Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/bLSude7WJUNQ5RzIntb_0d3K_vw.roa
File:                     bLSude7WJUNQ5RzIntb_0d3K_vw.roa (raw, json)
Hash identifier:          4e/3QsZpVCzFKEdO/f40eR/pw/j3IGHlRZ6VMMOMnaw=
Subject key identifier:   6C:B4:AE:75:EE:D6:25:43:50:E5:1C:C8:9E:D6:FF:D1:DD:CA:FE:FC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019734E5199B62BA233FD5C6A007583F532C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/bLSude7WJUNQ5RzIntb_0d3K_vw.roa
Signing time:             Tue 03 Jun 2025 08:25:18 +0000
ROA not before:           Tue 03 Jun 2025 08:25:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        151.242.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:06:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:34:e5:19:9b:62:ba:23:3f:d5:c6:a0:07:58:3f:53:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  3 08:25:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cb4ae75eed6254350e51cc89ed6ffd1ddcafefc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a0:61:a7:ff:5a:36:5a:1d:cf:71:dc:8d:98:
                    f5:62:f9:ba:a1:a1:75:dc:17:42:9a:6d:b1:4c:8d:
                    76:38:c5:ea:68:66:2a:8a:8c:72:30:b7:97:94:35:
                    d4:e5:7a:25:cf:ad:35:a2:c7:10:6d:b3:c2:cf:63:
                    c9:51:1d:37:e8:41:1f:8f:9e:f1:8a:58:05:ee:f9:
                    bf:5e:4a:40:04:46:dd:30:0b:60:2d:5e:2c:82:80:
                    ac:06:21:32:db:dc:0f:6e:69:cb:93:f7:43:8b:12:
                    df:00:8f:58:ad:0d:3f:05:b9:2a:f0:29:d6:d6:fc:
                    ef:e4:88:9d:b7:bf:2b:fb:8b:c9:77:4d:66:c1:2e:
                    fe:4a:2b:ac:34:e9:9a:24:aa:d5:3d:73:28:37:c0:
                    4a:d6:29:30:1a:4a:ed:73:c0:53:87:03:3d:4f:0f:
                    f1:00:e2:c1:43:83:18:64:4a:f4:5e:b8:1c:22:2d:
                    f6:84:3a:e1:3a:f5:ce:83:b5:60:cd:db:83:b2:15:
                    43:b3:28:b0:6b:6b:90:9e:b6:ab:54:9d:7f:44:93:
                    be:3c:a2:8e:2a:36:46:5c:8b:c2:58:49:96:15:fe:
                    c7:e6:78:d1:63:a2:c6:82:0d:4b:71:c2:fc:2d:1c:
                    e1:47:6e:aa:6e:5d:23:5d:67:8d:a5:a6:d1:c2:5c:
                    ca:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:B4:AE:75:EE:D6:25:43:50:E5:1C:C8:9E:D6:FF:D1:DD:CA:FE:FC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/bLSude7WJUNQ5RzIntb_0d3K_vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:39:c4:4b:0a:b5:a9:c1:4c:59:b7:47:97:05:f7:38:01:a1:
         27:cd:a6:71:0c:62:27:eb:aa:18:a5:70:5c:14:51:26:e8:4b:
         8c:d0:bc:2e:b7:5f:a5:2d:78:b6:54:ea:a2:f8:37:6e:20:63:
         ec:ac:f3:f2:d9:4f:34:ca:83:a5:cb:b6:3f:ed:6c:17:a1:0a:
         8d:4d:d2:70:fc:2e:95:17:86:66:38:7d:1a:c0:4a:81:90:59:
         7e:fe:8f:98:bf:94:f4:7c:ef:6b:f4:7f:05:67:12:32:55:d7:
         42:c7:a9:e6:df:4d:a0:e5:00:14:0f:78:34:56:87:1b:3c:db:
         7b:07:d8:85:91:e1:25:e8:6d:ac:7e:5f:5a:74:d5:21:fb:96:
         e2:93:17:f3:0e:64:8a:f2:44:e6:1c:7f:40:12:60:3a:46:ca:
         56:fd:b0:3c:41:80:87:55:62:3b:e7:30:af:09:7e:62:42:23:
         4a:08:e2:6e:16:48:99:32:88:ed:1c:ff:fa:62:7a:5a:4c:fc:
         de:11:23:be:6b:e4:f8:71:84:a8:e7:4e:09:71:5d:68:38:fd:
         f5:2c:2b:47:f4:f5:84:b2:0d:64:16:1e:0a:bf:57:f7:68:3d:
         71:97:17:b6:11:48:b7:74:8f:d8:64:26:5c:c0:62:ef:54:d0:
         c8:31:18:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc05RmbYrojP9XGoAdYP1MsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjAzMDgyNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2I0YWU3NWVlZDYyNTQzNTBlNTFjYzg5ZWQ2ZmZkMWRkY2FmZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaBhp/9aNlodz3HcjZj1Yvm6oaF1
3BdCmm2xTI12OMXqaGYqioxyMLeXlDXU5Xolz601oscQbbPCz2PJUR036EEfj57x
ilgF7vm/XkpABEbdMAtgLV4sgoCsBiEy29wPbmnLk/dDixLfAI9YrQ0/Bbkq8CnW
1vzv5Iidt78r+4vJd01mwS7+SiusNOmaJKrVPXMoN8BK1ikwGkrtc8BThwM9Tw/x
AOLBQ4MYZEr0XrgcIi32hDrhOvXOg7VgzduDshVDsyiwa2uQnrarVJ1/RJO+PKKO
KjZGXIvCWEmWFf7H5njRY6LGgg1LccL8LRzhR26qbl0jXWeNpabRwlzKyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGy0rnXu1iVDUOUcyJ7W/9Hdyv78MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYkxTdWRlN1dKVU5RNVJ6SW50Yl8wZDNLX3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JaMA0G
CSqGSIb3DQEBCwUAA4IBAQAXOcRLCrWpwUxZt0eXBfc4AaEnzaZxDGIn66oYpXBc
FFEm6EuM0Lwut1+lLXi2VOqi+DduIGPsrPPy2U80yoOly7Y/7WwXoQqNTdJw/C6V
F4ZmOH0awEqBkFl+/o+Yv5T0fO9r9H8FZxIyVddCx6nm302g5QAUD3g0VocbPNt7
B9iFkeEl6G2sfl9adNUh+5bikxfzDmSK8kTmHH9AEmA6RspW/bA8QYCHVWI75zCv
CX5iQiNKCOJuFkiZMojtHP/6YnpaTPzeESO+a+T4cYSo504JcV1oOP31LCtH9PWE
sg1kFh4Kv1f3aD1xlxe2EUi3dI/YZCZcwGLvVNDIMRjo
-----END CERTIFICATE-----