Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jMJZ0a7UkVcLf6rXJNBVMADjPEI.roa
File:                     jMJZ0a7UkVcLf6rXJNBVMADjPEI.roa (raw, json)
Hash identifier:          ZXaxnuA+X8xwrOfrblTXZvd5y+58iLGQJJ4/PYgLcQQ=
Subject key identifier:   8C:C2:59:D1:AE:D4:91:57:0B:7F:AA:D7:24:D0:55:30:00:E3:3C:42
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01986940C86D8725B16E1AC47C9457272157
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jMJZ0a7UkVcLf6rXJNBVMADjPEI.roa
Signing time:             Sat 02 Aug 2025 05:28:30 +0000
ROA not before:           Sat 02 Aug 2025 05:28:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203758
IP address blocks:        151.242.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 02:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:69:40:c8:6d:87:25:b1:6e:1a:c4:7c:94:57:27:21:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  2 05:28:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cc259d1aed491570b7faad724d0553000e33c42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:21:78:63:cf:35:4a:f6:ba:c1:a5:59:2d:e1:
                    3f:f8:df:0e:92:f9:d4:e0:cc:4b:66:32:4b:f2:ce:
                    ea:05:ed:ca:ff:63:ad:a1:0d:f9:35:72:f6:41:02:
                    e4:51:ef:89:97:2a:64:6b:2f:91:ff:69:49:ac:bc:
                    7b:c3:f5:9d:2a:39:75:9f:37:77:ee:ad:23:e7:73:
                    cb:87:d0:5c:d0:f8:46:b8:84:61:d5:86:0d:87:3e:
                    f4:13:48:7c:02:a4:5c:2c:04:ec:03:c2:91:ba:7c:
                    d0:43:9a:a3:9f:13:b4:5b:c8:f5:8a:27:f8:07:0e:
                    2c:56:cf:e3:eb:a6:b0:5e:1f:18:b7:30:7c:5b:ba:
                    03:fc:42:2e:27:5b:f8:6a:ac:55:f6:e1:44:bf:bc:
                    d6:37:20:7e:5b:d6:eb:af:64:5b:b0:1c:d2:10:cf:
                    2a:58:81:f6:30:b1:0a:3a:c5:a6:3c:39:d1:8f:69:
                    11:8d:bd:cb:af:60:3c:02:91:99:09:2c:a4:df:4e:
                    13:ce:89:d0:21:91:0b:10:20:dd:9f:05:d2:49:1f:
                    64:a9:b7:bf:95:2d:53:88:29:9e:78:6c:ba:ba:86:
                    9f:c6:9c:54:1a:ca:39:20:cb:b8:6a:19:24:d1:63:
                    17:d8:ac:27:fc:0c:1f:03:be:90:18:04:6a:d1:ac:
                    74:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:C2:59:D1:AE:D4:91:57:0B:7F:AA:D7:24:D0:55:30:00:E3:3C:42
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jMJZ0a7UkVcLf6rXJNBVMADjPEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c8:e7:50:a1:3c:be:ed:77:8d:ac:56:c4:1e:f0:62:5d:c2:
         23:fd:ae:dc:e2:b0:90:f2:a1:41:3e:73:d6:b1:84:81:41:81:
         7c:40:59:c6:0c:6d:e9:f4:cd:f4:10:a0:4c:71:25:20:9c:fd:
         26:7f:94:94:e8:88:71:99:1b:0c:3b:06:82:7b:9f:7b:9a:31:
         3f:41:61:00:50:fe:b9:7b:01:4f:a2:b2:33:2e:77:31:8c:64:
         43:20:0b:4e:de:15:2b:40:39:05:7a:6e:f8:9b:52:02:e6:2f:
         d4:99:48:38:f7:bc:a0:c5:74:d2:3e:bb:5a:1f:66:65:59:10:
         4e:9c:7d:b1:85:01:2a:c2:54:e4:b2:92:fe:cd:59:d0:3c:3e:
         08:33:76:f9:e8:46:33:fc:7a:8d:4d:67:76:23:92:a7:6c:25:
         04:d5:6e:ed:5a:06:7e:cb:1f:cd:03:32:fb:1a:74:7e:75:8b:
         90:2b:c3:c5:f3:64:2c:e7:30:36:34:41:b1:51:9a:fc:4f:55:
         72:1e:5c:03:0d:a7:29:cf:0b:f0:15:c3:86:70:98:97:86:dc:
         f9:ab:96:1a:ca:11:2a:59:e7:e5:49:70:37:0e:01:2c:29:82:
         8b:91:78:a8:76:0c:99:fc:d7:45:61:ff:34:cc:10:aa:f9:8d:
         a4:a0:b5:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhpQMhthyWxbhrEfJRXJyFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODAyMDUyODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2MyNTlkMWFlZDQ5MTU3MGI3ZmFhZDcyNGQwNTUzMDAwZTMzYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyF4Y881Sva6waVZLeE/+N8OkvnU
4MxLZjJL8s7qBe3K/2OtoQ35NXL2QQLkUe+Jlypkay+R/2lJrLx7w/WdKjl1nzd3
7q0j53PLh9Bc0PhGuIRh1YYNhz70E0h8AqRcLATsA8KRunzQQ5qjnxO0W8j1iif4
Bw4sVs/j66awXh8YtzB8W7oD/EIuJ1v4aqxV9uFEv7zWNyB+W9brr2RbsBzSEM8q
WIH2MLEKOsWmPDnRj2kRjb3Lr2A8ApGZCSyk304TzonQIZELECDdnwXSSR9kqbe/
lS1TiCmeeGy6uoafxpxUGso5IMu4ahkk0WMX2Kwn/AwfA76QGARq0ax0GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzCWdGu1JFXC3+q1yTQVTAA4zxCMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvak1KWjBhN1VrVmNMZjZyWEpOQlZNQURqUEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/J/MA0G
CSqGSIb3DQEBCwUAA4IBAQA1yOdQoTy+7XeNrFbEHvBiXcIj/a7c4rCQ8qFBPnPW
sYSBQYF8QFnGDG3p9M30EKBMcSUgnP0mf5SU6IhxmRsMOwaCe597mjE/QWEAUP65
ewFPorIzLncxjGRDIAtO3hUrQDkFem74m1IC5i/UmUg497ygxXTSPrtaH2ZlWRBO
nH2xhQEqwlTkspL+zVnQPD4IM3b56EYz/HqNTWd2I5KnbCUE1W7tWgZ+yx/NAzL7
GnR+dYuQK8PF82Qs5zA2NEGxUZr8T1VyHlwDDacpzwvwFcOGcJiXhtz5q5YayhEq
WeflSXA3DgEsKYKLkXiodgyZ/NdFYf80zBCq+Y2koLXw
-----END CERTIFICATE-----