Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/iZ4w2ZvxP36gsScOS5gLChcKleU.roa
File:                     iZ4w2ZvxP36gsScOS5gLChcKleU.roa (raw, json)
Hash identifier:          rnYYY0BBO9utN5kGQFu1H17f4APqePRkUXt0t5Txg5Y=
Subject key identifier:   89:9E:30:D9:9B:F1:3F:7E:A0:B1:27:0E:4B:98:0B:0A:17:0A:95:E5
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196D58888545C891AA3F35476A193DF1DB4
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/iZ4w2ZvxP36gsScOS5gLChcKleU.roa
Signing time:             Thu 15 May 2025 20:00:16 +0000
ROA not before:           Thu 15 May 2025 20:00:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41720
IP address blocks:        151.242.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d5:88:88:54:5c:89:1a:a3:f3:54:76:a1:93:df:1d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 15 20:00:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=899e30d99bf13f7ea0b1270e4b980b0a170a95e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:43:3b:87:b4:26:c2:17:00:10:83:9a:b8:93:
                    a8:ac:94:c5:06:d3:69:06:dd:91:77:50:eb:56:11:
                    c8:16:66:d7:58:33:2a:9c:e0:70:f6:a4:47:5b:8c:
                    34:ce:96:94:bf:67:99:f9:27:88:a0:98:31:ac:43:
                    69:27:dd:55:94:1f:49:9d:cc:23:98:a2:00:31:f1:
                    36:2b:27:e7:f3:23:9c:60:6b:13:47:cf:db:7f:5c:
                    dd:b9:a6:fc:a5:67:e5:88:12:4f:b2:dc:b4:d6:57:
                    f6:51:08:8a:ad:ed:44:01:01:3e:5e:31:ef:84:72:
                    ee:90:db:a6:ec:b3:ee:4b:0e:8b:56:d4:7d:6c:57:
                    94:9c:91:a4:82:4a:ca:70:6f:cc:2d:79:76:80:63:
                    b5:5c:08:c0:3a:6c:68:77:05:49:bc:8b:14:80:26:
                    1f:51:71:fb:8c:be:e7:11:5f:da:ad:32:40:dc:2e:
                    e6:58:52:24:fd:41:91:49:b1:85:a3:aa:b7:3e:1f:
                    9f:d3:1a:01:1c:7f:29:78:f0:38:f4:78:b5:a1:a2:
                    03:d4:56:9b:69:0b:30:d1:bc:7a:51:7c:14:89:b2:
                    e2:e2:a2:3d:29:a0:eb:3b:53:5b:9b:5b:90:c1:6c:
                    10:ac:a4:92:97:31:5e:d7:4a:bf:7d:1f:58:1c:a3:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:9E:30:D9:9B:F1:3F:7E:A0:B1:27:0E:4B:98:0B:0A:17:0A:95:E5
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/iZ4w2ZvxP36gsScOS5gLChcKleU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ad:fb:3f:35:43:cd:93:b0:82:88:00:6a:a5:e2:93:95:5b:
         3b:a6:8a:76:b3:c8:3b:f8:66:c3:41:1c:d6:05:90:89:2f:27:
         35:09:ca:b7:57:a2:e0:07:f1:91:25:a9:ef:81:65:de:63:e4:
         36:c0:63:34:91:e5:16:c0:ad:17:ab:c1:60:f9:ef:fc:b3:d2:
         c1:88:ad:e9:90:05:89:91:84:e7:ad:f1:17:d5:5e:94:d1:a5:
         0a:33:15:d0:5e:dc:49:a2:9c:f5:e0:be:90:50:42:4d:7f:f6:
         45:ef:3b:0c:3d:09:86:02:12:3f:1a:ff:0d:c9:1a:3b:e2:0a:
         44:6b:e8:40:39:7b:c3:03:33:eb:2f:dd:a8:e9:8a:4a:58:02:
         1f:47:3a:d0:3d:97:01:97:4f:b8:5d:1c:a3:a8:d9:ea:b8:32:
         62:08:8f:d8:50:33:f8:e5:3e:68:74:dd:91:11:da:a8:ff:4c:
         39:65:54:5e:d2:05:8a:3f:c9:54:c2:1e:9a:f5:dc:db:bd:a2:
         70:09:d5:b6:33:e5:17:54:06:11:dd:d3:19:00:42:41:b1:5a:
         b8:8d:48:0f:5a:3c:88:a2:85:ed:fd:8b:6e:a2:29:c6:f8:77:
         77:2d:a3:21:cf:18:7d:8f:ef:8d:28:77:28:c8:1e:e6:88:da:
         cb:88:9e:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbViIhUXIkao/NUdqGT3x20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE1MjAwMDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTllMzBkOTliZjEzZjdlYTBiMTI3MGU0Yjk4MGIwYTE3MGE5NWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0M7h7QmwhcAEIOauJOorJTFBtNp
Bt2Rd1DrVhHIFmbXWDMqnOBw9qRHW4w0zpaUv2eZ+SeIoJgxrENpJ91VlB9Jncwj
mKIAMfE2Kyfn8yOcYGsTR8/bf1zduab8pWfliBJPsty01lf2UQiKre1EAQE+XjHv
hHLukNum7LPuSw6LVtR9bFeUnJGkgkrKcG/MLXl2gGO1XAjAOmxodwVJvIsUgCYf
UXH7jL7nEV/arTJA3C7mWFIk/UGRSbGFo6q3Ph+f0xoBHH8pePA49Hi1oaID1Fab
aQsw0bx6UXwUibLi4qI9KaDrO1Nbm1uQwWwQrKSSlzFe10q/fR9YHKOOAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImeMNmb8T9+oLEnDkuYCwoXCpXlMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvaVo0dzJadnhQMzZnc1NjT1M1Z0xDaGNLbGVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IAMA0G
CSqGSIb3DQEBCwUAA4IBAQBsrfs/NUPNk7CCiABqpeKTlVs7pop2s8g7+GbDQRzW
BZCJLyc1Ccq3V6LgB/GRJanvgWXeY+Q2wGM0keUWwK0Xq8Fg+e/8s9LBiK3pkAWJ
kYTnrfEX1V6U0aUKMxXQXtxJopz14L6QUEJNf/ZF7zsMPQmGAhI/Gv8NyRo74gpE
a+hAOXvDAzPrL92o6YpKWAIfRzrQPZcBl0+4XRyjqNnquDJiCI/YUDP45T5odN2R
Edqo/0w5ZVRe0gWKP8lUwh6a9dzbvaJwCdW2M+UXVAYR3dMZAEJBsVq4jUgPWjyI
ooXt/YtuoinG+Hd3LaMhzxh9j++NKHcoyB7miNrLiJ6p
-----END CERTIFICATE-----