Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KZfIb5OTJ-nEJmT-g9br6cF9tiY.roa
File:                     KZfIb5OTJ-nEJmT-g9br6cF9tiY.roa (raw, json)
Hash identifier:          glfK3CJWoH7TYHD3LPdcoCbT4eOsFNRjLVk1MviIF9Y=
Subject key identifier:   29:97:C8:6F:93:93:27:E9:C4:26:64:FE:83:D6:EB:E9:C1:7D:B6:26
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019869263F351ADF25B2C6267E1355CB0A31
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KZfIb5OTJ-nEJmT-g9br6cF9tiY.roa
Signing time:             Sat 02 Aug 2025 04:59:30 +0000
ROA not before:           Sat 02 Aug 2025 04:59:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214279
IP address blocks:        151.241.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:69:26:3f:35:1a:df:25:b2:c6:26:7e:13:55:cb:0a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  2 04:59:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2997c86f939327e9c42664fe83d6ebe9c17db626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:57:32:ab:19:49:9c:06:33:e2:b7:da:66:91:
                    91:33:f0:47:04:28:41:0a:aa:26:bb:47:2b:2a:09:
                    29:d3:ab:e8:a7:25:60:31:b2:62:40:74:d7:d6:28:
                    eb:be:e0:f2:af:c9:5b:51:c6:fc:73:32:ca:51:07:
                    40:7e:19:61:77:33:c9:da:5c:45:93:a1:e2:cc:a9:
                    ee:b6:59:6b:20:d8:7b:80:d0:bc:ae:d9:50:f9:fd:
                    47:fe:49:3e:2e:39:f2:83:cb:d3:d5:11:93:96:ab:
                    6f:c1:da:eb:ef:c4:0b:52:dd:18:ce:0f:9b:43:73:
                    06:de:64:b5:40:24:76:d2:26:ea:d0:f0:89:de:0f:
                    0d:7e:29:40:a7:00:cc:37:8c:8c:40:fb:84:c3:2f:
                    f3:17:e7:98:76:85:2a:63:cc:fe:7a:91:71:a4:f8:
                    2b:53:69:d9:52:ae:6f:3e:53:b5:88:14:1f:43:01:
                    49:e2:c4:a8:f3:d6:80:dd:98:fd:6a:9b:e5:33:a9:
                    31:6b:cb:37:0e:02:d5:37:9e:e8:cc:20:7a:e5:b9:
                    5f:a8:5f:5b:3a:c2:0c:cc:f6:40:4b:11:f9:48:52:
                    d6:e3:6d:1c:6e:01:ce:d7:54:54:36:ed:fb:67:4e:
                    1a:d4:69:cc:03:77:6a:4a:90:9e:8d:ad:9b:55:49:
                    c8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:97:C8:6F:93:93:27:E9:C4:26:64:FE:83:D6:EB:E9:C1:7D:B6:26
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KZfIb5OTJ-nEJmT-g9br6cF9tiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:13:69:5d:49:bf:d2:f9:6e:21:74:d5:d4:e5:5c:0b:ce:4d:
         4c:77:39:e9:e8:b6:7a:7f:e6:8c:11:12:66:e6:f8:2a:a7:86:
         20:22:7e:68:95:30:53:bf:74:77:c5:5f:81:c2:9f:70:74:6e:
         d4:ea:db:e3:bf:21:16:4c:48:80:8e:8c:54:92:47:ee:3b:48:
         d2:61:dd:da:2e:96:43:4f:ec:53:fe:de:0a:2d:e4:15:dd:31:
         4a:f0:53:6a:48:c0:9e:55:ac:10:d4:6f:57:b5:8e:e6:0e:a5:
         5f:22:96:62:0e:f7:2e:15:81:35:41:37:6b:17:52:33:54:24:
         d3:ff:fa:b3:65:85:dc:7c:2c:5f:dc:37:47:de:3b:53:43:61:
         45:1a:f8:81:5b:23:bd:03:d7:4f:cb:75:5d:65:79:51:9b:bc:
         7a:94:a6:ce:d3:b0:3f:8a:b4:b7:cb:a3:54:0b:a9:9a:91:47:
         d0:f7:59:c7:89:13:7c:1f:3d:13:58:19:11:fd:21:59:c2:19:
         5d:b5:21:5c:ef:b9:c8:84:d8:75:6c:38:bd:d8:24:6f:97:62:
         1b:6c:31:45:cc:4f:78:1a:7a:84:87:2e:a0:84:ba:24:48:46:
         1b:3a:95:89:b1:58:98:5d:40:1d:b7:fe:27:f7:8c:66:e8:26:
         be:4d:a1:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhpJj81Gt8lssYmfhNVywoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODAyMDQ1OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk3Yzg2ZjkzOTMyN2U5YzQyNjY0ZmU4M2Q2ZWJlOWMxN2RiNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1cyqxlJnAYz4rfaZpGRM/BHBChB
Cqomu0crKgkp06vopyVgMbJiQHTX1ijrvuDyr8lbUcb8czLKUQdAfhlhdzPJ2lxF
k6HizKnutllrINh7gNC8rtlQ+f1H/kk+Ljnyg8vT1RGTlqtvwdrr78QLUt0Yzg+b
Q3MG3mS1QCR20ibq0PCJ3g8NfilApwDMN4yMQPuEwy/zF+eYdoUqY8z+epFxpPgr
U2nZUq5vPlO1iBQfQwFJ4sSo89aA3Zj9apvlM6kxa8s3DgLVN57ozCB65blfqF9b
OsIMzPZASxH5SFLW420cbgHO11RUNu37Z04a1GnMA3dqSpCeja2bVUnIIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmXyG+TkyfpxCZk/oPW6+nBfbYmMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvS1pmSWI1T1RKLW5FSm1ULWc5YnI2Y0Y5dGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/EOMA0G
CSqGSIb3DQEBCwUAA4IBAQCfE2ldSb/S+W4hdNXU5VwLzk1Mdznp6LZ6f+aMERJm
5vgqp4YgIn5olTBTv3R3xV+Bwp9wdG7U6tvjvyEWTEiAjoxUkkfuO0jSYd3aLpZD
T+xT/t4KLeQV3TFK8FNqSMCeVawQ1G9XtY7mDqVfIpZiDvcuFYE1QTdrF1IzVCTT
//qzZYXcfCxf3DdH3jtTQ2FFGviBWyO9A9dPy3VdZXlRm7x6lKbO07A/irS3y6NU
C6makUfQ91nHiRN8Hz0TWBkR/SFZwhldtSFc77nIhNh1bDi92CRvl2IbbDFFzE94
GnqEhy6ghLokSEYbOpWJsViYXUAdt/4n94xm6Ca+TaHG
-----END CERTIFICATE-----