Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Vn7sjAv0sduH2BTnDfNj2P58SEM.roa
File:                     Vn7sjAv0sduH2BTnDfNj2P58SEM.roa (raw, json)
Hash identifier:          AVc7K0DYbBr/91mP5IsSMefomXlmfwjVb7l33mouKTo=
Subject key identifier:   56:7E:EC:8C:0B:F4:B1:DB:87:D8:14:E7:0D:F3:63:D8:FE:7C:48:43
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01965D6437322952B872EE60E13BB17FFA36
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Vn7sjAv0sduH2BTnDfNj2P58SEM.roa
Signing time:             Tue 22 Apr 2025 12:06:10 +0000
ROA not before:           Tue 22 Apr 2025 12:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56655
IP address blocks:        151.242.168.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5d:64:37:32:29:52:b8:72:ee:60:e1:3b:b1:7f:fa:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 22 12:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=567eec8c0bf4b1db87d814e70df363d8fe7c4843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b2:67:25:46:da:ff:4d:72:0e:6d:29:39:97:
                    bd:69:7d:aa:83:58:d1:bf:37:c9:ca:2a:75:3f:24:
                    72:07:5e:30:79:1d:1e:28:34:d5:89:85:c6:fe:4b:
                    2e:7e:1b:46:d9:66:f4:79:a1:2b:e5:89:e2:d1:c5:
                    63:fb:e2:b7:20:df:90:90:85:7b:0e:2f:cf:01:94:
                    e9:4c:aa:e4:c8:e8:b4:8b:17:9c:e5:b9:bf:ec:08:
                    b9:1d:3e:cc:63:0b:6b:54:e7:6e:f1:96:af:60:76:
                    24:58:20:4a:e8:22:a9:8a:ed:19:b4:2a:d7:a3:38:
                    da:2c:69:e5:15:fc:f4:3f:41:27:2c:bc:f3:98:ec:
                    9a:d6:43:84:5e:dc:7c:0a:ed:17:5c:cd:cd:db:3d:
                    ce:48:6c:97:47:b8:80:d9:8e:d8:5d:bb:ac:6b:6c:
                    d1:ba:0b:00:20:14:93:ce:0e:e2:d8:19:25:42:ed:
                    01:0a:20:b2:df:d2:e6:8f:55:35:96:0a:7a:15:46:
                    a7:f2:2a:05:24:fb:19:1c:94:45:f7:50:39:c5:72:
                    a7:b4:3e:ca:59:0f:0e:dc:71:87:f0:12:65:0c:3d:
                    c1:1c:34:11:ec:3e:c0:00:a9:b6:ea:c1:ff:39:c9:
                    ee:4c:23:10:8d:16:05:95:db:83:7f:10:1f:43:a4:
                    a6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7E:EC:8C:0B:F4:B1:DB:87:D8:14:E7:0D:F3:63:D8:FE:7C:48:43
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Vn7sjAv0sduH2BTnDfNj2P58SEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:d1:49:af:b1:3a:14:d8:ba:45:99:6e:32:9c:6f:fb:7c:00:
         6d:95:c1:a6:de:f1:a3:52:f0:ad:58:1e:db:25:9b:b8:cf:5c:
         ee:1b:e3:9c:d0:5d:fd:05:b6:a9:d1:0f:4f:3f:34:32:40:73:
         e3:ed:47:84:41:30:5e:36:7c:c4:bb:44:b8:b1:a1:d2:a8:4b:
         72:b6:a3:0c:4e:e9:d5:fe:3b:53:9b:74:c8:6b:0b:6a:76:cf:
         82:26:e1:28:63:31:f8:62:2c:80:01:98:b3:5f:05:e8:03:40:
         00:79:80:28:f6:25:2f:65:11:f0:94:1e:c6:43:b8:9e:6d:b3:
         d7:3c:ca:1b:af:c6:6e:e7:4d:0b:fb:07:01:60:63:bb:0f:28:
         8d:87:58:26:7a:f7:e9:16:12:e2:e5:11:18:03:ad:a9:71:0c:
         05:31:08:be:31:36:62:c2:21:da:3d:e5:e4:67:dc:41:33:47:
         fe:23:63:8c:ea:bd:0a:6f:15:be:fa:6a:bd:42:ba:90:01:c4:
         f7:26:29:fb:74:0d:06:62:a9:f4:c1:df:20:5b:6c:82:0f:fc:
         67:0f:68:eb:97:aa:09:1f:e7:a7:71:c6:3f:a2:a1:f6:47:57:
         c5:25:99:a7:86:b9:91:46:87:f7:89:24:7f:37:45:cd:41:1c:
         ec:5b:2b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZdZDcyKVK4cu5g4Tuxf/o2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDIyMTIwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjdlZWM4YzBiZjRiMWRiODdkODE0ZTcwZGYzNjNkOGZlN2M0ODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbJnJUba/01yDm0pOZe9aX2qg1jR
vzfJyip1PyRyB14weR0eKDTViYXG/ksufhtG2Wb0eaEr5Yni0cVj++K3IN+QkIV7
Di/PAZTpTKrkyOi0ixec5bm/7Ai5HT7MYwtrVOdu8ZavYHYkWCBK6CKpiu0ZtCrX
ozjaLGnlFfz0P0EnLLzzmOya1kOEXtx8Cu0XXM3N2z3OSGyXR7iA2Y7YXbusa2zR
ugsAIBSTzg7i2BklQu0BCiCy39Lmj1U1lgp6FUan8ioFJPsZHJRF91A5xXKntD7K
WQ8O3HGH8BJlDD3BHDQR7D7AAKm26sH/OcnuTCMQjRYFlduDfxAfQ6Sm+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZ+7IwL9LHbh9gU5w3zY9j+fEhDMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVm43c2pBdjBzZHVIMkJUbkRmTmoyUDU4U0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/KoMA0G
CSqGSIb3DQEBCwUAA4IBAQAf0UmvsToU2LpFmW4ynG/7fABtlcGm3vGjUvCtWB7b
JZu4z1zuG+Oc0F39Bbap0Q9PPzQyQHPj7UeEQTBeNnzEu0S4saHSqEtytqMMTunV
/jtTm3TIawtqds+CJuEoYzH4YiyAAZizXwXoA0AAeYAo9iUvZRHwlB7GQ7iebbPX
PMobr8Zu500L+wcBYGO7DyiNh1gmevfpFhLi5REYA62pcQwFMQi+MTZiwiHaPeXk
Z9xBM0f+I2OM6r0KbxW++mq9QrqQAcT3Jin7dA0GYqn0wd8gW2yCD/xnD2jrl6oJ
H+enccY/oqH2R1fFJZmnhrmRRof3iSR/N0XNQRzsWysp
-----END CERTIFICATE-----