Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zl-qzyK1e_gkzrUd0ltZE5zaCUA.roa
File:                     zl-qzyK1e_gkzrUd0ltZE5zaCUA.roa (raw, json)
Hash identifier:          gpBb/GViGldFwZezDu75gR5U/eSQ6qJ8AgX7bzckSjc=
Subject key identifier:   CE:5F:AA:CF:22:B5:7B:F8:24:CE:B5:1D:D2:5B:59:13:9C:DA:09:40
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01966B97C6E6944F4F00FACB7737CBF8ECB7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zl-qzyK1e_gkzrUd0ltZE5zaCUA.roa
Signing time:             Fri 25 Apr 2025 06:17:11 +0000
ROA not before:           Fri 25 Apr 2025 06:17:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136691
IP address blocks:        151.243.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:97:c6:e6:94:4f:4f:00:fa:cb:77:37:cb:f8:ec:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 25 06:17:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce5faacf22b57bf824ceb51dd25b59139cda0940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:75:1f:e9:ec:08:70:73:06:cc:0d:30:45:be:
                    01:5e:0c:7a:9c:02:27:70:fa:57:64:9b:b0:b9:b5:
                    7b:91:ce:0e:c9:01:9b:f9:c5:eb:f9:db:ee:71:c7:
                    e0:fa:c6:8f:4b:26:e1:2d:c4:9b:a3:08:90:75:45:
                    08:fc:3c:7e:ed:87:3a:ce:33:3b:fd:53:ff:ac:f2:
                    c2:f4:6b:37:11:2f:01:d6:a0:8c:f1:13:d5:5b:03:
                    75:22:6a:76:84:e2:97:ba:9e:b5:06:a8:ae:cf:e6:
                    a6:80:ec:60:d0:e9:1a:a0:f3:b6:34:1e:bf:59:26:
                    d4:98:e8:f2:95:80:71:4e:52:0e:9f:60:54:36:8f:
                    60:b3:61:7b:ba:49:72:55:a2:07:7c:e0:17:98:0c:
                    20:57:f9:fe:50:0b:27:f5:e4:4e:cb:cd:01:b9:72:
                    0a:9e:23:18:ac:64:43:8e:15:78:93:f6:44:ee:7d:
                    de:03:f3:0c:36:ad:47:23:de:32:48:51:bc:b3:55:
                    1f:6e:98:84:b5:75:10:19:48:76:74:b8:a0:df:63:
                    76:c9:47:45:5f:40:05:3c:04:ee:4c:eb:2c:44:5d:
                    5b:92:e0:38:21:34:ca:64:d2:e5:2a:cd:ba:e1:97:
                    59:86:7c:2f:11:bc:be:a5:13:73:bc:88:da:2e:ec:
                    5f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5F:AA:CF:22:B5:7B:F8:24:CE:B5:1D:D2:5B:59:13:9C:DA:09:40
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zl-qzyK1e_gkzrUd0ltZE5zaCUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:7f:b4:78:f7:c9:e1:6a:fc:9c:34:67:f6:8a:4f:b3:b3:2c:
         a5:88:f0:25:93:f7:5b:1b:69:fc:89:1f:03:65:3e:b0:51:db:
         ee:04:9b:f7:4f:5d:94:8d:47:18:5c:80:fe:37:b6:14:29:94:
         98:37:f7:1e:8e:4d:a7:8e:66:8d:1e:42:44:a7:18:51:5b:59:
         ee:2a:64:f5:61:2e:02:48:ac:42:a9:11:f2:5b:f7:8c:c5:70:
         df:ae:44:2e:ce:58:ef:3b:18:f9:ad:bb:72:fd:b4:ef:c6:de:
         29:4b:cc:81:16:98:b1:8f:1a:e3:8a:c9:25:68:63:61:1e:75:
         d5:fb:20:7d:bd:36:40:2b:36:79:44:0a:28:e2:cf:ed:68:6a:
         92:63:8d:cb:4f:35:c3:60:5e:25:71:00:ac:5c:cf:94:42:b2:
         a9:93:a0:ef:39:dc:02:9b:8d:a1:6d:c3:b6:bf:b9:27:c4:d2:
         ee:84:8b:0a:76:01:43:f5:1f:b1:93:1c:32:fa:6a:db:ab:05:
         b8:a4:29:e6:32:03:7f:0f:fc:79:1a:0d:6b:c6:eb:dc:64:8b:
         79:20:ab:a8:8d:10:0b:c1:9b:81:08:34:0a:08:77:04:3d:eb:
         06:55:5e:ae:17:04:09:67:d1:e1:60:ca:5d:9d:07:20:96:89:
         80:31:f6:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZrl8bmlE9PAPrLdzfL+Oy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI1MDYxNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTVmYWFjZjIyYjU3YmY4MjRjZWI1MWRkMjViNTkxMzljZGEwOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3Uf6ewIcHMGzA0wRb4BXgx6nAIn
cPpXZJuwubV7kc4OyQGb+cXr+dvuccfg+saPSybhLcSbowiQdUUI/Dx+7Yc6zjM7
/VP/rPLC9Gs3ES8B1qCM8RPVWwN1Imp2hOKXup61Bqiuz+amgOxg0OkaoPO2NB6/
WSbUmOjylYBxTlIOn2BUNo9gs2F7uklyVaIHfOAXmAwgV/n+UAsn9eROy80BuXIK
niMYrGRDjhV4k/ZE7n3eA/MMNq1HI94ySFG8s1UfbpiEtXUQGUh2dLig32N2yUdF
X0AFPATuTOssRF1bkuA4ITTKZNLlKs264ZdZhnwvEby+pRNzvIjaLuxfjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5fqs8itXv4JM61HdJbWROc2glAMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvemwtcXp5SzFlX2drenJVZDBsdFpFNXphQ1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MoMA0G
CSqGSIb3DQEBCwUAA4IBAQC5f7R498nhavycNGf2ik+zsyyliPAlk/dbG2n8iR8D
ZT6wUdvuBJv3T12UjUcYXID+N7YUKZSYN/cejk2njmaNHkJEpxhRW1nuKmT1YS4C
SKxCqRHyW/eMxXDfrkQuzljvOxj5rbty/bTvxt4pS8yBFpixjxrjisklaGNhHnXV
+yB9vTZAKzZ5RAoo4s/taGqSY43LTzXDYF4lcQCsXM+UQrKpk6DvOdwCm42hbcO2
v7knxNLuhIsKdgFD9R+xkxwy+mrbqwW4pCnmMgN/D/x5Gg1rxuvcZIt5IKuojRAL
wZuBCDQKCHcEPesGVV6uFwQJZ9HhYMpdnQcglomAMfZT
-----END CERTIFICATE-----