Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RHIfXO4iSE2vE3WIs_Vjnksg1QU.roa
File:                     RHIfXO4iSE2vE3WIs_Vjnksg1QU.roa (raw, json)
Hash identifier:          UBUAsQ7TynA/GpAwCVnSf/ZiEFBGckAsyS9qUZ0MJvw=
Subject key identifier:   44:72:1F:5C:EE:22:48:4D:AF:13:75:88:B3:F5:63:9E:4B:20:D5:05
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01975D691875FC6965535C8ADE1DBDFDFEB5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RHIfXO4iSE2vE3WIs_Vjnksg1QU.roa
Signing time:             Wed 11 Jun 2025 05:14:18 +0000
ROA not before:           Wed 11 Jun 2025 05:14:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        151.243.21.0/24 maxlen: 24
                          151.245.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 13:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5d:69:18:75:fc:69:65:53:5c:8a:de:1d:bd:fd:fe:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 11 05:14:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44721f5cee22484daf137588b3f5639e4b20d505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b4:86:b9:c2:4a:c8:4d:b0:fe:8c:86:63:1d:
                    4e:54:9a:dc:ed:a2:b0:19:87:57:89:30:19:08:d0:
                    e6:e7:bb:fc:61:12:29:33:bf:e8:f0:a9:12:c7:24:
                    54:06:2a:fb:54:81:89:46:ae:24:49:9a:ff:a5:b6:
                    42:d7:64:67:74:dd:bc:4c:0f:0c:31:f7:08:41:48:
                    5e:3f:8a:63:18:49:15:40:42:23:25:30:ad:5f:5e:
                    c8:9b:ef:f3:64:ca:59:41:2f:97:85:33:0d:34:d2:
                    e7:d5:11:2e:f2:90:d9:78:af:cb:5e:41:d7:3a:2f:
                    a2:c8:d1:d1:e5:0d:63:86:95:f2:3c:a1:31:20:a7:
                    8d:46:33:12:77:36:f4:0f:8a:b5:7a:f0:89:df:7f:
                    d5:b5:37:1a:7d:f9:16:fe:d7:cf:c9:21:43:d8:39:
                    1f:8f:ea:25:db:c1:79:de:84:de:22:60:6c:b7:f1:
                    3d:bf:ef:f9:4d:41:c8:ff:ea:c8:77:2f:3e:2a:76:
                    87:39:ed:a6:72:7a:cb:e3:8d:27:1a:a2:fd:b3:27:
                    54:05:b3:cb:fd:eb:c9:7b:f6:ad:70:8a:77:c9:1f:
                    ba:e4:1b:9c:ed:c6:2f:b0:a0:87:a8:f9:d1:89:fe:
                    74:6e:25:07:33:11:8f:3c:e4:8d:39:0b:f1:89:f8:
                    13:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:72:1F:5C:EE:22:48:4D:AF:13:75:88:B3:F5:63:9E:4B:20:D5:05
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RHIfXO4iSE2vE3WIs_Vjnksg1QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.21.0/24
                  151.245.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0e:08:a6:71:cb:aa:b2:89:0c:19:b0:78:b3:db:e3:49:c9:30:
         b4:0c:f0:95:41:8d:9a:89:ab:22:ef:72:cc:af:55:1f:8b:fa:
         a3:1a:04:a1:fd:13:44:c2:0a:f0:60:42:87:66:04:1f:d7:50:
         15:80:71:cf:1d:1c:b7:fd:f9:91:32:1c:a1:94:c8:cb:af:96:
         02:c0:21:9c:9a:72:e4:e8:2d:69:4c:4d:2c:05:66:29:49:78:
         90:9c:b1:b3:07:db:8e:6e:0f:4d:72:02:b2:63:28:e1:70:76:
         7a:df:1a:63:5c:f8:6c:3d:49:3b:2e:e9:e9:35:df:da:91:ac:
         43:1a:38:72:78:34:c5:77:cf:4e:e4:eb:27:b3:dd:9f:48:90:
         16:05:5e:98:b6:b4:26:7d:69:72:de:4d:5a:bc:5d:3f:cf:9f:
         60:9e:5e:93:84:97:7f:08:73:96:bf:e2:8c:1b:1f:4f:23:fe:
         9e:a9:00:e8:66:6e:26:dc:5e:62:2d:80:84:52:8d:16:13:21:
         8d:07:51:46:c5:a3:fe:00:48:b8:cd:f6:02:d8:b5:e4:f7:d7:
         29:4b:f3:91:41:8d:4b:b2:8b:0e:53:68:18:8e:c4:ea:75:f1:
         6a:29:4b:76:f1:4d:03:5e:5f:22:a7:29:97:7f:b2:9d:aa:69:
         cb:8c:1b:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZddaRh1/GllU1yK3h29/f61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjExMDUxNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDcyMWY1Y2VlMjI0ODRkYWYxMzc1ODhiM2Y1NjM5ZTRiMjBkNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7SGucJKyE2w/oyGYx1OVJrc7aKw
GYdXiTAZCNDm57v8YRIpM7/o8KkSxyRUBir7VIGJRq4kSZr/pbZC12RndN28TA8M
MfcIQUheP4pjGEkVQEIjJTCtX17Im+/zZMpZQS+XhTMNNNLn1REu8pDZeK/LXkHX
Oi+iyNHR5Q1jhpXyPKExIKeNRjMSdzb0D4q1evCJ33/VtTcaffkW/tfPySFD2Dkf
j+ol28F53oTeImBst/E9v+/5TUHI/+rIdy8+KnaHOe2mcnrL440nGqL9sydUBbPL
/evJe/atcIp3yR+65Buc7cYvsKCHqPnRif50biUHMxGPPOSNOQvxifgTUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFERyH1zuIkhNrxN1iLP1Y55LINUFMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUkhJZlhPNGlTRTJ2RTNXSXNfVmpua3NnMVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/MVAwQD
l/UIMA0GCSqGSIb3DQEBCwUAA4IBAQAOCKZxy6qyiQwZsHiz2+NJyTC0DPCVQY2a
iasi73LMr1Ufi/qjGgSh/RNEwgrwYEKHZgQf11AVgHHPHRy3/fmRMhyhlMjLr5YC
wCGcmnLk6C1pTE0sBWYpSXiQnLGzB9uObg9NcgKyYyjhcHZ63xpjXPhsPUk7Lunp
Nd/akaxDGjhyeDTFd89O5Osns92fSJAWBV6YtrQmfWly3k1avF0/z59gnl6ThJd/
CHOWv+KMGx9PI/6eqQDoZm4m3F5iLYCEUo0WEyGNB1FGxaP+AEi4zfYC2LXk99cp
S/ORQY1LsosOU2gYjsTqdfFqKUt28U0DXl8ipymXf7KdqmnLjBs8
-----END CERTIFICATE-----