Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/2zRfrU_ZqmBGA2ZZoZ-8hWS99jo.roa
File:                     2zRfrU_ZqmBGA2ZZoZ-8hWS99jo.roa (raw, json)
Hash identifier:          38je3kUev+SXqO0ZkFpBHIG0ZxN25NK+xckAEnpvPzI=
Subject key identifier:   DB:34:5F:AD:4F:D9:AA:60:46:03:66:59:A1:9F:BC:85:64:BD:F6:3A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197EE55C30A2D1F61FE36960CE1DFD59FCF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/2zRfrU_ZqmBGA2ZZoZ-8hWS99jo.roa
Signing time:             Wed 09 Jul 2025 08:38:07 +0000
ROA not before:           Wed 09 Jul 2025 08:38:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213618
IP address blocks:        151.243.142.0/24 maxlen: 24
                          151.243.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:55:c3:0a:2d:1f:61:fe:36:96:0c:e1:df:d5:9f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  9 08:38:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db345fad4fd9aa6046036659a19fbc8564bdf63a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:17:04:6b:a2:30:37:0e:de:c0:48:4f:0a:b8:
                    a1:2e:f8:2e:3c:ce:32:b9:f4:33:14:3f:66:b7:da:
                    c4:4e:74:27:fd:a4:12:c0:9c:14:08:bd:bf:88:9a:
                    11:19:74:74:85:24:cf:de:01:32:a8:b7:c0:9f:4d:
                    6b:d6:34:f0:40:a0:3a:0e:6b:74:92:bf:95:1c:47:
                    44:16:77:6d:a3:8d:95:2b:b5:bc:c0:02:f5:c1:19:
                    86:ca:a2:b2:81:c8:a4:21:84:35:a5:00:ad:98:fc:
                    af:47:81:7f:f3:8a:3e:5c:bf:b3:3a:f1:f6:ff:8e:
                    9e:48:a5:02:5f:68:74:0d:d9:17:9b:4a:65:c5:81:
                    a5:22:f3:cb:57:99:6d:c3:56:3f:cc:c6:cf:3d:7e:
                    8a:80:69:5c:23:06:b7:54:9e:3c:8f:d0:6a:6d:0b:
                    84:5f:38:60:99:ad:fd:38:c3:1e:51:45:09:01:f8:
                    db:58:39:25:50:ba:b5:f5:b9:0d:98:e3:09:b5:0d:
                    19:4c:33:d2:a3:a7:bb:1f:87:f5:32:74:85:c9:37:
                    8f:90:bd:23:d8:91:b6:40:07:00:c4:37:35:e3:d0:
                    dd:a4:30:6c:3c:94:ec:04:79:e8:54:5e:6b:2e:a0:
                    55:28:6c:2a:7d:df:9a:e2:43:b1:63:67:6d:8c:53:
                    1e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:34:5F:AD:4F:D9:AA:60:46:03:66:59:A1:9F:BC:85:64:BD:F6:3A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/2zRfrU_ZqmBGA2ZZoZ-8hWS99jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:88:6b:9b:b2:cf:23:c1:9b:f3:bc:35:f5:8c:1c:bb:d7:c4:
         54:b6:5a:f2:73:c0:74:58:c3:a8:af:af:6c:a5:d0:b5:6d:57:
         d1:9a:67:7e:38:3d:d8:52:ff:4c:b5:b7:4c:61:0c:54:d3:c4:
         9c:e4:58:cf:04:87:02:ff:dd:dc:ba:33:dc:34:ec:06:9d:26:
         e6:c7:33:8d:5c:d0:7b:95:78:a7:c5:04:98:dd:b0:2a:b1:55:
         df:5d:82:95:e1:e0:20:9d:b9:a5:dd:37:a8:8f:8b:dd:e6:a1:
         d4:f5:81:8f:b4:31:86:81:d1:94:a3:bd:50:dd:2e:8c:b7:f7:
         3e:26:4c:ac:56:09:dc:a1:a4:70:84:a0:be:b8:14:05:5c:e9:
         06:df:90:0e:55:fa:bb:5d:68:34:79:35:10:ae:b6:02:77:59:
         53:7d:f7:75:23:01:73:1b:83:89:84:25:fd:39:19:e2:1d:12:
         75:19:7d:1d:dc:a1:14:be:b2:ca:2f:e5:5d:25:e2:3f:2f:95:
         22:b4:ce:fd:dc:01:76:8a:56:4d:70:8c:7c:63:f1:b2:f3:e1:
         13:1d:57:d8:d4:ca:e0:15:77:fb:f5:80:04:c3:a8:b9:23:31:
         87:9b:cd:3e:f4:df:2f:11:56:06:c0:f1:d8:28:23:ae:c1:81:
         32:1a:90:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfuVcMKLR9h/jaWDOHf1Z/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA5MDgzODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM0NWZhZDRmZDlhYTYwNDYwMzY2NTlhMTlmYmM4NTY0YmRmNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhcEa6IwNw7ewEhPCrihLvguPM4y
ufQzFD9mt9rETnQn/aQSwJwUCL2/iJoRGXR0hSTP3gEyqLfAn01r1jTwQKA6Dmt0
kr+VHEdEFndto42VK7W8wAL1wRmGyqKygcikIYQ1pQCtmPyvR4F/84o+XL+zOvH2
/46eSKUCX2h0DdkXm0plxYGlIvPLV5ltw1Y/zMbPPX6KgGlcIwa3VJ48j9BqbQuE
Xzhgma39OMMeUUUJAfjbWDklULq19bkNmOMJtQ0ZTDPSo6e7H4f1MnSFyTePkL0j
2JG2QAcAxDc149DdpDBsPJTsBHnoVF5rLqBVKGwqfd+a4kOxY2dtjFMe7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs0X61P2apgRgNmWaGfvIVkvfY6MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMnpSZnJVX1pxbUJHQTJaWm9aLThoV1M5OWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/OOMA0G
CSqGSIb3DQEBCwUAA4IBAQCqiGubss8jwZvzvDX1jBy718RUtlryc8B0WMOor69s
pdC1bVfRmmd+OD3YUv9MtbdMYQxU08Sc5FjPBIcC/93cujPcNOwGnSbmxzONXNB7
lXinxQSY3bAqsVXfXYKV4eAgnbml3Teoj4vd5qHU9YGPtDGGgdGUo71Q3S6Mt/c+
JkysVgncoaRwhKC+uBQFXOkG35AOVfq7XWg0eTUQrrYCd1lTffd1IwFzG4OJhCX9
ORniHRJ1GX0d3KEUvrLKL+VdJeI/L5UitM793AF2ilZNcIx8Y/Gy8+ETHVfY1Mrg
FXf79YAEw6i5IzGHm80+9N8vEVYGwPHYKCOuwYEyGpBu
-----END CERTIFICATE-----