Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aEbtmg-M_GRDJLIElNBUtMwb9Rk.roa
File:                     aEbtmg-M_GRDJLIElNBUtMwb9Rk.roa (raw, json)
Hash identifier:          yR1xXquL+xjo5vIwHWPceZxOtjDbu4c3R7zvJ0wAcsA=
Subject key identifier:   68:46:ED:9A:0F:8C:FC:64:43:24:B2:04:94:D0:54:B4:CC:1B:F5:19
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198407D3A13042B2C143C5C71A5187F38EF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aEbtmg-M_GRDJLIElNBUtMwb9Rk.roa
Signing time:             Fri 25 Jul 2025 07:30:05 +0000
ROA not before:           Fri 25 Jul 2025 07:30:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207847
IP address blocks:        151.242.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:7d:3a:13:04:2b:2c:14:3c:5c:71:a5:18:7f:38:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 25 07:30:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6846ed9a0f8cfc644324b20494d054b4cc1bf519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ee:4e:fa:68:27:ca:76:16:d0:de:0e:47:cc:
                    cf:bd:4f:19:c6:8d:99:17:93:6d:0d:8b:cc:17:c1:
                    f0:1f:86:60:aa:c0:35:4e:98:dc:54:49:57:e4:ce:
                    7e:c8:ef:34:28:e4:71:93:ef:10:e8:0b:15:3e:ae:
                    ae:5f:ca:cf:c4:e6:49:1f:58:bf:93:d3:18:32:84:
                    b3:00:35:7b:d5:3b:43:cb:78:41:55:b1:da:fc:28:
                    2b:97:5c:f4:aa:93:5a:b8:6b:7c:c9:06:f4:db:8e:
                    95:f5:92:6d:6d:89:4b:38:76:2d:05:f8:c5:c0:24:
                    3d:a1:f6:70:27:8e:34:30:32:dc:5f:38:e0:a2:53:
                    32:b8:fd:49:f2:6e:b3:dc:c0:2b:92:d8:61:1d:df:
                    a9:44:83:e4:b3:6f:17:e4:36:72:bb:03:4c:75:5a:
                    35:a3:dc:f7:3a:1a:85:05:f1:67:63:1c:97:2b:94:
                    f9:03:f4:80:33:f5:2f:42:9d:6d:42:da:ca:54:7a:
                    db:e9:7e:76:e3:7b:34:78:9c:07:c9:38:98:2e:66:
                    aa:b5:e2:55:42:27:b0:cf:07:91:a3:31:ea:81:cb:
                    16:77:49:69:d2:84:62:6d:c1:54:82:3b:f3:c4:3d:
                    01:71:28:0d:78:7f:23:33:f5:75:34:9d:0f:3f:08:
                    03:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:46:ED:9A:0F:8C:FC:64:43:24:B2:04:94:D0:54:B4:CC:1B:F5:19
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aEbtmg-M_GRDJLIElNBUtMwb9Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:75:b8:f9:35:7a:89:4f:ca:0d:a4:17:2c:a9:10:35:3e:00:
         52:69:b5:15:2c:7f:6a:49:9f:0f:63:eb:25:de:55:fe:7c:4e:
         0f:a7:81:50:cd:e7:f1:32:bb:c3:3b:2d:ef:6b:4e:a1:51:e5:
         bb:50:4c:bb:ad:8b:cf:3a:1c:e0:4e:59:c6:48:b6:22:6d:01:
         2b:05:60:25:8e:90:56:5c:56:93:97:2e:3e:6b:d3:47:0e:81:
         c0:94:26:3f:5c:4e:69:c6:ec:29:76:dd:ed:5b:2f:e8:8a:c4:
         d9:e4:2f:f2:69:cb:d7:c8:bf:6a:12:e1:91:cb:63:ab:86:d8:
         5f:5d:d5:3f:f2:68:ff:f3:c8:98:75:d9:18:ee:91:53:21:07:
         a4:b4:64:c7:64:e6:11:eb:4b:1d:00:8f:c1:df:aa:8a:e8:84:
         19:7a:de:e2:26:c3:34:1f:cb:d2:e8:71:44:74:c2:91:fb:b9:
         14:81:05:df:94:fe:b9:22:aa:fb:75:04:14:25:4e:bc:13:a7:
         30:62:b9:9e:73:d8:9a:69:89:0a:a9:d6:e8:d8:81:6e:e9:f9:
         cf:89:10:6d:5c:8c:85:9c:03:85:3f:c7:d7:a4:b2:5c:2b:e1:
         d4:cf:a1:f7:b7:d2:a8:e3:92:93:75:82:29:5a:c3:fb:d7:c0:
         35:0e:6d:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhAfToTBCssFDxccaUYfzjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzI1MDczMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQ2ZWQ5YTBmOGNmYzY0NDMyNGIyMDQ5NGQwNTRiNGNjMWJmNTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO5O+mgnynYW0N4OR8zPvU8Zxo2Z
F5NtDYvMF8HwH4ZgqsA1TpjcVElX5M5+yO80KORxk+8Q6AsVPq6uX8rPxOZJH1i/
k9MYMoSzADV71TtDy3hBVbHa/Cgrl1z0qpNauGt8yQb0246V9ZJtbYlLOHYtBfjF
wCQ9ofZwJ440MDLcXzjgolMyuP1J8m6z3MArkthhHd+pRIPks28X5DZyuwNMdVo1
o9z3OhqFBfFnYxyXK5T5A/SAM/UvQp1tQtrKVHrb6X5243s0eJwHyTiYLmaqteJV
QiewzweRozHqgcsWd0lp0oRibcFUgjvzxD0BcSgNeH8jM/V1NJ0PPwgDiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhG7ZoPjPxkQySyBJTQVLTMG/UZMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYUVidG1nLU1fR1JESkxJRWxOQlV0TXdiOVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/ICMA0G
CSqGSIb3DQEBCwUAA4IBAQBCdbj5NXqJT8oNpBcsqRA1PgBSabUVLH9qSZ8PY+sl
3lX+fE4Pp4FQzefxMrvDOy3va06hUeW7UEy7rYvPOhzgTlnGSLYibQErBWAljpBW
XFaTly4+a9NHDoHAlCY/XE5pxuwpdt3tWy/oisTZ5C/yacvXyL9qEuGRy2Orhthf
XdU/8mj/88iYddkY7pFTIQektGTHZOYR60sdAI/B36qK6IQZet7iJsM0H8vS6HFE
dMKR+7kUgQXflP65Iqr7dQQUJU68E6cwYrmec9iaaYkKqdbo2IFu6fnPiRBtXIyF
nAOFP8fXpLJcK+HUz6H3t9Ko45KTdYIpWsP718A1Dm0x
-----END CERTIFICATE-----