Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/UNm8xbjCZi5tf1Jh4ZDmY_b5phg.roa
File:                     UNm8xbjCZi5tf1Jh4ZDmY_b5phg.roa (raw, json)
Hash identifier:          g+Ndcrhp2L2lPnn0kkzQKVbX4OfhifOWOh1XRogU5OI=
Subject key identifier:   50:D9:BC:C5:B8:C2:66:2E:6D:7F:52:61:E1:90:E6:63:F6:F9:A6:18
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197DF76A15D1804B0872E2A89333E6793C8
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/UNm8xbjCZi5tf1Jh4ZDmY_b5phg.roa
Signing time:             Sun 06 Jul 2025 11:19:42 +0000
ROA not before:           Sun 06 Jul 2025 11:19:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32167
IP address blocks:        151.244.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:76:a1:5d:18:04:b0:87:2e:2a:89:33:3e:67:93:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  6 11:19:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50d9bcc5b8c2662e6d7f5261e190e663f6f9a618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ca:8f:67:4c:9a:dd:b4:d1:49:81:46:69:a9:
                    b5:5b:bc:46:24:f9:7b:79:67:7d:ef:dd:96:ae:f5:
                    3d:5f:30:01:a6:a3:ef:39:b3:6b:62:9a:3b:24:18:
                    63:56:8d:29:0c:19:5a:6e:44:71:a9:23:58:33:a5:
                    f6:c3:c1:2e:90:ed:67:68:61:a9:2a:56:42:43:c3:
                    e1:68:58:27:ff:de:2c:2a:4f:c4:b0:33:c8:88:63:
                    7c:e5:ab:f8:80:24:95:d1:02:54:60:63:82:9d:a2:
                    1c:ae:62:39:a1:52:4c:bb:d1:93:36:ab:53:78:c3:
                    8f:44:ad:65:ff:16:6d:60:4b:82:fb:13:69:37:2f:
                    f1:06:39:a3:79:89:1b:55:17:7d:f1:f8:59:ef:10:
                    27:44:49:d6:4f:34:94:f4:b7:32:a5:ea:e8:35:91:
                    17:e5:88:88:82:74:a1:0f:81:5b:f4:72:44:57:57:
                    92:7b:62:18:17:65:75:b8:3c:23:57:2a:81:95:65:
                    65:b2:bd:40:f4:d7:77:fe:9f:91:e3:0e:b1:20:fd:
                    9e:a4:b0:31:ec:c9:7b:ce:7d:85:6e:ad:54:d4:66:
                    44:eb:6f:06:c0:47:50:ba:ee:04:82:c4:3e:2f:dd:
                    8d:44:1d:57:6d:77:dd:65:d5:75:4c:d6:d1:ff:9c:
                    1a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D9:BC:C5:B8:C2:66:2E:6D:7F:52:61:E1:90:E6:63:F6:F9:A6:18
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/UNm8xbjCZi5tf1Jh4ZDmY_b5phg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c1:88:a8:7c:a8:aa:96:55:0c:32:ce:2b:1e:6b:98:c1:4d:
         80:87:fc:8b:a9:40:bb:8e:92:01:9a:5e:bb:72:1b:65:00:74:
         f1:c8:2a:28:99:61:b8:28:56:92:a5:14:32:50:f6:30:29:1f:
         ad:a6:89:2e:2e:52:c3:79:5a:9f:6d:a7:81:5e:96:38:e4:a4:
         f0:47:0a:a9:2b:29:37:8e:8e:3f:0d:67:78:27:24:04:70:08:
         30:b0:03:af:c6:85:73:fe:f6:3c:a8:7a:bf:4e:5d:49:9c:8e:
         3b:85:7b:ad:58:54:69:27:88:5d:1c:9e:8f:70:72:c7:a9:12:
         d2:4f:89:15:bd:96:4f:5c:f2:2a:e2:a4:39:35:26:2a:0e:76:
         07:9c:0e:43:76:f3:e8:0a:3c:bd:ec:62:0d:67:4e:05:85:13:
         16:92:d8:b9:ee:e6:8f:31:a1:fa:37:df:87:96:41:55:9b:a1:
         5c:64:1a:22:4c:35:81:b5:8c:bc:2c:7b:4d:24:0f:4e:36:c7:
         7c:20:53:f8:dc:62:df:40:0d:72:54:95:9d:7c:96:d7:7f:a6:
         29:99:5a:9c:8a:16:15:ed:9e:57:60:77:9a:51:3e:50:e9:5f:
         42:f7:48:1c:46:40:d7:6f:fc:5f:62:35:dd:60:5b:2a:05:95:
         27:51:47:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZffdqFdGASwhy4qiTM+Z5PIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA2MTExOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQ5YmNjNWI4YzI2NjJlNmQ3ZjUyNjFlMTkwZTY2M2Y2ZjlhNjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8qPZ0ya3bTRSYFGaam1W7xGJPl7
eWd9792WrvU9XzABpqPvObNrYpo7JBhjVo0pDBlabkRxqSNYM6X2w8EukO1naGGp
KlZCQ8PhaFgn/94sKk/EsDPIiGN85av4gCSV0QJUYGOCnaIcrmI5oVJMu9GTNqtT
eMOPRK1l/xZtYEuC+xNpNy/xBjmjeYkbVRd98fhZ7xAnREnWTzSU9LcyperoNZEX
5YiIgnShD4Fb9HJEV1eSe2IYF2V1uDwjVyqBlWVlsr1A9Nd3/p+R4w6xIP2epLAx
7Ml7zn2Fbq1U1GZE628GwEdQuu4EgsQ+L92NRB1XbXfdZdV1TNbR/5wa5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDZvMW4wmYubX9SYeGQ5mP2+aYYMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVU5tOHhiakNaaTV0ZjFKaDRaRG1ZX2I1cGhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/QGMA0G
CSqGSIb3DQEBCwUAA4IBAQAEwYiofKiqllUMMs4rHmuYwU2Ah/yLqUC7jpIBml67
chtlAHTxyCoomWG4KFaSpRQyUPYwKR+tpokuLlLDeVqfbaeBXpY45KTwRwqpKyk3
jo4/DWd4JyQEcAgwsAOvxoVz/vY8qHq/Tl1JnI47hXutWFRpJ4hdHJ6PcHLHqRLS
T4kVvZZPXPIq4qQ5NSYqDnYHnA5DdvPoCjy97GINZ04FhRMWkti57uaPMaH6N9+H
lkFVm6FcZBoiTDWBtYy8LHtNJA9ONsd8IFP43GLfQA1yVJWdfJbXf6YpmVqcihYV
7Z5XYHeaUT5Q6V9C90gcRkDXb/xfYjXdYFsqBZUnUUf3
-----END CERTIFICATE-----