Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XtMzMRCU1nEn-KN2rfa7voLU-Fw.roa
File:                     XtMzMRCU1nEn-KN2rfa7voLU-Fw.roa (raw, json)
Hash identifier:          yxQfvP25Py511YsOJj19Jguux92QVc6Ml2Mu9WWjKlg=
Subject key identifier:   5E:D3:33:31:10:94:D6:71:27:F8:A3:76:AD:F6:BB:BE:82:D4:F8:5C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019768BBDC441ABEB391E9C905DD857A8002
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XtMzMRCU1nEn-KN2rfa7voLU-Fw.roa
Signing time:             Fri 13 Jun 2025 10:00:31 +0000
ROA not before:           Fri 13 Jun 2025 10:00:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        151.242.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 22:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:68:bb:dc:44:1a:be:b3:91:e9:c9:05:dd:85:7a:80:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 13 10:00:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ed333311094d67127f8a376adf6bbbe82d4f85c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:24:85:ba:4f:14:55:91:a6:a3:ef:ae:0b:45:
                    0f:1c:3f:ed:9f:18:44:d2:da:e9:00:8c:6f:54:59:
                    6b:96:cb:4c:4c:75:c6:18:29:ab:8f:5e:ed:5d:8a:
                    68:46:77:5b:06:26:b9:e0:35:83:f7:f8:29:ba:54:
                    2d:b0:c0:16:6c:9b:88:f8:51:d3:1e:65:cc:aa:5e:
                    85:14:49:b5:47:36:0e:8b:ee:1f:60:69:87:8f:a3:
                    e3:56:df:b8:92:3e:83:bd:70:c9:4a:b4:d4:1a:f7:
                    6f:d4:08:aa:24:68:e2:c7:53:d4:49:43:91:a4:00:
                    6a:74:dc:83:fe:f2:de:de:82:81:10:ac:fb:3e:05:
                    51:9e:da:0a:23:a9:46:f1:2a:fd:58:87:80:02:14:
                    1c:45:dd:73:05:29:21:15:1c:40:12:06:13:50:ac:
                    69:5c:18:11:75:5f:44:cb:d4:f1:ba:1f:37:f2:5c:
                    7f:46:c8:0e:2a:89:1c:30:5f:89:ab:df:6f:6a:5e:
                    62:2e:7c:98:28:d9:4a:fb:a9:c1:11:ea:6d:16:c5:
                    60:09:f5:f7:2e:aa:d9:14:31:7b:f9:d9:c6:eb:7c:
                    fb:21:1e:59:2e:bd:cf:7b:24:59:cb:10:52:a9:18:
                    24:c4:85:f7:66:ef:32:8a:b1:5a:af:0c:37:44:47:
                    a6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D3:33:31:10:94:D6:71:27:F8:A3:76:AD:F6:BB:BE:82:D4:F8:5C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XtMzMRCU1nEn-KN2rfa7voLU-Fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:2c:a9:9b:4e:35:4c:aa:7b:85:a3:bd:75:8c:d6:90:3b:94:
         12:34:89:df:5e:73:ab:f6:ba:5a:65:82:30:ae:27:8f:89:09:
         a6:51:90:f9:3b:77:73:57:d8:e5:1b:83:18:4b:4b:5d:a2:df:
         7b:07:2a:10:28:71:e9:c5:5c:5c:d2:41:c3:21:ed:f3:01:1b:
         53:56:02:c5:13:ed:8b:a2:28:db:92:51:e4:cb:e1:08:a2:b5:
         e4:ba:06:3b:5d:c6:a2:46:87:ff:c3:fd:9b:cb:99:3d:d2:3b:
         50:95:a7:83:da:31:a7:d8:e2:52:bf:c0:48:2c:dd:de:42:df:
         76:83:69:89:22:fb:62:66:69:a8:0c:30:53:d0:d4:29:0e:8f:
         2e:0b:b9:b4:33:a0:71:cb:28:b7:90:29:bd:a7:50:74:12:11:
         30:34:f9:6c:40:f5:a0:b4:57:cb:e1:53:f8:66:dd:ec:26:31:
         37:a9:bf:3f:71:47:65:10:8c:d1:bb:6f:fb:f6:89:29:06:27:
         b0:4b:02:3d:c1:12:82:e9:25:b0:ac:9a:da:a4:d7:41:88:bb:
         4a:a8:85:da:af:a7:f6:92:5f:18:d3:35:f1:a8:46:8b:7b:ab:
         7f:d6:9d:f6:24:4a:41:62:7e:dd:fd:eb:f2:b2:d7:21:35:99:
         42:c9:d4:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdou9xEGr6zkenJBd2FeoACMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjEzMTAwMDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQzMzMzMTEwOTRkNjcxMjdmOGEzNzZhZGY2YmJiZTgyZDRmODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CSFuk8UVZGmo++uC0UPHD/tnxhE
0trpAIxvVFlrlstMTHXGGCmrj17tXYpoRndbBia54DWD9/gpulQtsMAWbJuI+FHT
HmXMql6FFEm1RzYOi+4fYGmHj6PjVt+4kj6DvXDJSrTUGvdv1AiqJGjix1PUSUOR
pABqdNyD/vLe3oKBEKz7PgVRntoKI6lG8Sr9WIeAAhQcRd1zBSkhFRxAEgYTUKxp
XBgRdV9Ey9Txuh838lx/RsgOKokcMF+Jq99val5iLnyYKNlK+6nBEeptFsVgCfX3
LqrZFDF7+dnG63z7IR5ZLr3PeyRZyxBSqRgkxIX3Zu8yirFarww3REemHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7TMzEQlNZxJ/ijdq32u76C1PhcMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWHRNek1SQ1UxbkVuLUtOMnJmYTd2b0xVLUZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IOMA0G
CSqGSIb3DQEBCwUAA4IBAQCiLKmbTjVMqnuFo711jNaQO5QSNInfXnOr9rpaZYIw
riePiQmmUZD5O3dzV9jlG4MYS0tdot97ByoQKHHpxVxc0kHDIe3zARtTVgLFE+2L
oijbklHky+EIorXkugY7XcaiRof/w/2by5k90jtQlaeD2jGn2OJSv8BILN3eQt92
g2mJIvtiZmmoDDBT0NQpDo8uC7m0M6Bxyyi3kCm9p1B0EhEwNPlsQPWgtFfL4VP4
Zt3sJjE3qb8/cUdlEIzRu2/79okpBiewSwI9wRKC6SWwrJrapNdBiLtKqIXar6f2
kl8Y0zXxqEaLe6t/1p32JEpBYn7d/evystchNZlCydQJ
-----END CERTIFICATE-----