Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/W7ys-Z8mSyF2WtiJhpoot5pL-74.roa
File:                     W7ys-Z8mSyF2WtiJhpoot5pL-74.roa (raw, json)
Hash identifier:          pmN4Gdgmdaw94BQoNidjEdiPdeFILQZc3W7m4VwBt1A=
Subject key identifier:   5B:BC:AC:F9:9F:26:4B:21:76:5A:D8:89:86:9A:28:B7:9A:4B:FB:BE
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01981D4A020AC3950E723FC2382760B580DE
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/W7ys-Z8mSyF2WtiJhpoot5pL-74.roa
Signing time:             Fri 18 Jul 2025 11:27:25 +0000
ROA not before:           Fri 18 Jul 2025 11:27:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213724
IP address blocks:        151.242.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 04:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:4a:02:0a:c3:95:0e:72:3f:c2:38:27:60:b5:80:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 18 11:27:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bbcacf99f264b21765ad889869a28b79a4bfbbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e2:4d:1c:a1:50:9c:34:37:77:fa:c4:b5:60:
                    1e:5a:39:e0:af:12:24:e0:ad:ea:07:f2:9f:59:e9:
                    69:1d:a8:3d:5f:89:27:60:f6:e6:6c:26:19:8c:e5:
                    c2:2c:fb:53:a6:2d:f5:62:5d:56:91:d0:87:e9:07:
                    75:a2:3a:03:25:fd:33:8a:09:15:ba:a2:b5:dd:dc:
                    99:81:2e:93:bb:be:1f:44:4b:d1:46:0f:28:72:10:
                    f6:3c:ee:b8:b8:9f:72:f1:81:81:4f:a2:0a:61:e1:
                    94:5f:a5:f6:98:a7:3f:87:dc:51:a5:cc:da:52:8d:
                    d0:dc:ca:4b:d9:2b:fe:e3:8d:39:52:a3:da:6a:c3:
                    ac:d3:85:83:72:a3:2d:17:8d:7e:9a:d6:eb:34:81:
                    a2:43:dd:53:8b:15:24:d1:7e:05:6b:19:20:60:31:
                    ec:12:dc:f7:f0:79:05:33:8d:36:dd:c9:21:57:23:
                    b7:6c:5b:cf:4d:e4:21:e4:50:9a:ff:9d:01:56:db:
                    95:a5:1d:c0:12:d8:85:33:4c:a2:19:f0:43:7d:9d:
                    fa:15:7f:fa:30:38:5e:33:54:8c:7e:07:c0:b5:dd:
                    6a:3c:12:29:05:ee:51:b3:07:17:3d:7b:de:9c:5b:
                    27:2b:4c:96:75:32:9b:48:7e:21:84:12:22:c4:c0:
                    bf:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BC:AC:F9:9F:26:4B:21:76:5A:D8:89:86:9A:28:B7:9A:4B:FB:BE
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/W7ys-Z8mSyF2WtiJhpoot5pL-74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:b4:0e:32:a3:3c:a2:30:f1:e5:7b:de:77:52:13:2e:33:bc:
         51:ca:0d:29:bf:db:bf:8d:db:07:9f:f9:ce:a2:ec:24:89:3a:
         1f:d6:06:1c:0e:f9:af:c1:ab:29:f1:fe:d9:39:60:9f:7e:e8:
         2d:db:3f:8f:8e:c0:53:94:dc:39:44:09:49:d1:42:4a:25:d2:
         90:0e:e9:56:08:e8:2f:89:a2:4d:89:7c:85:d2:ff:0d:d5:c3:
         e0:f9:cf:82:28:93:bd:12:2d:ed:df:a6:20:c6:19:ad:13:0b:
         fb:a9:af:c4:38:b4:0e:6d:5d:7e:25:4e:c7:f5:b1:43:72:19:
         35:c2:14:3d:4e:6c:f3:74:bd:0c:68:40:1f:98:57:35:b3:ff:
         5d:91:ad:e1:e3:7c:d9:fe:6b:62:b9:53:b3:da:70:84:56:38:
         84:6b:e7:28:85:2c:51:b7:87:d2:51:fe:a3:30:c6:80:f0:bc:
         e1:bc:3d:a8:c4:21:20:ce:88:d5:e4:66:4c:59:07:36:20:25:
         dc:2c:ae:7f:da:01:32:ea:17:36:63:8e:a9:8f:79:07:ae:70:
         6b:69:76:b5:de:d6:92:93:d2:24:e9:d4:1e:47:37:11:64:8c:
         44:61:78:e5:34:5c:24:5c:78:31:64:69:73:b6:41:e8:40:f7:
         80:69:1a:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgdSgIKw5UOcj/COCdgtYDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzE4MTEyNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmJjYWNmOTlmMjY0YjIxNzY1YWQ4ODk4NjlhMjhiNzlhNGJmYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uJNHKFQnDQ3d/rEtWAeWjngrxIk
4K3qB/KfWelpHag9X4knYPbmbCYZjOXCLPtTpi31Yl1WkdCH6Qd1ojoDJf0zigkV
uqK13dyZgS6Tu74fREvRRg8ochD2PO64uJ9y8YGBT6IKYeGUX6X2mKc/h9xRpcza
Uo3Q3MpL2Sv+4405UqPaasOs04WDcqMtF41+mtbrNIGiQ91TixUk0X4FaxkgYDHs
Etz38HkFM4023ckhVyO3bFvPTeQh5FCa/50BVtuVpR3AEtiFM0yiGfBDfZ36FX/6
MDheM1SMfgfAtd1qPBIpBe5RswcXPXvenFsnK0yWdTKbSH4hhBIixMC/iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFu8rPmfJkshdlrYiYaaKLeaS/u+MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVzd5cy1aOG1TeUYyV3RpSmhwb290NXBMLTc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KbMA0G
CSqGSIb3DQEBCwUAA4IBAQBVtA4yozyiMPHle953UhMuM7xRyg0pv9u/jdsHn/nO
ouwkiTof1gYcDvmvwasp8f7ZOWCffugt2z+PjsBTlNw5RAlJ0UJKJdKQDulWCOgv
iaJNiXyF0v8N1cPg+c+CKJO9Ei3t36YgxhmtEwv7qa/EOLQObV1+JU7H9bFDchk1
whQ9TmzzdL0MaEAfmFc1s/9dka3h43zZ/mtiuVOz2nCEVjiEa+cohSxRt4fSUf6j
MMaA8LzhvD2oxCEgzojV5GZMWQc2ICXcLK5/2gEy6hc2Y46pj3kHrnBraXa13taS
k9Ik6dQeRzcRZIxEYXjlNFwkXHgxZGlztkHoQPeAaRrZ
-----END CERTIFICATE-----