Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/k65nYPdXnmSP4SC0TjPY4saAwJI.roa
File:                     k65nYPdXnmSP4SC0TjPY4saAwJI.roa (raw, json)
Hash identifier:          byRR/QpWcn2V1CRRylLnWOucV0hLgCtJsf3eXKD0kc4=
Subject key identifier:   93:AE:67:60:F7:57:9E:64:8F:E1:20:B4:4E:33:D8:E2:C6:80:C0:92
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019A3DCE083825DC0CDC828A36DEB98AA815
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/k65nYPdXnmSP4SC0TjPY4saAwJI.roa
Signing time:             Sat 01 Nov 2025 05:05:03 +0000
ROA not before:           Sat 01 Nov 2025 05:05:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        151.240.16.0/24 maxlen: 24
                          151.243.104.0/24 maxlen: 24
                          151.244.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3d:ce:08:38:25:dc:0c:dc:82:8a:36:de:b9:8a:a8:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov  1 05:05:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93ae6760f7579e648fe120b44e33d8e2c680c092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:73:2a:4a:e8:b7:d1:0f:06:c9:ac:bf:d3:
                    a9:1c:9a:37:e0:27:86:a9:78:9f:f5:d5:fb:3b:7e:
                    79:fb:9f:68:86:20:0b:aa:3f:c0:22:54:27:ff:08:
                    f4:d6:2f:5d:50:c4:ab:00:ce:43:24:c6:90:76:fb:
                    69:c3:14:52:77:3c:83:d2:4a:78:ab:3b:dd:46:e4:
                    d9:41:23:6d:76:a0:c7:c1:64:4f:24:32:68:67:39:
                    37:2a:33:77:4f:06:79:b7:3a:ee:c4:46:d1:e3:5b:
                    43:e4:c9:07:13:20:c6:1d:65:84:7c:87:1d:36:28:
                    24:32:78:de:5e:b1:f3:9e:b8:6b:79:5d:8b:af:d6:
                    2b:72:aa:03:8b:61:7c:23:89:16:3c:48:1e:35:15:
                    ab:97:c7:fe:15:cd:c5:53:5f:16:4a:b2:56:3c:4c:
                    36:49:7a:14:c0:61:36:80:f6:35:c3:c1:df:fb:53:
                    10:02:97:da:8a:11:f8:1f:80:13:06:43:18:7f:46:
                    e1:bb:86:c3:2c:8e:41:15:2f:ec:dc:a3:b4:86:55:
                    a0:66:12:05:09:d0:1c:1d:bb:ad:bb:ce:f6:f3:4c:
                    da:3e:a8:4e:13:06:90:b8:16:65:92:d2:70:f3:10:
                    15:31:35:0f:d0:29:84:5c:d1:2b:d6:1d:aa:75:45:
                    5e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:AE:67:60:F7:57:9E:64:8F:E1:20:B4:4E:33:D8:E2:C6:80:C0:92
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/k65nYPdXnmSP4SC0TjPY4saAwJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.16.0/24
                  151.243.104.0/24
                  151.244.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:32:4b:90:20:18:d2:d0:f6:99:8f:36:4c:58:6d:b4:28:b5:
         39:62:31:6a:0e:69:b0:40:f1:3b:92:7c:43:4e:c0:8f:f8:82:
         c1:0b:4e:e7:aa:55:2e:83:dc:e8:6e:81:62:74:f2:82:37:b2:
         82:48:d4:cd:86:e3:7f:7f:0c:04:b3:fc:53:0f:70:7f:5d:db:
         e1:bb:94:2c:ca:19:c9:03:16:f5:34:39:76:d8:96:8d:6f:bf:
         cb:36:61:c6:ef:29:c9:65:de:f0:fe:33:c0:e8:93:c9:bb:4e:
         fe:32:a2:ce:67:6b:7b:74:cf:c0:d1:cf:85:7a:f4:e4:68:e0:
         5f:51:7c:c5:51:b6:36:0e:b6:c5:e5:66:a4:47:e5:9b:8f:7e:
         01:45:54:23:cc:9d:c0:6c:de:f3:4e:b3:8b:4b:74:15:55:08:
         3c:7c:c8:ed:f6:5c:a5:71:b9:a0:eb:9f:71:e3:9b:3a:f2:e9:
         d3:05:72:ae:35:7b:a7:14:05:03:16:95:61:a5:cc:7a:66:34:
         7d:84:d2:1c:d3:75:48:74:cc:05:b9:a4:6d:59:e3:e1:7d:19:
         7d:e5:3c:52:98:08:a3:af:3a:01:af:5c:63:3d:f4:2d:2e:78:
         33:ce:e7:38:f7:9b:81:d1:a9:bf:62:3e:57:32:ef:0f:ba:36:
         f7:c3:dd:69
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo9zgg4JdwM3IKKNt65iqgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTAxMDUwNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2FlNjc2MGY3NTc5ZTY0OGZlMTIwYjQ0ZTMzZDhlMmM2ODBjMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7xzKkrot9EPBsmsv9OpHJo34CeG
qXif9dX7O355+59ohiALqj/AIlQn/wj01i9dUMSrAM5DJMaQdvtpwxRSdzyD0kp4
qzvdRuTZQSNtdqDHwWRPJDJoZzk3KjN3TwZ5tzruxEbR41tD5MkHEyDGHWWEfIcd
NigkMnjeXrHznrhreV2Lr9YrcqoDi2F8I4kWPEgeNRWrl8f+Fc3FU18WSrJWPEw2
SXoUwGE2gPY1w8Hf+1MQApfaihH4H4ATBkMYf0bhu4bDLI5BFS/s3KO0hlWgZhIF
CdAcHbutu87280zaPqhOEwaQuBZlktJw8xAVMTUP0CmEXNEr1h2qdUVeRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJOuZ2D3V55kj+EgtE4z2OLGgMCSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvazY1bllQZFhubVNQNFNDMFRqUFk0c2FBd0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/AQAwQA
l/NoAwQAl/T6MA0GCSqGSIb3DQEBCwUAA4IBAQB9MkuQIBjS0PaZjzZMWG20KLU5
YjFqDmmwQPE7knxDTsCP+ILBC07nqlUug9zoboFidPKCN7KCSNTNhuN/fwwEs/xT
D3B/Xdvhu5QsyhnJAxb1NDl22JaNb7/LNmHG7ynJZd7w/jPA6JPJu07+MqLOZ2t7
dM/A0c+FevTkaOBfUXzFUbY2DrbF5WakR+Wbj34BRVQjzJ3AbN7zTrOLS3QVVQg8
fMjt9lylcbmg659x45s68unTBXKuNXunFAUDFpVhpcx6ZjR9hNIc03VIdMwFuaRt
WePhfRl95TxSmAijrzoBr1xjPfQtLngzzuc495uB0am/Yj5XMu8Pujb3w91p
-----END CERTIFICATE-----