Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7tjz2GmYmICfv6EAa5nlHDWirYE.roa
File:                     7tjz2GmYmICfv6EAa5nlHDWirYE.roa (raw, json)
Hash identifier:          BnI0mirDKJrlbP94L53aqXvd2Bck2M92+ZuWoDLPVwM=
Subject key identifier:   EE:D8:F3:D8:69:98:98:80:9F:BF:A1:00:6B:99:E5:1C:35:A2:AD:81
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197F87FF7E65FFC6660AFA15B58470C41D0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7tjz2GmYmICfv6EAa5nlHDWirYE.roa
Signing time:             Fri 11 Jul 2025 08:00:25 +0000
ROA not before:           Fri 11 Jul 2025 08:00:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62563
IP address blocks:        151.245.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:7f:f7:e6:5f:fc:66:60:af:a1:5b:58:47:0c:41:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 11 08:00:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eed8f3d8699898809fbfa1006b99e51c35a2ad81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:10:b5:36:c5:09:d4:4f:24:8d:a6:fb:c2:79:
                    05:58:e5:54:a8:2e:fb:68:7d:a9:c3:19:8a:09:34:
                    4f:f4:27:d4:59:87:11:3b:76:21:b3:eb:e6:3f:a1:
                    5b:6e:7c:31:7d:2a:61:f5:26:8b:0d:39:d2:73:b3:
                    e1:f4:8f:23:95:41:cb:6f:42:0f:8c:6c:4d:69:ba:
                    f7:60:86:c8:5e:3e:7d:5d:9e:21:20:1e:3c:ca:35:
                    f5:f2:64:a9:dc:54:fb:b3:bb:69:b7:22:63:a2:90:
                    a2:60:9a:3f:0c:85:2d:a8:92:b0:23:c2:ca:22:f8:
                    36:84:6f:5b:1e:bb:15:37:bc:7f:ea:b6:5e:4b:ed:
                    b2:a9:b5:16:03:0a:b0:a0:d5:ff:4d:2c:33:13:9c:
                    5a:33:38:d0:2d:8d:ec:03:3e:4a:b7:95:eb:e6:5b:
                    3e:9c:82:17:ec:0f:98:60:69:d7:ba:ff:54:fb:30:
                    5c:51:50:81:01:cb:15:c7:18:1f:27:40:66:fb:f3:
                    68:0b:43:35:8a:71:0d:aa:18:c8:a6:e7:c7:0d:f3:
                    e5:60:89:e6:20:a8:4a:f9:36:cf:35:e7:28:79:10:
                    5e:2d:74:c9:0c:1c:04:26:9c:c4:10:dd:51:95:c2:
                    e7:15:72:29:d7:ed:6c:7e:ad:39:19:7a:1a:06:a0:
                    09:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:D8:F3:D8:69:98:98:80:9F:BF:A1:00:6B:99:E5:1C:35:A2:AD:81
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7tjz2GmYmICfv6EAa5nlHDWirYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:6f:94:e9:1f:1f:68:ce:9d:16:20:d2:c2:db:75:fd:cf:12:
         a1:45:80:25:e8:5e:56:08:3d:da:3a:04:fa:9f:df:7f:e8:75:
         24:c8:3e:b9:fe:64:4f:01:ca:70:01:f5:e8:a6:a3:53:29:f9:
         38:e5:e1:89:a4:1e:2b:90:40:e1:30:0a:da:55:1b:19:00:64:
         d8:92:16:8e:70:88:d3:c2:e2:fa:7f:c9:2c:d8:0d:c9:d0:e6:
         09:6b:ab:69:eb:15:d8:59:4e:52:df:32:54:00:19:d2:f5:55:
         a9:48:f3:45:3e:e3:b5:c0:4e:9b:93:5d:61:45:64:45:16:fa:
         ba:b1:74:eb:c2:52:50:b4:9a:30:1e:c6:bd:53:90:fe:b8:55:
         82:67:67:2d:db:3b:23:64:97:01:ca:b3:1e:be:01:4a:ae:08:
         f7:2a:78:30:27:85:04:41:da:67:94:f6:b9:f2:db:50:aa:56:
         fb:54:e4:ab:8b:78:26:8f:0f:c3:4b:51:0a:94:ef:cb:cd:92:
         f5:83:9f:c8:11:b5:3f:38:bd:f3:61:49:a9:6c:e8:e4:b3:ff:
         06:bd:ef:50:7d:71:e1:de:ab:13:d2:15:00:01:ca:9c:0f:fa:
         e0:0b:ae:c9:e6:9e:40:b7:80:de:1f:06:3c:70:17:9d:76:5b:
         84:9a:5a:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf4f/fmX/xmYK+hW1hHDEHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzExMDgwMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWQ4ZjNkODY5OTg5ODgwOWZiZmExMDA2Yjk5ZTUxYzM1YTJhZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBC1NsUJ1E8kjab7wnkFWOVUqC77
aH2pwxmKCTRP9CfUWYcRO3Yhs+vmP6FbbnwxfSph9SaLDTnSc7Ph9I8jlUHLb0IP
jGxNabr3YIbIXj59XZ4hIB48yjX18mSp3FT7s7tptyJjopCiYJo/DIUtqJKwI8LK
Ivg2hG9bHrsVN7x/6rZeS+2yqbUWAwqwoNX/TSwzE5xaMzjQLY3sAz5Kt5Xr5ls+
nIIX7A+YYGnXuv9U+zBcUVCBAcsVxxgfJ0Bm+/NoC0M1inENqhjIpufHDfPlYInm
IKhK+TbPNecoeRBeLXTJDBwEJpzEEN1RlcLnFXIp1+1sfq05GXoaBqAJZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7Y89hpmJiAn7+hAGuZ5Rw1oq2BMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvN3RqejJHbVltSUNmdjZFQWE1bmxIRFdpcllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/X2MA0G
CSqGSIb3DQEBCwUAA4IBAQAjb5TpHx9ozp0WINLC23X9zxKhRYAl6F5WCD3aOgT6
n99/6HUkyD65/mRPAcpwAfXopqNTKfk45eGJpB4rkEDhMAraVRsZAGTYkhaOcIjT
wuL6f8ks2A3J0OYJa6tp6xXYWU5S3zJUABnS9VWpSPNFPuO1wE6bk11hRWRFFvq6
sXTrwlJQtJowHsa9U5D+uFWCZ2ct2zsjZJcByrMevgFKrgj3KngwJ4UEQdpnlPa5
8ttQqlb7VOSri3gmjw/DS1EKlO/LzZL1g5/IEbU/OL3zYUmpbOjks/8Gve9QfXHh
3qsT0hUAAcqcD/rgC67J5p5At4DeHwY8cBeddluEmlr2
-----END CERTIFICATE-----