Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_bxHwPyQL2R72m5FdpD0vp39Dho.roa
File:                     _bxHwPyQL2R72m5FdpD0vp39Dho.roa (raw, json)
Hash identifier:          AMwCSrZJ3cpa8T+VNkePYxrAo2HG3nKnO4XUkyN3rcg=
Subject key identifier:   FD:BC:47:C0:FC:90:2F:64:7B:DA:6E:45:76:90:F4:BE:9D:FD:0E:1A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197E85849D407D0897CD052DD463217A522
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_bxHwPyQL2R72m5FdpD0vp39Dho.roa
Signing time:             Tue 08 Jul 2025 04:43:09 +0000
ROA not before:           Tue 08 Jul 2025 04:43:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401558
IP address blocks:        151.242.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e8:58:49:d4:07:d0:89:7c:d0:52:dd:46:32:17:a5:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  8 04:43:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdbc47c0fc902f647bda6e457690f4be9dfd0e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:45:b6:0c:7e:08:ec:c1:f1:f2:ef:d3:d8:70:
                    44:a5:18:a2:d3:94:48:ab:95:5a:ba:09:9e:94:a2:
                    9b:cd:93:b8:08:71:0d:a9:4d:b8:ab:8b:59:0d:a4:
                    b1:28:39:dc:0a:e2:63:57:6e:95:98:5f:fc:25:c2:
                    7c:ef:8f:8f:60:79:e9:ee:28:d7:4e:88:7b:8c:25:
                    83:0e:f0:29:82:be:62:12:b2:2f:61:d0:0b:3d:39:
                    5a:84:5a:02:3a:38:dc:0c:a6:bf:88:76:a2:c9:bb:
                    2a:dc:19:fa:c7:8c:4a:67:85:8a:63:bd:1c:f6:ed:
                    91:69:b1:5a:fc:41:e5:5d:13:46:bb:f8:53:60:44:
                    c4:1e:9c:55:51:f8:c1:5a:02:da:69:35:a9:e5:0e:
                    e7:7e:e7:b8:7b:e2:d9:03:a2:b3:68:2c:87:6b:02:
                    0d:ec:cb:16:ea:e1:c0:dc:39:43:6b:12:1f:a6:a0:
                    db:c3:7e:e7:3e:82:cb:f0:d9:1d:0b:c2:ab:13:27:
                    e0:c6:75:21:b1:86:0c:31:2a:66:43:e4:f3:10:bb:
                    b9:d7:e3:84:83:68:0a:d1:b4:f1:2c:fc:77:4d:eb:
                    2c:d4:2b:eb:57:ae:30:68:88:b0:39:67:30:a6:3d:
                    c8:18:31:dc:96:0b:c2:f4:94:34:bc:01:f8:7a:e4:
                    60:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BC:47:C0:FC:90:2F:64:7B:DA:6E:45:76:90:F4:BE:9D:FD:0E:1A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_bxHwPyQL2R72m5FdpD0vp39Dho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c3:31:a7:9a:06:b2:33:ab:e8:ff:74:5d:4f:a7:57:79:aa:
         09:39:0b:50:f7:2e:ed:95:78:3e:cb:0a:33:2c:ed:9f:db:a2:
         6d:3e:e6:16:fa:6b:6f:0e:b1:1f:cf:ae:47:fc:89:34:74:8d:
         b1:dd:9d:16:20:4b:d9:9e:e1:8f:2d:a4:8f:e5:fa:a3:8d:89:
         ae:1a:0f:b3:33:d7:18:2c:b7:3d:9a:f7:3c:a5:06:39:b2:ed:
         16:92:b3:fb:eb:91:00:78:9c:c5:c7:ae:38:15:f9:6f:3a:fb:
         18:4d:cf:c3:ce:f7:99:9b:ba:66:d0:c5:87:f2:33:0c:d2:26:
         d7:a7:d3:59:ec:60:05:da:7b:04:4a:85:54:ba:c8:12:9e:a7:
         74:d5:cf:6b:0f:9c:14:94:11:39:91:f6:2e:d6:de:f0:10:30:
         dd:3f:e2:93:63:d3:28:4b:9d:b5:45:0d:96:a4:f9:58:5e:c6:
         84:7a:6e:65:5e:ac:37:21:62:40:f7:75:d8:c0:87:38:32:81:
         6c:85:e6:13:3a:3e:20:3a:82:da:4d:64:0f:9d:10:45:f6:f4:
         a2:79:ef:e5:b7:c7:7d:1f:0f:29:c7:3c:f2:12:c4:d2:15:0a:
         9b:a1:a3:40:14:a7:04:b3:84:4d:cf:1e:52:86:d4:2e:89:6e:
         d4:79:7d:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfoWEnUB9CJfNBS3UYyF6UiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA4MDQ0MzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGJjNDdjMGZjOTAyZjY0N2JkYTZlNDU3NjkwZjRiZTlkZmQwZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUW2DH4I7MHx8u/T2HBEpRii05RI
q5VaugmelKKbzZO4CHENqU24q4tZDaSxKDncCuJjV26VmF/8JcJ874+PYHnp7ijX
Toh7jCWDDvApgr5iErIvYdALPTlahFoCOjjcDKa/iHaiybsq3Bn6x4xKZ4WKY70c
9u2RabFa/EHlXRNGu/hTYETEHpxVUfjBWgLaaTWp5Q7nfue4e+LZA6KzaCyHawIN
7MsW6uHA3DlDaxIfpqDbw37nPoLL8NkdC8KrEyfgxnUhsYYMMSpmQ+TzELu51+OE
g2gK0bTxLPx3Tess1CvrV64waIiwOWcwpj3IGDHclgvC9JQ0vAH4euRg2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP28R8D8kC9ke9puRXaQ9L6d/Q4aMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvX2J4SHdQeVFMMlI3Mm01RmRwRDB2cDM5RGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JbMA0G
CSqGSIb3DQEBCwUAA4IBAQBnwzGnmgayM6vo/3RdT6dXeaoJOQtQ9y7tlXg+ywoz
LO2f26JtPuYW+mtvDrEfz65H/Ik0dI2x3Z0WIEvZnuGPLaSP5fqjjYmuGg+zM9cY
LLc9mvc8pQY5su0WkrP765EAeJzFx644FflvOvsYTc/DzveZm7pm0MWH8jMM0ibX
p9NZ7GAF2nsESoVUusgSnqd01c9rD5wUlBE5kfYu1t7wEDDdP+KTY9MoS521RQ2W
pPlYXsaEem5lXqw3IWJA93XYwIc4MoFsheYTOj4gOoLaTWQPnRBF9vSiee/lt8d9
Hw8pxzzyEsTSFQqboaNAFKcEs4RNzx5ShtQuiW7UeX2W
-----END CERTIFICATE-----