Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MSrOjj_SlSg0CpmLrPaSrAEnGtA.roa
File:                     MSrOjj_SlSg0CpmLrPaSrAEnGtA.roa (raw, json)
Hash identifier:          SNdEDRHFdG4y8DMaT4uSFD961fZGMd0lyc4zZMLulVs=
Subject key identifier:   31:2A:CE:8E:3F:D2:95:28:34:0A:99:8B:AC:F6:92:AC:01:27:1A:D0
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01982CF144C12A97EFD7B57A3085EAA9B25C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MSrOjj_SlSg0CpmLrPaSrAEnGtA.roa
Signing time:             Mon 21 Jul 2025 12:24:25 +0000
ROA not before:           Mon 21 Jul 2025 12:24:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39798
IP address blocks:        151.241.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:f1:44:c1:2a:97:ef:d7:b5:7a:30:85:ea:a9:b2:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 21 12:24:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=312ace8e3fd29528340a998bacf692ac01271ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:da:74:38:d8:ee:80:c7:ae:9f:ae:95:ad:e5:
                    b6:97:98:b8:f8:dd:0a:c1:f5:77:4d:a8:66:07:75:
                    c9:db:c0:73:40:27:5f:c6:6b:d5:82:ef:ae:da:d4:
                    12:4c:6c:14:71:93:f4:24:cb:fc:20:6b:42:2c:3c:
                    18:03:b9:cf:50:c7:f6:af:ef:de:fc:31:48:7e:d0:
                    74:d5:e8:ab:5e:cb:43:60:d0:00:2a:dd:05:70:ba:
                    31:90:a9:5a:28:fa:87:19:59:24:cc:7c:37:e6:59:
                    71:49:cd:e2:db:c5:2d:34:a3:8c:7d:a9:2e:6c:44:
                    fc:dc:29:f0:ed:5d:84:9f:51:8d:80:6b:05:55:80:
                    7d:45:35:75:66:7e:48:71:93:60:ed:ed:72:89:d4:
                    6b:02:20:e7:72:ec:d5:fe:3c:e1:ad:59:ed:08:65:
                    86:0a:78:d4:4f:0e:59:ee:38:17:ab:4f:a2:04:06:
                    36:bb:82:a9:7f:13:f2:2f:d5:ea:d8:5a:fc:29:58:
                    8c:c4:af:90:18:d9:79:c0:bf:be:83:5d:9c:99:af:
                    49:1a:d0:b1:0a:9b:ab:24:1c:8e:5f:cf:0a:c3:ab:
                    1a:ec:26:6b:ad:d2:66:28:43:1e:cd:a2:27:8f:28:
                    5c:3b:96:d3:ff:32:c0:73:ff:34:7f:4f:22:c9:6d:
                    44:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:2A:CE:8E:3F:D2:95:28:34:0A:99:8B:AC:F6:92:AC:01:27:1A:D0
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MSrOjj_SlSg0CpmLrPaSrAEnGtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:da:e5:38:19:7a:26:95:f9:42:9a:92:f5:cb:e4:45:97:33:
         e6:e1:6f:a1:db:c2:54:db:74:a1:0f:48:6b:d9:05:4c:fd:ed:
         5f:8e:61:90:66:a9:ae:3c:f6:d2:7c:b2:cb:9e:d6:7f:89:48:
         08:3f:58:9f:84:69:27:62:5c:ff:d3:99:c8:75:f3:84:7f:2b:
         d3:e1:30:f2:66:f3:ae:c9:48:27:97:94:32:0e:1e:a3:47:b2:
         9d:75:50:25:8a:b7:10:9c:8c:10:db:04:e1:2b:98:09:4a:d6:
         2d:48:16:ea:dd:3f:7f:c8:67:ca:84:19:b3:58:2a:51:45:30:
         69:2d:4c:be:04:0e:25:5d:6a:cd:63:39:5c:53:bd:11:74:87:
         b9:2d:07:5e:e3:37:46:58:9f:11:4c:c1:f2:f9:cf:a1:6a:ba:
         08:e5:2b:59:66:a5:e4:04:ea:fb:f3:ad:81:db:ef:a9:02:5f:
         18:f1:2b:d5:6f:56:14:66:66:ed:b0:76:65:0e:48:9a:8d:56:
         a3:a4:c0:cf:06:0c:bd:7b:52:bb:6b:df:38:de:95:1c:40:68:
         22:4a:19:b4:59:d8:97:b1:09:67:1e:0b:a0:e8:2e:33:a2:75:
         ac:2f:b7:0e:d3:08:44:9d:35:50:0a:48:4b:36:95:a0:8f:ea:
         19:18:c1:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgs8UTBKpfv17V6MIXqqbJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzIxMTIyNDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTJhY2U4ZTNmZDI5NTI4MzQwYTk5OGJhY2Y2OTJhYzAxMjcxYWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodp0ONjugMeun66VreW2l5i4+N0K
wfV3TahmB3XJ28BzQCdfxmvVgu+u2tQSTGwUcZP0JMv8IGtCLDwYA7nPUMf2r+/e
/DFIftB01eirXstDYNAAKt0FcLoxkKlaKPqHGVkkzHw35llxSc3i28UtNKOMfaku
bET83Cnw7V2En1GNgGsFVYB9RTV1Zn5IcZNg7e1yidRrAiDncuzV/jzhrVntCGWG
CnjUTw5Z7jgXq0+iBAY2u4KpfxPyL9Xq2Fr8KViMxK+QGNl5wL++g12cma9JGtCx
CpurJByOX88Kw6sa7CZrrdJmKEMezaInjyhcO5bT/zLAc/80f08iyW1EzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEqzo4/0pUoNAqZi6z2kqwBJxrQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTVNyT2pqX1NsU2cwQ3BtTHJQYVNyQUVuR3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/EBMA0G
CSqGSIb3DQEBCwUAA4IBAQBu2uU4GXomlflCmpL1y+RFlzPm4W+h28JU23ShD0hr
2QVM/e1fjmGQZqmuPPbSfLLLntZ/iUgIP1ifhGknYlz/05nIdfOEfyvT4TDyZvOu
yUgnl5QyDh6jR7KddVAlircQnIwQ2wThK5gJStYtSBbq3T9/yGfKhBmzWCpRRTBp
LUy+BA4lXWrNYzlcU70RdIe5LQde4zdGWJ8RTMHy+c+haroI5StZZqXkBOr7862B
2++pAl8Y8SvVb1YUZmbtsHZlDkiajVajpMDPBgy9e1K7a9843pUcQGgiShm0WdiX
sQlnHgug6C4zonWsL7cO0whEnTVQCkhLNpWgj+oZGMGB
-----END CERTIFICATE-----