCv7cqwT8Bh18oDw4vknrkUstpJ+2zbc7A1mC/vLeqitW6M4thEfwpsG
qb8M2/ui/Xmzt/u3Wv44/mzdbqkUBbrixuXiFhV0a/o+t63mhZO79M367DGBQiGT
3RITfAbPjlY9D3CWmRp+w3GCBDoVxs/+RZ4T2e7suEH5yN/MUwsaxCmpnDn07dkQ
/z1LWT1VGBCaygrofaHOxmsl1CB/RqrjTnE7UY6YFxeK4wSpCyIRfyRjmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVFrzzR92It274E6RVe1LvWYoBLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOVVXdlBOSDNZaTNidmdUcEZWN1V1OVppZ0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/F0MA0G
CSqGSIb3DQEBCwUAA4IBAQBFszlwAdxPW77Fnlm96D0QKbTrUAlcIXtmhlhSqgPi
gi9gW80eczGnYP1lKtM82QQQWdhL8pnUB+FgyMAugMGgBCz7q9FZ++aXfxNMH+Pp
wUqnfkUge1IGVZNV48ePqPbuCnJAzz10nWq5gytxCpCRpPfC3UYEsUJid2bt9bkj
FTTsn4EnG8OW3+OXeqxWiohkq1XRkZNS/S+ekbrzwFjG2chjb1P4hgRUku4pa6mn
hfo//FUOCQz9fic7GPMhDBj4Qde39Gwu+zAUAH/3O1yeub1koZaMdcjAXn5i6Zkl
G6Cbu+5yNKazCxHMPoW2gOlSSKdMqHYuJVplZD1v8gBd
-----END CERTIFICATE-----