Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GjAEBX4JNAPTvZgUiX8z-X4h-ho.roa
File:                     GjAEBX4JNAPTvZgUiX8z-X4h-ho.roa (raw, json)
Hash identifier:          Rbkv+VnaLkvq4sL0lUnB610iCuI9mB7nEMXxhWLdTxc=
Subject key identifier:   1A:30:04:05:7E:09:34:03:D3:BD:98:14:89:7F:33:F9:7E:21:FA:1A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196721DB173DC3563E8AED14F41AAB3D6C0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GjAEBX4JNAPTvZgUiX8z-X4h-ho.roa
Signing time:             Sat 26 Apr 2025 12:41:10 +0000
ROA not before:           Sat 26 Apr 2025 12:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        151.243.35.0/24 maxlen: 24
                          151.243.38.0/24 maxlen: 24
                          151.243.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:72:1d:b1:73:dc:35:63:e8:ae:d1:4f:41:aa:b3:d6:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 26 12:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a3004057e093403d3bd9814897f33f97e21fa1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:09:19:91:11:e4:0d:65:e6:b8:e0:7a:f4:c3:
                    96:ed:d8:0f:ed:58:cc:93:e1:a6:a2:5b:aa:17:b6:
                    f8:20:1f:02:fd:03:93:68:9c:3f:ce:d7:ce:4f:2a:
                    6e:e4:cc:0e:42:83:01:c9:fd:f0:d2:07:86:64:ad:
                    b3:12:cf:c5:3b:2b:95:fc:9d:0d:55:1c:df:f8:7e:
                    03:9b:2e:8b:f7:d9:cb:d4:19:53:04:6c:56:f6:57:
                    79:a2:9c:81:c9:60:99:38:eb:00:cf:72:c6:82:3d:
                    53:cc:c1:61:a5:36:a6:70:02:28:92:8c:57:91:4e:
                    10:be:6b:e4:75:86:d7:0f:8f:e4:65:90:ac:a0:7d:
                    71:98:bb:7f:ae:2b:de:88:81:4e:32:9c:49:63:a5:
                    e2:fc:1e:96:45:ec:c8:61:2c:9d:02:34:f3:56:c5:
                    f4:95:aa:33:84:b9:d8:8e:92:6b:6f:2c:aa:c0:9a:
                    6c:4a:92:4e:e0:fc:6f:9a:8c:7e:c6:5b:b7:74:1b:
                    80:85:d5:56:f9:21:70:2c:81:ac:e2:9a:aa:59:f6:
                    3a:46:8b:94:e2:9c:ca:a8:61:ae:07:90:12:8f:01:
                    f5:8d:2b:25:62:1b:a6:3c:32:3a:13:b9:92:30:95:
                    f1:eb:ac:e6:30:2c:03:e1:ef:37:d8:7e:66:80:38:
                    09:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:30:04:05:7E:09:34:03:D3:BD:98:14:89:7F:33:F9:7E:21:FA:1A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GjAEBX4JNAPTvZgUiX8z-X4h-ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.35.0/24
                  151.243.38.0/24
                  151.243.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:94:b0:7a:79:e7:36:d3:d5:28:9d:76:07:97:d7:28:0b:da:
         d1:1f:af:95:31:6c:0f:73:49:36:59:f7:c8:45:30:de:21:71:
         98:94:1d:4e:c4:54:47:03:6c:2b:f4:b4:a8:6d:f3:a8:3b:14:
         c0:38:8f:01:0c:6f:77:d1:c1:bc:7e:e6:15:2a:fb:a1:29:28:
         da:f0:8f:cd:6c:ae:ad:48:35:a1:46:63:cc:cd:ed:41:70:e5:
         9e:5d:ab:c9:12:0b:02:b0:f2:53:ef:7d:fc:3e:67:ec:45:47:
         37:d4:1b:fb:5c:47:40:02:6d:26:d3:66:d8:d1:2f:8e:bb:da:
         32:23:fa:b9:57:c3:dc:25:2d:d2:1d:3a:9d:1d:37:a8:27:3b:
         95:5e:d4:7c:36:13:09:d1:5a:b2:b3:69:c5:f0:b4:6e:02:9b:
         d8:0d:eb:60:b0:1f:dc:68:d8:d2:0b:a6:6f:37:92:91:90:4c:
         24:3c:48:ea:45:ff:e0:05:0c:dd:fd:e9:f1:6b:e3:71:09:c1:
         60:67:ed:db:46:7b:b8:dd:b7:5a:e9:a5:93:71:b0:92:a3:3a:
         52:18:cd:60:33:93:c8:fd:9e:a0:3f:40:89:19:9b:fc:3f:d0:
         84:09:1f:01:28:6c:1f:ed:35:46:59:d8:d0:21:0e:8d:a2:1d:
         b6:f7:c4:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZyHbFz3DVj6K7RT0Gqs9bAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI2MTI0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTMwMDQwNTdlMDkzNDAzZDNiZDk4MTQ4OTdmMzNmOTdlMjFmYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwkZkRHkDWXmuOB69MOW7dgP7VjM
k+GmoluqF7b4IB8C/QOTaJw/ztfOTypu5MwOQoMByf3w0geGZK2zEs/FOyuV/J0N
VRzf+H4Dmy6L99nL1BlTBGxW9ld5opyByWCZOOsAz3LGgj1TzMFhpTamcAIokoxX
kU4QvmvkdYbXD4/kZZCsoH1xmLt/riveiIFOMpxJY6Xi/B6WRezIYSydAjTzVsX0
laozhLnYjpJrbyyqwJpsSpJO4Pxvmox+xlu3dBuAhdVW+SFwLIGs4pqqWfY6RouU
4pzKqGGuB5ASjwH1jSslYhumPDI6E7mSMJXx66zmMCwD4e832H5mgDgJUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBowBAV+CTQD072YFIl/M/l+IfoaMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvR2pBRUJYNEpOQVBUdlpnVWlYOHotWDRoLWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/MjAwQA
l/MmAwQAl/MpMA0GCSqGSIb3DQEBCwUAA4IBAQAXlLB6eec209UonXYHl9coC9rR
H6+VMWwPc0k2WffIRTDeIXGYlB1OxFRHA2wr9LSobfOoOxTAOI8BDG930cG8fuYV
KvuhKSja8I/NbK6tSDWhRmPMze1BcOWeXavJEgsCsPJT7338PmfsRUc31Bv7XEdA
Am0m02bY0S+Ou9oyI/q5V8PcJS3SHTqdHTeoJzuVXtR8NhMJ0Vqys2nF8LRuApvY
DetgsB/caNjSC6ZvN5KRkEwkPEjqRf/gBQzd/enxa+NxCcFgZ+3bRnu43bda6aWT
cbCSozpSGM1gM5PI/Z6gP0CJGZv8P9CECR8BKGwf7TVGWdjQIQ6Noh2298SV
-----END CERTIFICATE-----