Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jQSbo4bTvbMDIU1vD2C5vLfpbAk.roa
File:                     jQSbo4bTvbMDIU1vD2C5vLfpbAk.roa (raw, json)
Hash identifier:          ZjcICfW3sf6WvnZjoCNvwRcDoX9VONzTDL7GDic4c/8=
Subject key identifier:   8D:04:9B:A3:86:D3:BD:B3:03:21:4D:6F:0F:60:B9:BC:B7:E9:6C:09
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01986F1D57A7E6A5A721A35D7624762A5F80
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jQSbo4bTvbMDIU1vD2C5vLfpbAk.roa
Signing time:             Sun 03 Aug 2025 08:47:30 +0000
ROA not before:           Sun 03 Aug 2025 08:47:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        151.245.5.0/24 maxlen: 24
                          151.245.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 04:51:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6f:1d:57:a7:e6:a5:a7:21:a3:5d:76:24:76:2a:5f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  3 08:47:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d049ba386d3bdb303214d6f0f60b9bcb7e96c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:44:68:14:2c:8c:8f:5a:ae:7f:59:8c:95:5c:
                    cf:f2:cf:37:5f:ca:2e:9e:25:bf:ba:43:dd:5f:e5:
                    f2:1a:fa:d4:f4:29:3c:c4:b7:84:af:10:ba:7e:88:
                    f8:2d:f0:e6:6a:bc:6c:a2:6d:e7:0a:79:c6:02:11:
                    61:c3:51:bb:de:49:de:52:c7:b7:a9:da:dd:63:06:
                    21:bf:68:05:f4:d1:30:3b:b4:2b:ad:72:ec:df:2b:
                    fa:9f:0b:83:68:70:18:16:f3:6a:28:38:25:80:23:
                    c9:14:0f:13:ea:1d:34:4b:db:f0:1a:9e:b9:41:49:
                    19:dd:59:13:57:8f:7b:62:22:93:da:12:9a:40:e4:
                    a7:87:a9:b4:f8:9e:79:c6:f2:b9:12:cd:8a:ae:55:
                    d4:a0:53:9a:8b:42:1b:e1:e9:df:c7:37:6d:8c:5f:
                    a9:29:35:f3:bf:cf:20:43:f8:b4:10:14:1d:a7:d2:
                    15:16:ae:7e:b7:6c:70:08:56:45:5f:6b:ea:59:90:
                    fd:a5:73:c8:82:41:95:52:c1:d1:44:5f:eb:1d:a4:
                    cb:3c:0c:85:7d:23:7a:54:aa:5b:8a:1b:7f:6a:d7:
                    d5:65:a3:91:98:3e:f3:2a:32:a5:22:df:58:be:29:
                    bb:e8:61:b4:2f:88:fd:f4:a2:39:2d:c9:a6:98:c3:
                    52:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:04:9B:A3:86:D3:BD:B3:03:21:4D:6F:0F:60:B9:BC:B7:E9:6C:09
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jQSbo4bTvbMDIU1vD2C5vLfpbAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.5.0-151.245.6.255

    Signature Algorithm: sha256WithRSAEncryption
         9c:31:a7:84:43:b2:b6:1c:2a:0f:b6:0d:27:02:8d:d6:96:ed:
         d8:89:9c:20:e5:28:9d:20:f4:cf:87:16:21:58:ec:b5:e6:78:
         50:ba:dc:e8:fb:2b:c1:df:df:59:d8:0d:a6:7b:a2:ec:73:56:
         f9:f4:7f:de:90:5b:65:5a:41:ae:94:c5:8f:06:d9:04:3d:eb:
         3e:8d:97:d1:52:7b:4c:73:8b:69:62:d2:87:2f:ad:4d:3b:17:
         3b:5f:c8:ec:c2:9a:70:db:59:b6:c4:cb:ca:ff:df:33:31:7b:
         01:79:88:a0:85:9b:62:04:2c:2b:ed:9c:d8:b7:3c:a8:9f:03:
         37:50:37:e2:29:be:3d:fc:06:2a:f3:26:6d:26:b6:67:0f:46:
         c6:a3:69:3a:4d:e2:23:20:48:43:65:a5:be:8d:74:3d:4c:1f:
         5e:19:d7:92:f2:26:27:d2:85:78:91:e0:f7:cc:9d:c9:89:a1:
         8f:d8:46:cb:92:07:fc:78:e0:74:d0:56:9a:c2:69:a3:87:5f:
         45:54:88:bf:78:b9:db:bf:dd:b1:c7:d2:20:1c:d6:4b:6b:2b:
         c8:3e:ac:24:cf:9c:8e:cc:39:21:b4:b3:b1:dd:ac:be:cc:9b:
         dd:83:6d:b0:01:b1:26:32:50:5b:eb:ae:bf:7c:8b:33:78:b0:
         4f:fa:48:88
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZhvHVen5qWnIaNddiR2Kl+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODAzMDg0NzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA0OWJhMzg2ZDNiZGIzMDMyMTRkNmYwZjYwYjliY2I3ZTk2YzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkRoFCyMj1quf1mMlVzP8s83X8ou
niW/ukPdX+XyGvrU9Ck8xLeErxC6foj4LfDmarxsom3nCnnGAhFhw1G73kneUse3
qdrdYwYhv2gF9NEwO7QrrXLs3yv6nwuDaHAYFvNqKDglgCPJFA8T6h00S9vwGp65
QUkZ3VkTV497YiKT2hKaQOSnh6m0+J55xvK5Es2KrlXUoFOai0Ib4enfxzdtjF+p
KTXzv88gQ/i0EBQdp9IVFq5+t2xwCFZFX2vqWZD9pXPIgkGVUsHRRF/rHaTLPAyF
fSN6VKpbiht/atfVZaORmD7zKjKlIt9Yvim76GG0L4j99KI5LcmmmMNScQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI0Em6OG072zAyFNbw9guby36WwJMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvalFTYm80YlR2Yk1ESVUxdkQyQzV2TGZwYkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACX9QUD
BACX9QYwDQYJKoZIhvcNAQELBQADggEBAJwxp4RDsrYcKg+2DScCjdaW7diJnCDl
KJ0g9M+HFiFY7LXmeFC63Oj7K8Hf31nYDaZ7ouxzVvn0f96QW2VaQa6UxY8G2QQ9
6z6Nl9FSe0xzi2li0ocvrU07FztfyOzCmnDbWbbEy8r/3zMxewF5iKCFm2IELCvt
nNi3PKifAzdQN+Ipvj38BirzJm0mtmcPRsajaTpN4iMgSENlpb6NdD1MH14Z15Ly
JifShXiR4PfMncmJoY/YRsuSB/x44HTQVprCaaOHX0VUiL94udu/3bHH0iAc1ktr
K8g+rCTPnI7MOSG0s7HdrL7Mm92DbbABsSYyUFvrrr98izN4sE/6SIg=
-----END CERTIFICATE-----