Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PI1-QlGIVBTMjOyY3s4hCp9x65I.roa
File:                     PI1-QlGIVBTMjOyY3s4hCp9x65I.roa (raw, json)
Hash identifier:          XsjK77J5hNoFBa7uadLIlxR05nU1HWeKk9HUEL+ohAw=
Subject key identifier:   3C:8D:7E:42:51:88:54:14:CC:8C:EC:98:DE:CE:21:0A:9F:71:EB:92
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01979CA2B99B491A4A9EF8BC246B601D75C5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PI1-QlGIVBTMjOyY3s4hCp9x65I.roa
Signing time:             Mon 23 Jun 2025 11:53:19 +0000
ROA not before:           Mon 23 Jun 2025 11:53:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151704
IP address blocks:        151.242.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:a2:b9:9b:49:1a:4a:9e:f8:bc:24:6b:60:1d:75:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 23 11:53:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c8d7e4251885414cc8cec98dece210a9f71eb92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:61:4c:6e:b0:1d:68:ca:aa:76:5f:55:f1:fc:
                    d8:2b:02:6a:0c:4b:cf:7f:21:11:4d:8d:31:ae:96:
                    f3:67:c7:bd:e3:03:de:d6:4b:a6:63:29:c2:c8:4e:
                    34:5c:41:8c:da:9e:de:ba:4c:43:58:49:8c:4d:5b:
                    38:b1:13:f4:36:80:ad:12:5b:e8:ac:66:bc:7e:b2:
                    00:20:a5:97:ab:de:00:9e:1a:4e:60:78:57:a3:21:
                    24:d2:fc:79:18:e7:03:10:88:0c:0b:ed:a4:13:de:
                    c8:25:53:c1:0f:92:a0:7b:1e:c3:f5:01:e1:ad:a5:
                    11:45:a1:60:78:96:ad:fa:6e:b9:69:46:1d:16:e4:
                    36:2e:a6:48:4e:47:c4:e3:84:42:f6:b3:24:e2:92:
                    0b:f8:e1:c1:f2:9f:69:3b:38:d9:35:02:e6:da:ae:
                    6e:6d:04:34:99:38:11:02:60:5e:8f:80:8f:40:1f:
                    2f:3f:fe:82:a4:32:d9:ce:05:ba:c7:84:f1:7d:3f:
                    76:46:fd:4b:32:9b:72:e5:af:46:e6:6f:46:57:64:
                    c9:a2:71:85:b5:91:84:95:74:b2:01:3c:85:1e:5b:
                    38:c1:9e:f2:0e:37:20:72:1e:fd:3d:cf:e0:28:59:
                    bc:82:2f:8c:14:a7:91:bb:76:ae:52:43:dd:65:d2:
                    96:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:8D:7E:42:51:88:54:14:CC:8C:EC:98:DE:CE:21:0A:9F:71:EB:92
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PI1-QlGIVBTMjOyY3s4hCp9x65I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:95:4f:41:5e:08:2d:b6:a7:c1:85:7d:a9:16:00:93:c0:2e:
         fc:ad:11:2d:c6:d1:a1:f2:88:b4:e9:ba:b9:7d:59:85:91:aa:
         80:fe:ce:45:e0:ee:50:0b:2b:cd:ad:0f:9e:3f:86:3c:cb:cc:
         22:9d:79:1d:e8:aa:31:de:5a:d7:f7:41:74:68:16:55:ee:f4:
         06:2b:3a:98:cb:ad:e8:5b:b6:8b:dc:79:51:f9:b0:68:78:4b:
         34:e1:1a:ab:51:0e:23:a6:bd:62:03:62:fc:63:c9:26:df:51:
         93:9c:e0:74:23:93:0c:c2:ba:84:71:41:29:20:95:2f:ad:5d:
         7a:4d:c6:bf:03:cb:c8:60:c8:e9:3e:7f:14:9c:49:51:3b:21:
         ea:9e:1e:90:c8:11:a8:91:92:6e:dc:4c:ba:5f:87:f0:ee:75:
         b1:5e:8b:61:79:9c:31:e8:41:ec:a4:e2:35:42:c7:10:3b:b8:
         d4:74:13:67:a0:07:a1:dc:86:97:5c:38:70:a9:0b:b5:2d:9f:
         53:96:04:a6:4c:84:f5:c0:fa:5d:ca:65:98:8f:af:76:ac:31:
         26:49:6c:6a:f8:29:d0:a9:65:a5:b9:27:2b:06:b5:59:58:59:
         ad:55:cf:35:1e:25:a3:54:6d:f1:d2:a6:53:33:af:7e:9e:7d:
         41:a6:c1:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZecormbSRpKnvi8JGtgHXXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIzMTE1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzhkN2U0MjUxODg1NDE0Y2M4Y2VjOThkZWNlMjEwYTlmNzFlYjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmFMbrAdaMqqdl9V8fzYKwJqDEvP
fyERTY0xrpbzZ8e94wPe1kumYynCyE40XEGM2p7eukxDWEmMTVs4sRP0NoCtElvo
rGa8frIAIKWXq94AnhpOYHhXoyEk0vx5GOcDEIgMC+2kE97IJVPBD5Kgex7D9QHh
raURRaFgeJat+m65aUYdFuQ2LqZITkfE44RC9rMk4pIL+OHB8p9pOzjZNQLm2q5u
bQQ0mTgRAmBej4CPQB8vP/6CpDLZzgW6x4TxfT92Rv1LMpty5a9G5m9GV2TJonGF
tZGElXSyATyFHls4wZ7yDjcgch79Pc/gKFm8gi+MFKeRu3auUkPdZdKWPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyNfkJRiFQUzIzsmN7OIQqfceuSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUEkxLVFsR0lWQlRNak95WTNzNGhDcDl4NjVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/J3MA0G
CSqGSIb3DQEBCwUAA4IBAQAulU9BXggttqfBhX2pFgCTwC78rREtxtGh8oi06bq5
fVmFkaqA/s5F4O5QCyvNrQ+eP4Y8y8winXkd6Kox3lrX90F0aBZV7vQGKzqYy63o
W7aL3HlR+bBoeEs04RqrUQ4jpr1iA2L8Y8km31GTnOB0I5MMwrqEcUEpIJUvrV16
Tca/A8vIYMjpPn8UnElROyHqnh6QyBGokZJu3Ey6X4fw7nWxXotheZwx6EHspOI1
QscQO7jUdBNnoAeh3IaXXDhwqQu1LZ9TlgSmTIT1wPpdymWYj692rDEmSWxq+CnQ
qWWluScrBrVZWFmtVc81HiWjVG3x0qZTM69+nn1BpsGk
-----END CERTIFICATE-----