Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HbAfeIA57qaGjWQBHsRgDXaeyAg.roa
File:                     HbAfeIA57qaGjWQBHsRgDXaeyAg.roa (raw, json)
Hash identifier:          8Ov67XQGKl1L7Cci7zF3RgaAIrGRx7jcWDjh6KsjiaQ=
Subject key identifier:   1D:B0:1F:78:80:39:EE:A6:86:8D:64:01:1E:C4:60:0D:76:9E:C8:08
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197FA89933448EBFFB736DA97F9C592ECC5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HbAfeIA57qaGjWQBHsRgDXaeyAg.roa
Signing time:             Fri 11 Jul 2025 17:30:09 +0000
ROA not before:           Fri 11 Jul 2025 17:30:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214365
IP address blocks:        151.242.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fa:89:93:34:48:eb:ff:b7:36:da:97:f9:c5:92:ec:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 11 17:30:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1db01f788039eea6868d64011ec4600d769ec808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e2:81:73:ae:70:4f:a1:42:cc:4a:e0:1c:5e:
                    16:22:b7:f2:9d:2f:4d:99:24:0b:5d:51:df:29:76:
                    3d:ee:17:85:be:63:84:26:db:27:a0:29:7c:79:ad:
                    13:43:4c:04:42:a8:cb:0e:ac:4f:b8:75:28:95:e6:
                    b3:0c:d2:83:d1:fe:04:cd:fa:3e:8e:d6:90:41:82:
                    2f:17:9c:10:98:b0:2a:e5:98:a7:38:1d:0d:6b:95:
                    33:ed:2d:39:61:2e:af:3d:8b:f6:75:57:58:51:4a:
                    15:b2:aa:a0:d3:ca:d2:a9:f0:dc:82:48:79:f5:0b:
                    ca:0d:39:71:ec:7c:a3:b2:11:92:87:ed:90:6a:19:
                    cd:85:83:28:ca:c5:e7:d7:73:0c:a2:3b:1e:e8:d6:
                    9b:d3:07:e6:23:08:96:4e:fd:cf:8f:3d:74:1e:25:
                    c3:cc:d6:29:b8:07:8d:64:ad:2c:5a:77:9c:d9:ca:
                    3a:6d:6d:60:a4:d8:94:ff:ad:e7:74:0f:33:2e:27:
                    db:01:78:b3:57:53:22:29:a1:0c:0d:c6:f9:86:ad:
                    6f:5c:34:62:63:21:eb:d1:5d:1a:d9:27:f5:f6:14:
                    97:09:46:53:83:74:3d:b1:84:9b:2b:44:ab:47:9a:
                    78:79:84:5c:e8:0e:f4:1d:d5:86:39:f6:e1:a8:6f:
                    61:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B0:1F:78:80:39:EE:A6:86:8D:64:01:1E:C4:60:0D:76:9E:C8:08
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HbAfeIA57qaGjWQBHsRgDXaeyAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:0e:5b:4a:de:9c:a4:86:61:3c:47:d6:47:77:1e:f4:20:b1:
         c7:6c:9c:49:b8:81:7e:1d:d5:a0:fb:51:f1:05:af:62:c2:31:
         00:d2:c1:37:95:43:4b:57:42:2b:de:4b:be:8d:9e:10:cf:55:
         31:e2:da:77:63:df:84:35:4c:6e:5c:c2:57:e9:23:df:db:86:
         1f:81:3e:bd:13:58:33:f2:6b:a0:ae:5f:9a:65:4d:c5:3f:dc:
         c8:02:a2:81:0e:21:42:45:b3:c5:17:db:b6:55:2a:0f:aa:03:
         00:5e:82:3f:7f:a0:2f:a7:76:f4:96:79:37:ed:42:40:31:7f:
         69:85:8e:75:2b:c6:26:fc:39:51:db:ad:81:f3:ed:4e:97:e9:
         2e:4d:9f:2b:52:40:21:d7:f6:54:b3:71:fb:c7:70:61:32:79:
         b8:57:cf:2f:74:d0:6e:f7:d3:5c:17:b0:c8:6a:bc:7b:f8:f5:
         35:b7:5e:53:ea:71:b1:2f:0b:9e:69:67:98:4b:6a:a2:b5:d4:
         d9:aa:95:00:76:6f:c2:7b:25:c9:f6:b9:86:cc:35:7d:a0:40:
         68:be:6f:b1:77:cc:82:53:dd:cc:f0:af:60:5d:dd:97:3e:a6:
         2f:dd:03:ec:53:12:6d:9d:f9:92:95:e5:18:5e:bb:79:e1:dd:
         59:e0:92:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf6iZM0SOv/tzbal/nFkuzFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzExMTczMDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIwMWY3ODgwMzllZWE2ODY4ZDY0MDExZWM0NjAwZDc2OWVjODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeKBc65wT6FCzErgHF4WIrfynS9N
mSQLXVHfKXY97heFvmOEJtsnoCl8ea0TQ0wEQqjLDqxPuHUoleazDNKD0f4Ezfo+
jtaQQYIvF5wQmLAq5ZinOB0Na5Uz7S05YS6vPYv2dVdYUUoVsqqg08rSqfDcgkh5
9QvKDTlx7HyjshGSh+2QahnNhYMoysXn13MMojse6Nab0wfmIwiWTv3Pjz10HiXD
zNYpuAeNZK0sWnec2co6bW1gpNiU/63ndA8zLifbAXizV1MiKaEMDcb5hq1vXDRi
YyHr0V0a2Sf19hSXCUZTg3Q9sYSbK0SrR5p4eYRc6A70HdWGOfbhqG9h9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2wH3iAOe6mho1kAR7EYA12nsgIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSGJBZmVJQTU3cWFHaldRQkhzUmdEWGFleUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IDMA0G
CSqGSIb3DQEBCwUAA4IBAQAYDltK3pykhmE8R9ZHdx70ILHHbJxJuIF+HdWg+1Hx
Ba9iwjEA0sE3lUNLV0Ir3ku+jZ4Qz1Ux4tp3Y9+ENUxuXMJX6SPf24YfgT69E1gz
8mugrl+aZU3FP9zIAqKBDiFCRbPFF9u2VSoPqgMAXoI/f6Avp3b0lnk37UJAMX9p
hY51K8Ym/DlR262B8+1Ol+kuTZ8rUkAh1/ZUs3H7x3BhMnm4V88vdNBu99NcF7DI
arx7+PU1t15T6nGxLwueaWeYS2qitdTZqpUAdm/CeyXJ9rmGzDV9oEBovm+xd8yC
U93M8K9gXd2XPqYv3QPsUxJtnfmSleUYXrt54d1Z4JKO
-----END CERTIFICATE-----