Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fBGGNDjtA5pbACe5IeSweFTFTfY.roa
File:                     fBGGNDjtA5pbACe5IeSweFTFTfY.roa (raw, json)
Hash identifier:          x7FJAItPIVJUgO+zjisK+pOD88TW3mhvvlelHk6eKJE=
Subject key identifier:   7C:11:86:34:38:ED:03:9A:5B:00:27:B9:21:E4:B0:78:54:C5:4D:F6
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01964CA26B18DDF6206AF02CC891D472D594
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fBGGNDjtA5pbACe5IeSweFTFTfY.roa
Signing time:             Sat 19 Apr 2025 06:00:34 +0000
ROA not before:           Sat 19 Apr 2025 06:00:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210320
IP address blocks:        151.241.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4c:a2:6b:18:dd:f6:20:6a:f0:2c:c8:91:d4:72:d5:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 19 06:00:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c11863438ed039a5b0027b921e4b07854c54df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fd:06:01:23:73:31:dc:88:3a:40:a9:bc:8f:
                    f1:5c:ac:c6:59:e0:cb:0a:ae:c2:6e:b8:d9:9a:5f:
                    c9:52:d7:08:b1:08:82:8b:26:78:81:f6:ea:18:e2:
                    11:59:8e:08:c2:2d:3a:98:b3:f0:68:81:cb:60:32:
                    a7:6d:1b:96:74:2a:d2:5d:1a:14:02:f2:bd:60:0e:
                    ac:c5:da:ee:e8:df:33:61:b1:60:95:be:e9:98:22:
                    a0:f5:51:32:13:82:ff:25:2c:2b:e9:54:cd:0a:13:
                    49:27:c9:68:4b:de:f9:de:85:26:84:58:80:32:0b:
                    83:d1:2e:fd:77:49:07:50:20:8a:b5:68:8c:b4:fe:
                    09:37:f8:53:23:54:09:42:b0:34:f0:2b:fa:ab:2c:
                    f1:a3:3a:80:05:51:8a:65:7a:97:ac:15:0b:05:a9:
                    8d:38:27:7d:5e:33:81:72:f6:e3:27:f0:87:eb:d2:
                    25:26:e9:39:4a:8c:50:23:4b:cf:fd:2c:c0:ad:88:
                    e3:d6:c7:21:86:4a:44:3e:55:31:a7:67:e7:fe:20:
                    27:4e:c8:b0:60:f7:e2:5b:38:7e:b4:2c:02:8c:16:
                    7c:4c:00:0d:1b:48:a0:24:c2:63:db:c2:6a:06:8f:
                    00:91:b9:57:d0:57:c1:eb:ab:b0:c5:21:19:50:e0:
                    ea:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:11:86:34:38:ED:03:9A:5B:00:27:B9:21:E4:B0:78:54:C5:4D:F6
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fBGGNDjtA5pbACe5IeSweFTFTfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:b1:f7:d3:b7:67:71:48:a2:bc:bb:c4:18:49:80:35:17:6e:
         f4:a8:4e:c5:30:5a:38:47:8b:db:7b:5f:b9:b1:2b:c5:1b:80:
         8d:b8:b7:d0:7c:b9:97:20:2f:c5:5b:d4:d0:b9:71:ea:8a:90:
         cb:2f:31:9d:49:9e:05:5a:c6:ad:e8:c8:bd:d9:25:a4:ce:e7:
         5f:8c:47:08:5a:56:49:c9:fe:32:76:bd:1b:30:14:42:dd:46:
         69:46:83:df:34:c9:bc:ef:b2:01:8a:13:15:f8:3f:b7:b7:40:
         bc:7e:ac:85:20:58:dc:81:72:49:ca:c8:0a:b8:06:40:56:50:
         95:bb:c3:e1:51:69:7b:c1:b2:ab:a3:4e:a3:9f:29:33:73:ea:
         8f:60:61:ce:7f:ee:4d:ef:8b:39:9e:41:1b:01:21:92:27:07:
         5d:3f:88:f7:53:b5:2c:57:6e:1b:40:1c:38:ad:ce:b9:d4:c6:
         10:88:3c:41:66:3a:0b:b1:20:e0:a4:95:ff:0a:f7:e4:9a:32:
         74:2f:18:74:90:3e:16:5f:24:e5:3b:c7:26:f6:ed:8f:55:b8:
         33:7c:dc:48:bb:e1:3c:02:c2:6c:02:83:3c:ad:69:14:df:12:
         99:50:2f:35:a6:41:3f:88:56:1c:37:79:28:a9:ee:3f:d7:1c:
         b1:68:b6:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZMomsY3fYgavAsyJHUctWUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDE5MDYwMDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzExODYzNDM4ZWQwMzlhNWIwMDI3YjkyMWU0YjA3ODU0YzU0ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf0GASNzMdyIOkCpvI/xXKzGWeDL
Cq7CbrjZml/JUtcIsQiCiyZ4gfbqGOIRWY4Iwi06mLPwaIHLYDKnbRuWdCrSXRoU
AvK9YA6sxdru6N8zYbFglb7pmCKg9VEyE4L/JSwr6VTNChNJJ8loS9753oUmhFiA
MguD0S79d0kHUCCKtWiMtP4JN/hTI1QJQrA08Cv6qyzxozqABVGKZXqXrBULBamN
OCd9XjOBcvbjJ/CH69IlJuk5SoxQI0vP/SzArYjj1schhkpEPlUxp2fn/iAnTsiw
YPfiWzh+tCwCjBZ8TAANG0igJMJj28JqBo8AkblX0FfB66uwxSEZUODqbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwRhjQ47QOaWwAnuSHksHhUxU32MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZkJHR05EanRBNXBiQUNlNUllU3dlRlRGVGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/EKMA0G
CSqGSIb3DQEBCwUAA4IBAQAesffTt2dxSKK8u8QYSYA1F270qE7FMFo4R4vbe1+5
sSvFG4CNuLfQfLmXIC/FW9TQuXHqipDLLzGdSZ4FWsat6Mi92SWkzudfjEcIWlZJ
yf4ydr0bMBRC3UZpRoPfNMm877IBihMV+D+3t0C8fqyFIFjcgXJJysgKuAZAVlCV
u8PhUWl7wbKro06jnykzc+qPYGHOf+5N74s5nkEbASGSJwddP4j3U7UsV24bQBw4
rc651MYQiDxBZjoLsSDgpJX/CvfkmjJ0Lxh0kD4WXyTlO8cm9u2PVbgzfNxIu+E8
AsJsAoM8rWkU3xKZUC81pkE/iFYcN3koqe4/1xyxaLaH
-----END CERTIFICATE-----