Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vcsyvghnALm34jca0vvLq9LMDH4.roa
File:                     vcsyvghnALm34jca0vvLq9LMDH4.roa (raw, json)
Hash identifier:          gco1dpfPE8hkFmxTJ0rAbccDeSwWviePIY8TCL0l+j0=
Subject key identifier:   BD:CB:32:BE:08:67:00:B9:B7:E2:37:1A:D2:FB:CB:AB:D2:CC:0C:7E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01964225BC19D56C4F8A0836FB4439E9AB9C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vcsyvghnALm34jca0vvLq9LMDH4.roa
Signing time:             Thu 17 Apr 2025 05:08:11 +0000
ROA not before:           Thu 17 Apr 2025 05:08:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214557
IP address blocks:        151.243.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:25:bc:19:d5:6c:4f:8a:08:36:fb:44:39:e9:ab:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 17 05:08:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdcb32be086700b9b7e2371ad2fbcbabd2cc0c7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:bc:40:45:c2:f8:ba:80:ac:5f:56:9c:49:7e:
                    31:04:78:a7:4d:0d:34:aa:2d:e7:0a:bd:75:98:00:
                    fc:e1:e2:e1:f7:83:3b:03:9f:44:56:b9:77:71:31:
                    23:b3:3f:24:04:c0:f1:05:72:5f:43:59:b6:2c:64:
                    fe:31:34:1e:06:fe:e2:47:29:d7:87:96:4d:a9:60:
                    90:64:06:9f:d1:04:dd:18:a4:5b:82:90:c5:42:ee:
                    95:53:24:cd:1b:95:b6:83:6d:34:8d:89:55:e6:7e:
                    c4:30:95:10:52:d6:c6:59:f0:37:db:13:32:9b:24:
                    89:68:32:47:2b:41:6c:8a:74:95:7c:b6:a9:c5:0f:
                    7e:1a:48:0f:ef:36:62:2d:27:1f:c1:bc:48:c1:13:
                    6d:ea:c5:f4:0e:f9:db:9e:53:87:35:07:9a:ff:f1:
                    d8:4f:f4:b2:44:60:5b:84:c2:4d:25:68:ba:4d:5c:
                    2c:ee:10:32:51:1f:e7:ee:2b:2e:95:97:c3:98:6f:
                    01:c7:07:49:e7:a5:6d:36:32:bf:63:ae:a5:10:e6:
                    e7:c4:48:c2:97:ab:22:66:33:2e:44:32:ec:81:e5:
                    eb:52:a4:cf:09:b2:3b:e0:be:9a:48:be:ad:ef:5c:
                    9c:80:83:38:de:20:cb:c5:54:46:ec:a2:96:e1:f2:
                    81:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:CB:32:BE:08:67:00:B9:B7:E2:37:1A:D2:FB:CB:AB:D2:CC:0C:7E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vcsyvghnALm34jca0vvLq9LMDH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:b1:3e:17:c2:d5:7a:3a:a6:cf:9d:4d:ed:6a:6c:6c:03:e2:
         3b:a3:0e:c8:85:bd:95:f6:98:2e:64:ad:45:6f:82:c2:e1:9a:
         dd:8a:39:89:b2:0d:8e:0f:30:50:fc:0c:ef:e6:ca:bb:af:14:
         03:a4:d5:bd:02:19:45:5a:62:10:71:2b:a1:08:d1:d3:f4:80:
         5e:11:89:97:e7:1a:c2:67:f1:60:65:eb:4e:7b:cc:64:4f:7a:
         48:c9:40:dd:ef:c5:1e:58:ff:6b:3f:fc:13:f3:60:9d:43:e3:
         e4:22:47:05:f7:39:49:d7:e5:15:3a:06:2b:6a:3b:e9:b2:c5:
         b0:60:09:06:d7:94:71:0c:4e:d7:41:6a:cd:14:09:01:f9:4a:
         1a:e2:5b:fe:a0:51:b8:e4:2d:de:4d:ad:f1:d4:f1:16:d1:04:
         5d:de:c2:a2:9e:99:03:5f:f5:46:63:d6:c4:99:fb:df:49:c6:
         6f:38:6f:a0:24:57:e9:aa:41:83:54:14:76:d6:ba:ee:98:fd:
         d7:96:37:02:c1:71:e7:b3:f2:13:4d:00:a7:9a:ce:d4:1f:4b:
         28:0d:a7:21:e6:ad:cb:c2:2b:3e:6e:c2:20:e9:15:2a:91:4d:
         7f:e2:fc:f0:2e:c5:59:1c:c4:36:c7:53:0b:33:51:42:4d:02:
         f7:bf:ee:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZCJbwZ1WxPigg2+0Q56aucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDE3MDUwODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGNiMzJiZTA4NjcwMGI5YjdlMjM3MWFkMmZiY2JhYmQyY2MwYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6LxARcL4uoCsX1acSX4xBHinTQ00
qi3nCr11mAD84eLh94M7A59EVrl3cTEjsz8kBMDxBXJfQ1m2LGT+MTQeBv7iRynX
h5ZNqWCQZAaf0QTdGKRbgpDFQu6VUyTNG5W2g200jYlV5n7EMJUQUtbGWfA32xMy
mySJaDJHK0FsinSVfLapxQ9+GkgP7zZiLScfwbxIwRNt6sX0DvnbnlOHNQea//HY
T/SyRGBbhMJNJWi6TVws7hAyUR/n7isulZfDmG8BxwdJ56VtNjK/Y66lEObnxEjC
l6siZjMuRDLsgeXrUqTPCbI74L6aSL6t71ycgIM43iDLxVRG7KKW4fKBTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3LMr4IZwC5t+I3GtL7y6vSzAx+MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdmNzeXZnaG5BTG0zNGpjYTB2dkxxOUxNREg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MLMA0G
CSqGSIb3DQEBCwUAA4IBAQCZsT4XwtV6OqbPnU3tamxsA+I7ow7Ihb2V9pguZK1F
b4LC4ZrdijmJsg2ODzBQ/Azv5sq7rxQDpNW9AhlFWmIQcSuhCNHT9IBeEYmX5xrC
Z/FgZetOe8xkT3pIyUDd78UeWP9rP/wT82CdQ+PkIkcF9zlJ1+UVOgYrajvpssWw
YAkG15RxDE7XQWrNFAkB+Uoa4lv+oFG45C3eTa3x1PEW0QRd3sKinpkDX/VGY9bE
mfvfScZvOG+gJFfpqkGDVBR21rrumP3XljcCwXHns/ITTQCnms7UH0soDach5q3L
wis+bsIg6RUqkU1/4vzwLsVZHMQ2x1MLM1FCTQL3v+42
-----END CERTIFICATE-----