Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4IMYwIypfQsbZ4fdZ5UkAJKOM4g.roa
File:                     4IMYwIypfQsbZ4fdZ5UkAJKOM4g.roa (raw, json)
Hash identifier:          DdI3WwX/rViBZmVBUQooVnFW5qfWlCGCj45WiJW6z9Y=
Subject key identifier:   E0:83:18:C0:8C:A9:7D:0B:1B:67:87:DD:67:95:24:00:92:8E:33:88
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197DF778A62576CD95F72DD825AA7B5A234
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4IMYwIypfQsbZ4fdZ5UkAJKOM4g.roa
Signing time:             Sun 06 Jul 2025 11:20:42 +0000
ROA not before:           Sun 06 Jul 2025 11:20:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208751
IP address blocks:        151.243.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 04:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:77:8a:62:57:6c:d9:5f:72:dd:82:5a:a7:b5:a2:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  6 11:20:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e08318c08ca97d0b1b6787dd67952400928e3388
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:76:0c:51:b3:2c:0e:e0:88:2f:32:cd:32:6c:
                    05:74:8a:b1:92:a3:6d:a7:94:0a:d2:f2:a3:5e:65:
                    a4:eb:1d:33:bd:73:89:82:01:ee:7a:69:c7:5c:50:
                    d6:df:bf:ec:2a:ca:29:eb:01:b8:81:16:c0:c4:27:
                    37:e8:af:3c:0f:e4:93:63:2e:02:ad:f1:9e:71:30:
                    f5:95:90:09:bd:cb:d8:f3:bf:66:7d:ec:2a:a6:3f:
                    44:6b:da:28:ca:cb:01:4c:ab:22:11:a9:d7:1b:40:
                    57:7e:b1:04:86:ca:70:4c:d2:9a:85:19:02:a7:94:
                    93:d8:29:a4:53:5d:fe:e5:d9:92:7f:32:b7:b3:3b:
                    c2:99:81:7b:68:64:a0:0a:0f:c3:3a:f5:98:be:72:
                    69:ab:f3:86:61:1f:30:8f:3f:48:fa:02:46:24:ee:
                    b0:74:b1:50:fe:e9:90:48:12:82:a8:77:86:8f:1f:
                    2e:38:dc:10:de:e4:bd:58:f0:0a:75:d2:84:66:16:
                    1e:ed:13:b5:02:e8:e9:d4:69:be:70:08:ab:17:6f:
                    58:20:a8:c2:45:7b:96:9e:bd:65:9a:fb:ab:af:0c:
                    2a:4e:d8:08:d4:fd:6f:53:8a:f1:5a:a4:80:f1:d0:
                    95:ad:0d:7c:40:13:71:f5:3a:0d:ea:cc:78:cd:83:
                    e7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:83:18:C0:8C:A9:7D:0B:1B:67:87:DD:67:95:24:00:92:8E:33:88
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4IMYwIypfQsbZ4fdZ5UkAJKOM4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:de:20:37:a5:16:70:b1:63:da:c3:1d:9f:37:4e:69:84:cd:
         0d:2a:16:5e:e1:2e:df:2e:49:f6:58:55:a0:08:0f:f6:4f:b8:
         cc:3a:99:a1:73:bc:de:27:54:a3:cc:8c:0b:2c:0f:7c:c6:56:
         70:e1:c7:5d:75:e1:20:ac:85:53:9e:9e:4e:1f:b6:08:39:fa:
         31:e9:22:f9:12:43:2d:26:93:d9:f3:54:dd:53:c9:dd:0b:cf:
         1b:a1:27:0c:e0:8b:d0:bb:b2:36:5c:fb:02:e7:93:d2:83:7d:
         fc:be:74:c0:52:d4:40:fa:b1:df:27:6a:65:1b:4b:1a:03:db:
         15:35:01:fd:77:6b:58:c0:21:0b:85:84:f7:b0:05:c4:1d:c8:
         15:0c:8d:45:20:c4:09:39:89:5a:b9:63:60:ec:42:74:25:87:
         1e:91:cd:22:f8:fe:1f:cd:8d:8d:85:60:a6:2a:9d:9f:80:1e:
         2e:37:be:c3:18:21:7a:1c:90:b1:af:7d:e3:8d:e5:63:da:e3:
         db:f8:3a:91:2f:aa:16:62:7d:7c:4f:cd:a4:4f:2c:7e:b1:40:
         b2:9f:d2:89:44:66:ec:2d:a4:39:55:0a:c0:c3:cf:7f:59:54:
         40:3d:16:2c:89:26:fb:34:33:1f:22:72:09:de:ea:d0:d7:9f:
         ac:6d:fa:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZffd4piV2zZX3LdglqntaI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA2MTEyMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDgzMThjMDhjYTk3ZDBiMWI2Nzg3ZGQ2Nzk1MjQwMDkyOGUzMzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHYMUbMsDuCILzLNMmwFdIqxkqNt
p5QK0vKjXmWk6x0zvXOJggHuemnHXFDW37/sKsop6wG4gRbAxCc36K88D+STYy4C
rfGecTD1lZAJvcvY879mfewqpj9Ea9ooyssBTKsiEanXG0BXfrEEhspwTNKahRkC
p5ST2CmkU13+5dmSfzK3szvCmYF7aGSgCg/DOvWYvnJpq/OGYR8wjz9I+gJGJO6w
dLFQ/umQSBKCqHeGjx8uONwQ3uS9WPAKddKEZhYe7RO1Aujp1Gm+cAirF29YIKjC
RXuWnr1lmvurrwwqTtgI1P1vU4rxWqSA8dCVrQ18QBNx9ToN6sx4zYPn7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCDGMCMqX0LG2eH3WeVJACSjjOIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNElNWXdJeXBmUXNiWjRmZFo1VWtBSktPTTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/PvMA0G
CSqGSIb3DQEBCwUAA4IBAQC13iA3pRZwsWPawx2fN05phM0NKhZe4S7fLkn2WFWg
CA/2T7jMOpmhc7zeJ1SjzIwLLA98xlZw4cdddeEgrIVTnp5OH7YIOfox6SL5EkMt
JpPZ81TdU8ndC88boScM4IvQu7I2XPsC55PSg338vnTAUtRA+rHfJ2plG0saA9sV
NQH9d2tYwCELhYT3sAXEHcgVDI1FIMQJOYlauWNg7EJ0JYcekc0i+P4fzY2NhWCm
Kp2fgB4uN77DGCF6HJCxr33jjeVj2uPb+DqRL6oWYn18T82kTyx+sUCyn9KJRGbs
LaQ5VQrAw89/WVRAPRYsiSb7NDMfInIJ3urQ15+sbfqP
-----END CERTIFICATE-----