Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kj6lA0San5fG83vcIVH5ssKKKQY.roa
File:                     kj6lA0San5fG83vcIVH5ssKKKQY.roa (raw, json)
Hash identifier:          N4E8dQhgV9sdhr5Rsz789ZJJpxTMnBhoeiSRe5NqVig=
Subject key identifier:   92:3E:A5:03:44:9A:9F:97:C6:F3:7B:DC:21:51:F9:B2:C2:8A:29:06
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019648B210FA72C1F0C1B0BCFD7FF7C7E648
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kj6lA0San5fG83vcIVH5ssKKKQY.roa
Signing time:             Fri 18 Apr 2025 11:39:11 +0000
ROA not before:           Fri 18 Apr 2025 11:39:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        151.242.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:48:b2:10:fa:72:c1:f0:c1:b0:bc:fd:7f:f7:c7:e6:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 18 11:39:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=923ea503449a9f97c6f37bdc2151f9b2c28a2906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1a:23:f2:e7:ca:00:97:5d:88:27:45:7c:cc:
                    fa:cc:47:46:2e:29:10:86:42:f8:9b:13:62:30:fb:
                    fa:71:3b:d0:a4:b5:b6:52:94:24:f9:e6:fe:92:4e:
                    b1:ad:45:dc:ec:cd:28:9d:ff:10:73:b9:2e:b8:36:
                    5a:85:74:9e:be:8b:a6:be:3e:2d:e7:05:de:87:b8:
                    cf:81:cb:e9:53:89:d6:4f:d8:6d:43:d6:ea:55:b3:
                    31:74:30:04:ea:03:c8:b1:69:ad:35:f8:55:49:db:
                    2c:ed:8d:47:e5:60:4f:aa:ee:57:15:87:1d:9f:d4:
                    a2:58:93:8a:7d:cb:2b:fa:e0:03:22:44:d0:6d:19:
                    73:b9:73:40:ce:09:2e:bd:d7:53:94:74:f4:5b:6a:
                    59:b2:fe:2d:92:f8:30:a6:5d:15:9d:d9:db:d9:40:
                    7d:f0:77:56:0d:20:52:da:7c:90:02:1e:7c:80:28:
                    9c:29:cb:54:cf:be:56:e7:d1:3b:39:0e:e6:94:1c:
                    bd:84:1e:23:24:4e:02:d1:04:d8:a5:af:09:8a:39:
                    4b:a2:e5:72:a9:71:81:58:ed:ce:b0:26:d1:81:cf:
                    ba:e6:5b:9f:db:c8:58:c0:09:a7:01:cf:6b:2a:0f:
                    9e:3f:07:67:e3:b8:e6:82:dc:cc:c9:df:33:5d:43:
                    51:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3E:A5:03:44:9A:9F:97:C6:F3:7B:DC:21:51:F9:B2:C2:8A:29:06
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kj6lA0San5fG83vcIVH5ssKKKQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:84:5f:9a:08:c7:c1:2b:72:a4:49:7e:ae:a6:c9:78:03:75:
         e7:c5:1c:f3:53:09:39:0c:3a:3c:d2:1b:18:c6:7e:c3:4b:b8:
         23:43:72:e3:b7:b1:19:19:8f:6f:45:0d:40:7d:e7:e4:4d:f5:
         ca:33:00:76:b3:5e:90:eb:11:29:f4:26:0a:02:87:72:23:ac:
         32:c5:21:11:e5:48:7c:36:55:5b:be:f5:3b:5e:f4:df:c9:76:
         03:78:bd:5b:15:fa:dd:b0:a9:1e:66:1f:a9:72:38:b5:1b:ac:
         ff:88:60:7d:64:0a:46:5f:ed:b8:aa:da:b6:49:21:55:21:48:
         9d:53:15:7d:cd:87:b3:5a:81:b6:d9:a8:d9:b2:f0:6c:ad:c2:
         1a:6c:6c:0f:1c:8e:f1:64:21:4a:83:9e:a3:f5:54:23:d9:bf:
         21:56:3e:4f:55:ad:e7:d7:e5:68:68:e7:19:fe:64:8a:fd:2d:
         d7:55:01:3b:ac:ee:1c:39:36:ec:c3:fb:51:56:6f:bc:f0:71:
         eb:32:02:dd:ac:d7:06:cf:c6:1a:35:cf:22:d5:aa:bc:4a:24:
         ef:5c:e6:8a:05:1c:d6:ec:57:01:44:8a:7d:fd:f8:b7:b9:83:
         a8:42:84:5f:b3:0f:2b:91:4e:35:7b:2b:74:7f:16:6a:54:47:
         0f:29:28:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZIshD6csHwwbC8/X/3x+ZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDE4MTEzOTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjNlYTUwMzQ0OWE5Zjk3YzZmMzdiZGMyMTUxZjliMmMyOGEyOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxoj8ufKAJddiCdFfMz6zEdGLikQ
hkL4mxNiMPv6cTvQpLW2UpQk+eb+kk6xrUXc7M0onf8Qc7kuuDZahXSevoumvj4t
5wXeh7jPgcvpU4nWT9htQ9bqVbMxdDAE6gPIsWmtNfhVSdss7Y1H5WBPqu5XFYcd
n9SiWJOKfcsr+uADIkTQbRlzuXNAzgkuvddTlHT0W2pZsv4tkvgwpl0Vndnb2UB9
8HdWDSBS2nyQAh58gCicKctUz75W59E7OQ7mlBy9hB4jJE4C0QTYpa8JijlLouVy
qXGBWO3OsCbRgc+65luf28hYwAmnAc9rKg+ePwdn47jmgtzMyd8zXUNRlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJI+pQNEmp+XxvN73CFR+bLCiikGMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEva2o2bEEwU2FuNWZHODN2Y0lWSDVzc0tLS1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IsMA0G
CSqGSIb3DQEBCwUAA4IBAQAbhF+aCMfBK3KkSX6upsl4A3XnxRzzUwk5DDo80hsY
xn7DS7gjQ3Ljt7EZGY9vRQ1AfefkTfXKMwB2s16Q6xEp9CYKAodyI6wyxSER5Uh8
NlVbvvU7XvTfyXYDeL1bFfrdsKkeZh+pcji1G6z/iGB9ZApGX+24qtq2SSFVIUid
UxV9zYezWoG22ajZsvBsrcIabGwPHI7xZCFKg56j9VQj2b8hVj5PVa3n1+VoaOcZ
/mSK/S3XVQE7rO4cOTbsw/tRVm+88HHrMgLdrNcGz8YaNc8i1aq8SiTvXOaKBRzW
7FcBRIp9/fi3uYOoQoRfsw8rkU41eyt0fxZqVEcPKSjx
-----END CERTIFICATE-----