Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PWhi0qp1nGTuXzFKj1c0RHg6sQs.roa
File:                     PWhi0qp1nGTuXzFKj1c0RHg6sQs.roa (raw, json)
Hash identifier:          wVfcnlcFPmULaXqlxbEsEx706FgejHrSg6v97hiBLAQ=
Subject key identifier:   3D:68:62:D2:AA:75:9C:64:EE:5F:31:4A:8F:57:34:44:78:3A:B1:0B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01985B80959FA147B0B1BF24A87587D90519
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PWhi0qp1nGTuXzFKj1c0RHg6sQs.roa
Signing time:             Wed 30 Jul 2025 13:23:30 +0000
ROA not before:           Wed 30 Jul 2025 13:23:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214668
IP address blocks:        151.241.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 15:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:80:95:9f:a1:47:b0:b1:bf:24:a8:75:87:d9:05:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 30 13:23:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d6862d2aa759c64ee5f314a8f573444783ab10b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:31:63:b2:bd:f5:d2:17:1f:e9:17:10:e8:7e:
                    81:73:32:10:54:ee:9e:02:32:31:8c:ed:fd:62:19:
                    07:21:53:6b:cc:33:fe:63:de:57:e6:c5:9b:37:91:
                    ab:22:ce:45:40:b5:3d:64:7b:84:15:65:c6:df:28:
                    4b:be:3a:e1:be:64:82:9b:4b:cb:2c:91:cb:43:67:
                    02:80:e3:79:10:94:66:33:17:8c:4a:a4:d6:01:aa:
                    1b:f7:dd:0b:21:1e:28:db:de:74:d5:c9:6f:b0:72:
                    63:e9:7e:dc:f8:bd:84:1a:15:eb:96:24:3b:20:ca:
                    81:bc:f7:0b:fb:df:b1:7c:bc:7f:cb:f0:ae:26:02:
                    69:22:44:4e:e9:5a:b0:90:30:47:a7:cc:3d:3d:94:
                    cd:5d:98:74:07:14:b7:5d:b4:04:99:54:c7:2b:0d:
                    03:36:f7:21:7c:f4:80:38:a6:a4:8a:b5:ae:b8:30:
                    fd:2c:9a:5f:47:1a:a1:a0:5c:b4:c2:3f:86:22:28:
                    fc:51:0f:d9:96:e2:73:95:6f:c8:3d:5a:f9:8f:b8:
                    91:b4:a0:d3:48:86:b9:34:04:23:03:2f:6d:67:f5:
                    af:49:c3:e3:60:f8:f1:bf:48:e7:c2:87:4a:e4:2b:
                    70:25:1a:5c:ab:15:9d:32:76:4b:9b:d0:99:65:d4:
                    19:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:68:62:D2:AA:75:9C:64:EE:5F:31:4A:8F:57:34:44:78:3A:B1:0B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PWhi0qp1nGTuXzFKj1c0RHg6sQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:4c:06:6f:28:c3:e3:d4:2c:ca:00:71:bd:bc:1b:23:28:36:
         0e:75:76:24:2e:ad:54:c8:67:be:37:74:4b:db:3a:d2:f5:49:
         31:14:2e:8d:76:5f:0d:ed:91:37:e4:3e:2c:22:b4:88:3b:b2:
         e9:c9:ea:e2:dd:c6:83:d1:4d:77:18:a6:a8:24:f6:77:c2:14:
         d1:d4:74:b3:b2:c2:50:70:46:77:02:f9:b0:91:fe:c0:43:7a:
         46:b3:07:e6:e6:e3:92:07:35:24:69:fc:45:86:db:75:dd:53:
         a9:cd:14:d3:c2:e6:88:3d:b0:68:8a:2e:14:81:ce:84:e4:36:
         85:29:a8:12:e0:06:59:4d:cd:d1:19:42:b3:9b:f2:e3:66:2f:
         de:c0:44:da:56:2b:ff:3f:b4:86:a0:7c:75:d5:27:f3:ae:12:
         23:38:9a:0e:de:f3:cd:35:d9:38:41:98:03:76:c4:0e:01:b1:
         bd:1f:19:4e:4f:f8:4b:b7:4a:51:68:75:ce:f2:ea:d4:cd:8e:
         f5:fb:0b:b8:18:90:93:8a:61:ca:8c:e9:de:8d:7d:3a:29:cc:
         52:40:4c:05:5b:83:41:18:45:62:a5:5c:c6:26:8e:21:89:4a:
         56:5b:25:35:21:63:f0:87:8b:7b:3e:7e:67:6b:ee:76:46:96:
         30:67:b7:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhbgJWfoUewsb8kqHWH2QUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzMwMTMyMzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDY4NjJkMmFhNzU5YzY0ZWU1ZjMxNGE4ZjU3MzQ0NDc4M2FiMTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jFjsr310hcf6RcQ6H6BczIQVO6e
AjIxjO39YhkHIVNrzDP+Y95X5sWbN5GrIs5FQLU9ZHuEFWXG3yhLvjrhvmSCm0vL
LJHLQ2cCgON5EJRmMxeMSqTWAaob990LIR4o29501clvsHJj6X7c+L2EGhXrliQ7
IMqBvPcL+9+xfLx/y/CuJgJpIkRO6VqwkDBHp8w9PZTNXZh0BxS3XbQEmVTHKw0D
NvchfPSAOKakirWuuDD9LJpfRxqhoFy0wj+GIij8UQ/ZluJzlW/IPVr5j7iRtKDT
SIa5NAQjAy9tZ/WvScPjYPjxv0jnwodK5CtwJRpcqxWdMnZLm9CZZdQZuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1oYtKqdZxk7l8xSo9XNER4OrELMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUFdoaTBxcDFuR1R1WHpGS2oxYzBSSGc2c1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/EQMA0G
CSqGSIb3DQEBCwUAA4IBAQBiTAZvKMPj1CzKAHG9vBsjKDYOdXYkLq1UyGe+N3RL
2zrS9UkxFC6Ndl8N7ZE35D4sIrSIO7Lpyeri3caD0U13GKaoJPZ3whTR1HSzssJQ
cEZ3Avmwkf7AQ3pGswfm5uOSBzUkafxFhtt13VOpzRTTwuaIPbBoii4Ugc6E5DaF
KagS4AZZTc3RGUKzm/LjZi/ewETaViv/P7SGoHx11SfzrhIjOJoO3vPNNdk4QZgD
dsQOAbG9HxlOT/hLt0pRaHXO8urUzY71+wu4GJCTimHKjOnejX06KcxSQEwFW4NB
GEVipVzGJo4hiUpWWyU1IWPwh4t7Pn5na+52RpYwZ7eM
-----END CERTIFICATE-----