Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kpVrOvgGDsR4NHa7wApjat8PFQg.roa
File:                     kpVrOvgGDsR4NHa7wApjat8PFQg.roa (raw, json)
Hash identifier:          3gbjeuIBI0dNxCn9ADkczW8efRCLMuuI/qbmfhgH8yQ=
Subject key identifier:   92:95:6B:3A:F8:06:0E:C4:78:34:76:BB:C0:0A:63:6A:DF:0F:15:08
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197E85848DEB35E2D38B82A00309ED90491
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kpVrOvgGDsR4NHa7wApjat8PFQg.roa
Signing time:             Tue 08 Jul 2025 04:43:09 +0000
ROA not before:           Tue 08 Jul 2025 04:43:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26042
IP address blocks:        151.244.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e8:58:48:de:b3:5e:2d:38:b8:2a:00:30:9e:d9:04:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  8 04:43:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92956b3af8060ec4783476bbc00a636adf0f1508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:33:af:3b:37:c8:1b:a5:70:ad:98:38:46:d1:
                    26:c9:22:be:11:3a:fb:08:c7:65:8a:13:74:c6:88:
                    ed:2a:95:39:b5:3d:d8:fb:c3:2d:31:f4:b3:14:1c:
                    f0:a4:38:80:5d:92:11:5e:da:cf:99:33:43:a7:1e:
                    b3:27:cd:46:05:6b:67:b6:99:d5:f0:c2:87:ae:0e:
                    aa:a7:1d:6f:7f:3c:e8:d2:01:bc:3b:ac:88:59:04:
                    b0:d1:9b:a2:97:c3:ec:e6:a3:a4:b8:80:d4:bf:39:
                    e2:65:39:4e:5b:55:60:b8:fc:0a:de:03:87:82:38:
                    19:61:58:72:a2:ef:61:5d:5a:b6:77:a8:86:c2:e7:
                    b5:38:96:90:e6:97:3d:2d:50:e3:b9:22:02:72:05:
                    e1:10:46:cd:96:a6:2e:9d:87:0d:c7:f1:b1:44:13:
                    f2:fa:49:9f:c9:b5:ae:b7:d5:4e:cb:47:f5:3d:39:
                    e4:b1:96:5b:1b:81:dc:fb:e5:78:b1:12:52:bc:ac:
                    8e:45:4e:19:f3:b9:d2:5b:87:24:e0:79:59:39:7d:
                    a3:df:7c:61:fc:95:ff:5b:95:89:1c:c4:30:08:a9:
                    43:e2:fc:d1:40:cd:ec:3f:2b:3f:f7:4c:6e:b5:2a:
                    d2:ba:ef:16:8b:68:62:17:e7:57:f4:93:9f:76:ed:
                    a4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:95:6B:3A:F8:06:0E:C4:78:34:76:BB:C0:0A:63:6A:DF:0F:15:08
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/kpVrOvgGDsR4NHa7wApjat8PFQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c2:ce:06:ee:6c:1e:eb:f3:74:77:0a:3d:5e:ab:89:dd:6f:
         01:a2:1c:74:61:af:cd:fa:ad:76:d1:1e:dc:93:02:68:04:81:
         cd:41:df:2b:35:f8:b9:d7:0e:1f:c9:b8:ce:1a:f0:15:d9:ec:
         27:8c:c0:c6:7a:fa:5e:6c:60:e4:92:82:b9:4c:41:0b:59:0f:
         d9:c8:9c:25:54:eb:e0:3c:80:f6:01:33:11:c6:2d:a4:e7:41:
         67:5d:11:70:4b:f6:46:5a:fb:e8:6a:4a:d5:a4:3e:59:d4:84:
         ec:27:09:b4:12:ff:c0:21:b4:3f:d3:f1:cd:c0:43:5b:31:ca:
         15:45:15:d5:30:a2:32:0c:80:5e:35:b3:37:ed:05:90:ac:d5:
         a3:4a:5c:ed:5d:bf:a6:e9:78:ac:ac:a5:8a:2e:54:7f:87:0c:
         c3:3b:2c:0b:92:87:82:0a:62:77:9f:d9:06:42:64:b4:65:e9:
         fa:65:e2:af:3d:fb:2e:fa:62:7a:d0:1e:1a:eb:6c:33:c7:ed:
         eb:bd:64:03:82:c2:26:49:7d:52:39:87:d1:c8:b3:71:c9:10:
         86:89:e4:df:79:06:1e:01:78:67:c5:f4:fa:1a:5e:84:25:8c:
         e3:90:c2:2a:3a:8b:b0:de:11:0f:75:c1:39:59:b1:79:29:d2:
         82:87:cf:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfoWEjes14tOLgqADCe2QSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA4MDQ0MzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjk1NmIzYWY4MDYwZWM0NzgzNDc2YmJjMDBhNjM2YWRmMGYxNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjOvOzfIG6VwrZg4RtEmySK+ETr7
CMdlihN0xojtKpU5tT3Y+8MtMfSzFBzwpDiAXZIRXtrPmTNDpx6zJ81GBWtntpnV
8MKHrg6qpx1vfzzo0gG8O6yIWQSw0Zuil8Ps5qOkuIDUvzniZTlOW1VguPwK3gOH
gjgZYVhyou9hXVq2d6iGwue1OJaQ5pc9LVDjuSICcgXhEEbNlqYunYcNx/GxRBPy
+kmfybWut9VOy0f1PTnksZZbG4Hc++V4sRJSvKyORU4Z87nSW4ck4HlZOX2j33xh
/JX/W5WJHMQwCKlD4vzRQM3sPys/90xutSrSuu8Wi2hiF+dX9JOfdu2kJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKVazr4Bg7EeDR2u8AKY2rfDxUIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEva3BWck92Z0dEc1I0TkhhN3dBcGphdDhQRlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/TnMA0G
CSqGSIb3DQEBCwUAA4IBAQCCws4G7mwe6/N0dwo9XquJ3W8Bohx0Ya/N+q120R7c
kwJoBIHNQd8rNfi51w4fybjOGvAV2ewnjMDGevpebGDkkoK5TEELWQ/ZyJwlVOvg
PID2ATMRxi2k50FnXRFwS/ZGWvvoakrVpD5Z1ITsJwm0Ev/AIbQ/0/HNwENbMcoV
RRXVMKIyDIBeNbM37QWQrNWjSlztXb+m6XisrKWKLlR/hwzDOywLkoeCCmJ3n9kG
QmS0Zen6ZeKvPfsu+mJ60B4a62wzx+3rvWQDgsImSX1SOYfRyLNxyRCGieTfeQYe
AXhnxfT6Gl6EJYzjkMIqOouw3hEPdcE5WbF5KdKCh88H
-----END CERTIFICATE-----