Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RniNQQwCFvYr0_Md_zZnAW4JR0Q.roa
File:                     RniNQQwCFvYr0_Md_zZnAW4JR0Q.roa (raw, json)
Hash identifier:          /MJAYIgYV4wP2sMg6sMJ6Ea/a1gW5Cik6xorEZMuJw8=
Subject key identifier:   46:78:8D:41:0C:02:16:F6:2B:D3:F3:1D:FF:36:67:01:6E:09:47:44
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198664E642BE3BED0C54F52FC0DAB79081C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RniNQQwCFvYr0_Md_zZnAW4JR0Q.roa
Signing time:             Fri 01 Aug 2025 15:44:30 +0000
ROA not before:           Fri 01 Aug 2025 15:44:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400202
IP address blocks:        151.244.119.0/24 maxlen: 24
                          151.244.120.0/24 maxlen: 24
                          151.244.121.0/24 maxlen: 24
                          151.244.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 00:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:66:4e:64:2b:e3:be:d0:c5:4f:52:fc:0d:ab:79:08:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  1 15:44:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46788d410c0216f62bd3f31dff3667016e094744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:70:0c:b7:51:54:ad:45:bc:64:d5:38:85:81:
                    2f:09:92:fe:2e:37:80:01:be:fc:6a:30:f2:66:a5:
                    2a:a1:25:9f:9f:a7:7d:c2:ab:17:b1:6f:89:a1:4e:
                    fd:e6:5e:9d:44:d9:2d:22:88:08:f8:8e:4a:7c:3c:
                    86:2c:0f:3b:7c:fe:fd:6b:3b:75:a2:17:73:a7:41:
                    e9:da:cf:4f:b8:fd:bb:d2:94:e7:25:f2:ab:52:95:
                    e3:97:0d:0c:87:bd:28:14:36:e6:cb:f8:0b:4b:aa:
                    f4:12:32:fc:87:f9:61:35:c9:f1:45:10:6e:18:03:
                    8f:98:b6:36:cf:4e:87:55:3c:b8:bb:43:b0:6e:b1:
                    d2:f7:0e:5e:ec:58:8f:54:f9:fc:67:05:7d:47:6b:
                    e1:60:3d:a8:1b:b3:3a:b1:4d:27:8b:94:d2:26:dc:
                    d0:18:f3:c5:b3:ac:d2:76:ab:3f:ce:45:c1:aa:c0:
                    28:0d:b6:78:0a:06:b3:5b:44:8d:71:69:1b:68:bf:
                    ff:af:68:76:3e:65:08:52:27:e3:70:10:c7:fe:ed:
                    ce:45:1c:17:80:af:58:8e:d8:f1:b1:f8:ca:ee:e1:
                    09:27:12:f4:30:f9:02:f5:85:ef:fc:47:73:7c:24:
                    12:72:9b:dd:e9:c2:5d:d4:eb:7b:cf:92:e8:72:ee:
                    a5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:78:8D:41:0C:02:16:F6:2B:D3:F3:1D:FF:36:67:01:6E:09:47:44
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RniNQQwCFvYr0_Md_zZnAW4JR0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.119.0-151.244.122.255

    Signature Algorithm: sha256WithRSAEncryption
         4f:4a:15:e0:9b:60:5f:c7:ee:f1:90:14:68:dc:1f:6b:de:19:
         60:51:44:75:54:17:57:94:3e:0f:b4:78:e3:b9:d2:66:ae:60:
         b4:a9:40:d0:5f:f7:d5:cc:ae:bf:21:cb:38:5d:ea:09:af:2e:
         57:9a:93:58:11:18:72:8d:9c:ac:4b:0d:90:a9:63:0b:52:64:
         f6:1a:be:37:ca:70:b4:e4:43:04:d9:28:97:09:90:23:37:08:
         79:be:18:0a:54:88:4f:27:3c:33:51:2a:5a:b7:68:e8:35:93:
         67:0a:fb:24:36:c2:4c:b2:c5:b4:9e:d2:04:a3:54:dc:ae:7c:
         2a:aa:f9:58:01:f5:2c:46:3e:15:72:fc:a6:1a:e1:05:e5:35:
         69:49:0c:1d:7a:b4:38:32:fd:8e:3c:0f:43:85:9b:2b:22:e1:
         36:8c:2e:77:ff:53:64:fa:ab:6f:5d:4c:5e:d6:34:53:15:ae:
         97:16:7b:49:81:6b:2e:6d:ef:8e:17:03:ce:bd:0b:74:40:5a:
         85:60:7d:76:33:4a:b6:f3:87:60:cd:9c:94:fd:92:5f:e4:6e:
         8c:4e:38:ba:bd:13:b0:8e:66:ba:52:97:cd:c2:1c:70:e0:c0:
         0b:b7:38:75:81:eb:8b:59:56:3f:a0:92:92:00:35:eb:f7:54:
         48:0b:49:a6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZhmTmQr477QxU9S/A2reQgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODAxMTU0NDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njc4OGQ0MTBjMDIxNmY2MmJkM2YzMWRmZjM2NjcwMTZlMDk0NzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7nAMt1FUrUW8ZNU4hYEvCZL+LjeA
Ab78ajDyZqUqoSWfn6d9wqsXsW+JoU795l6dRNktIogI+I5KfDyGLA87fP79azt1
ohdzp0Hp2s9PuP270pTnJfKrUpXjlw0Mh70oFDbmy/gLS6r0EjL8h/lhNcnxRRBu
GAOPmLY2z06HVTy4u0OwbrHS9w5e7FiPVPn8ZwV9R2vhYD2oG7M6sU0ni5TSJtzQ
GPPFs6zSdqs/zkXBqsAoDbZ4CgazW0SNcWkbaL//r2h2PmUIUifjcBDH/u3ORRwX
gK9YjtjxsfjK7uEJJxL0MPkC9YXv/EdzfCQScpvd6cJd1Ot7z5Locu6l/QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEZ4jUEMAhb2K9PzHf82ZwFuCUdEMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUm5pTlFRd0NGdllyMF9NZF96Wm5BVzRKUjBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACX9HcD
BACX9HowDQYJKoZIhvcNAQELBQADggEBAE9KFeCbYF/H7vGQFGjcH2veGWBRRHVU
F1eUPg+0eOO50mauYLSpQNBf99XMrr8hyzhd6gmvLleak1gRGHKNnKxLDZCpYwtS
ZPYavjfKcLTkQwTZKJcJkCM3CHm+GApUiE8nPDNRKlq3aOg1k2cK+yQ2wkyyxbSe
0gSjVNyufCqq+VgB9SxGPhVy/KYa4QXlNWlJDB16tDgy/Y48D0OFmysi4TaMLnf/
U2T6q29dTF7WNFMVrpcWe0mBay5t744XA869C3RAWoVgfXYzSrbzh2DNnJT9kl/k
boxOOLq9E7COZrpSl83CHHDgwAu3OHWB64tZVj+gkpIANev3VEgLSaY=
-----END CERTIFICATE-----