Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/PjMzQwKUrF-VvmoyR5v8Mv9UDo0.roa
File:                     PjMzQwKUrF-VvmoyR5v8Mv9UDo0.roa (raw, json)
Hash identifier:          djWTkmrlBUFs68uxALTdJmeXHsgVGm4cPvwKlvS+poM=
Subject key identifier:   3E:33:33:43:02:94:AC:5F:95:BE:6A:32:47:9B:FC:32:FF:54:0E:8D
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01999A42F2E3D167912A92CA122009EEFA72
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/PjMzQwKUrF-VvmoyR5v8Mv9UDo0.roa
Signing time:             Tue 30 Sep 2025 10:55:02 +0000
ROA not before:           Tue 30 Sep 2025 10:55:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     154049
IP address blocks:        43.240.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:42:f2:e3:d1:67:91:2a:92:ca:12:20:09:ee:fa:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Sep 30 10:55:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e3333430294ac5f95be6a32479bfc32ff540e8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5c:5e:6a:01:f2:5b:8e:6a:e4:61:82:44:c7:
                    d0:aa:a4:92:9f:26:db:6d:dc:10:8f:d3:2d:77:25:
                    a4:28:9c:77:13:6c:8c:26:7a:cc:8b:dd:c0:f6:b9:
                    fc:2b:af:55:bf:c0:2b:5d:b7:7d:1f:e4:64:1d:00:
                    c4:ae:a9:fd:5e:b9:bf:47:0b:d3:43:d0:86:4a:f5:
                    84:1d:3d:81:a3:3b:81:fd:ef:d4:20:6f:d3:2e:fa:
                    99:d1:25:b5:95:2c:4b:3b:c3:75:c6:23:8b:90:ef:
                    90:c9:6c:9b:23:94:53:23:a5:8b:29:dd:e8:49:58:
                    b0:c5:37:d1:16:aa:56:10:a7:92:c9:79:ee:47:70:
                    ea:16:86:e7:1b:86:c5:5f:a6:15:29:aa:4c:1d:01:
                    01:6f:8a:ab:f3:4b:0a:20:54:af:d6:5c:29:4e:5c:
                    33:29:16:80:ff:51:e4:ae:1d:c9:e2:a2:eb:d3:f9:
                    83:cb:96:38:9f:b5:a1:47:75:9f:d1:26:f9:bb:2f:
                    ad:97:c4:9d:39:03:60:56:e3:a3:63:c6:c7:7e:6e:
                    5c:b1:1a:46:94:81:87:55:d1:c0:37:da:6a:c0:d2:
                    54:76:a4:49:8e:c9:91:09:17:37:b7:91:2a:50:d6:
                    47:a5:17:29:03:72:34:c7:ed:93:e0:f4:f7:cc:de:
                    99:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:33:33:43:02:94:AC:5F:95:BE:6A:32:47:9B:FC:32:FF:54:0E:8D
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/PjMzQwKUrF-VvmoyR5v8Mv9UDo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:11:95:15:bb:21:95:60:37:0f:05:37:01:13:09:5d:b9:bd:
         bb:f4:6d:d1:74:2d:a1:73:f5:73:73:9d:75:ba:b4:68:59:8f:
         77:bb:81:85:ca:6c:6f:70:49:66:ce:83:b8:0e:25:97:b0:c1:
         3a:98:29:88:57:0a:aa:02:71:29:59:83:d5:57:bb:54:53:1e:
         fd:ba:da:b0:68:89:57:2c:f5:f6:81:e0:f0:52:3a:98:33:00:
         69:03:4c:78:44:99:fb:50:4d:3b:3e:69:f9:5c:bb:1f:44:5a:
         1c:8f:be:e0:c1:10:25:a0:d4:12:ca:33:7e:2c:1e:a0:b8:df:
         c0:43:bf:f8:c1:eb:d0:34:69:73:46:9b:eb:ce:33:46:ab:26:
         e0:84:28:3b:20:03:6b:3c:a2:88:ad:7a:bf:11:85:f3:a9:ac:
         73:a6:e0:bb:61:ec:22:5e:1d:83:3a:2d:bb:5c:50:12:33:6c:
         a3:d8:5a:80:53:84:1f:4f:2b:2b:80:33:0d:d8:40:69:cc:42:
         ad:ce:4b:e2:d5:88:ea:85:29:85:00:05:4f:5e:8c:2f:2f:94:
         b9:07:dc:ad:b1:2e:b4:92:0a:47:bb:f3:bd:ec:f4:1e:c9:31:
         2d:69:4d:0d:75:28:21:68:15:60:c2:60:fd:ca:03:30:d3:d6:
         a2:52:9d:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaQvLj0WeRKpLKEiAJ7vpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwOTMwMTA1NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTMzMzM0MzAyOTRhYzVmOTViZTZhMzI0NzliZmMzMmZmNTQwZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlxeagHyW45q5GGCRMfQqqSSnybb
bdwQj9MtdyWkKJx3E2yMJnrMi93A9rn8K69Vv8ArXbd9H+RkHQDErqn9Xrm/RwvT
Q9CGSvWEHT2BozuB/e/UIG/TLvqZ0SW1lSxLO8N1xiOLkO+QyWybI5RTI6WLKd3o
SViwxTfRFqpWEKeSyXnuR3DqFobnG4bFX6YVKapMHQEBb4qr80sKIFSv1lwpTlwz
KRaA/1Hkrh3J4qLr0/mDy5Y4n7WhR3Wf0Sb5uy+tl8SdOQNgVuOjY8bHfm5csRpG
lIGHVdHAN9pqwNJUdqRJjsmRCRc3t5EqUNZHpRcpA3I0x+2T4PT3zN6ZSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4zM0MClKxflb5qMkeb/DL/VA6NMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvUGpNelF3S1VyRi1Wdm1veVI1djhNdjlVRG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK/CXMA0G
CSqGSIb3DQEBCwUAA4IBAQBFEZUVuyGVYDcPBTcBEwldub279G3RdC2hc/Vzc511
urRoWY93u4GFymxvcElmzoO4DiWXsME6mCmIVwqqAnEpWYPVV7tUUx79utqwaIlX
LPX2geDwUjqYMwBpA0x4RJn7UE07Pmn5XLsfRFocj77gwRAloNQSyjN+LB6guN/A
Q7/4wevQNGlzRpvrzjNGqybghCg7IANrPKKIrXq/EYXzqaxzpuC7YewiXh2DOi27
XFASM2yj2FqAU4QfTysrgDMN2EBpzEKtzkvi1YjqhSmFAAVPXowvL5S5B9ytsS60
kgpHu/O97PQeyTEtaU0NdSghaBVgwmD9ygMw09aiUp2k
-----END CERTIFICATE-----