Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/F7PlzZJfeHwJBNaN30S5Al35NJI.roa
File:                     F7PlzZJfeHwJBNaN30S5Al35NJI.roa (raw, json)
Hash identifier:          01gLRU22QbDBv5zMrSXwNyFhohgfbk6xoWmecGkQLAU=
Subject key identifier:   17:B3:E5:CD:92:5F:78:7C:09:04:D6:8D:DF:44:B9:02:5D:F9:34:92
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197DF7A4A83D8B0DFA0553112A9C49A072F
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/F7PlzZJfeHwJBNaN30S5Al35NJI.roa
Signing time:             Sun 06 Jul 2025 11:23:42 +0000
ROA not before:           Sun 06 Jul 2025 11:23:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        151.244.28.0/24 maxlen: 24
                          151.244.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:7a:4a:83:d8:b0:df:a0:55:31:12:a9:c4:9a:07:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  6 11:23:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17b3e5cd925f787c0904d68ddf44b9025df93492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:55:5e:2f:5f:b3:c8:34:14:96:e1:4a:d3:4b:
                    4e:18:72:2c:03:26:f4:2a:36:5a:90:43:40:e5:a6:
                    85:ac:42:b9:1c:54:e4:75:76:2d:eb:c8:69:68:cb:
                    d8:52:c7:41:17:40:09:8d:87:9d:82:1c:35:1d:3a:
                    eb:11:c7:13:2a:d4:f5:a2:36:e9:8a:85:79:7d:bf:
                    1b:f6:67:05:ca:1f:f1:8e:b2:d7:94:66:c4:f2:a1:
                    b8:46:9b:94:88:74:b5:e7:0a:fe:1d:a1:72:20:50:
                    cf:ca:3e:f5:c2:77:bf:ca:dc:1c:39:3d:1e:e7:f8:
                    fe:64:95:f8:19:4a:81:fa:d9:d3:e1:59:88:54:3b:
                    2d:fa:37:72:38:18:a1:7f:42:9e:9f:2a:98:ae:5b:
                    4c:de:6b:49:c0:cd:7a:f7:65:a5:e8:17:65:5b:b0:
                    4d:f3:fe:b0:d4:f1:b6:59:78:70:22:56:43:21:3a:
                    f4:71:5f:a9:9b:5a:40:5f:86:ec:77:62:ca:78:2f:
                    1d:35:36:16:e2:79:6b:25:01:17:36:ff:80:1e:b7:
                    96:a5:20:64:95:fc:d9:fc:9d:22:ea:bc:5f:88:ec:
                    33:b1:60:ce:ef:f8:29:90:fe:89:7c:40:fa:0f:8d:
                    5f:1e:cf:be:dd:c0:33:28:a3:a8:41:4c:18:11:b0:
                    98:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B3:E5:CD:92:5F:78:7C:09:04:D6:8D:DF:44:B9:02:5D:F9:34:92
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/F7PlzZJfeHwJBNaN30S5Al35NJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.28.0/24
                  151.244.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:04:f7:73:b3:d2:79:2b:48:ac:0d:54:b7:b1:b9:3c:89:85:
         1b:49:dd:a0:1c:c6:d2:e3:5d:ce:b5:5a:f1:64:4f:ec:43:ef:
         cf:b9:fc:7a:c9:37:72:42:ef:33:ca:4d:c1:04:21:d6:0b:86:
         54:36:8f:0e:54:b5:e3:0f:8f:72:65:a3:2c:5a:0c:cf:07:56:
         59:04:d6:87:16:8d:df:7b:fb:19:94:86:e9:ac:02:78:9b:bf:
         04:a5:46:5f:61:1e:82:20:36:bb:30:92:5d:12:80:41:f3:82:
         67:e0:21:eb:5d:a9:f6:10:1f:06:3d:5b:61:c1:a0:3e:7a:2d:
         8a:ed:1f:e3:c2:64:e8:c8:7a:85:86:58:8e:46:48:b8:8c:bc:
         46:69:90:3c:66:53:fa:78:f3:d3:87:e8:08:8d:b2:26:29:38:
         34:a7:85:44:1c:db:0f:53:1f:62:b4:9d:cc:e1:b9:0d:c1:50:
         9d:68:b3:da:e9:bc:32:ef:b8:ad:d0:24:26:f8:bc:82:7f:57:
         08:9d:9c:bf:47:10:5c:d3:ee:61:5a:08:71:24:2e:13:7b:aa:
         2e:22:2a:31:69:e1:cf:7f:d8:d8:ca:62:e5:7e:c6:05:f1:84:
         83:ed:8d:79:45:39:5c:6e:55:d4:ef:4b:2a:d1:09:2f:7f:17:
         d5:a7:ea:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZffekqD2LDfoFUxEqnEmgcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA2MTEyMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2IzZTVjZDkyNWY3ODdjMDkwNGQ2OGRkZjQ0YjkwMjVkZjkzNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlVeL1+zyDQUluFK00tOGHIsAyb0
KjZakENA5aaFrEK5HFTkdXYt68hpaMvYUsdBF0AJjYedghw1HTrrEccTKtT1ojbp
ioV5fb8b9mcFyh/xjrLXlGbE8qG4RpuUiHS15wr+HaFyIFDPyj71wne/ytwcOT0e
5/j+ZJX4GUqB+tnT4VmIVDst+jdyOBihf0KenyqYrltM3mtJwM1692Wl6BdlW7BN
8/6w1PG2WXhwIlZDITr0cV+pm1pAX4bsd2LKeC8dNTYW4nlrJQEXNv+AHreWpSBk
lfzZ/J0i6rxfiOwzsWDO7/gpkP6JfED6D41fHs++3cAzKKOoQUwYEbCYAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBez5c2SX3h8CQTWjd9EuQJd+TSSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRjdQbHpaSmZlSHdKQk5hTjMwUzVBbDM1TkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/QcAwQA
l/TeMA0GCSqGSIb3DQEBCwUAA4IBAQB9BPdzs9J5K0isDVS3sbk8iYUbSd2gHMbS
413OtVrxZE/sQ+/Pufx6yTdyQu8zyk3BBCHWC4ZUNo8OVLXjD49yZaMsWgzPB1ZZ
BNaHFo3fe/sZlIbprAJ4m78EpUZfYR6CIDa7MJJdEoBB84Jn4CHrXan2EB8GPVth
waA+ei2K7R/jwmToyHqFhliORki4jLxGaZA8ZlP6ePPTh+gIjbImKTg0p4VEHNsP
Ux9itJ3M4bkNwVCdaLPa6bwy77it0CQm+LyCf1cInZy/RxBc0+5hWghxJC4Te6ou
IioxaeHPf9jYymLlfsYF8YSD7Y15RTlcblXU70sq0QkvfxfVp+pI
-----END CERTIFICATE-----