Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pao_dxghBD0NhpijXC5l3hOlxNw.roa
File:                     pao_dxghBD0NhpijXC5l3hOlxNw.roa (raw, json)
Hash identifier:          e1XPyhcOl6if/Tdv2Y6glP1wjTqaYHOQhG8jyP9XWJ8=
Subject key identifier:   A5:AA:3F:77:18:21:04:3D:0D:86:98:A3:5C:2E:65:DE:13:A5:C4:DC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197FDF966C1375FE6256D039A6025CAA1E3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pao_dxghBD0NhpijXC5l3hOlxNw.roa
Signing time:             Sat 12 Jul 2025 09:31:09 +0000
ROA not before:           Sat 12 Jul 2025 09:31:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205463
IP address blocks:        151.240.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fd:f9:66:c1:37:5f:e6:25:6d:03:9a:60:25:ca:a1:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 12 09:31:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5aa3f771821043d0d8698a35c2e65de13a5c4dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:87:8c:eb:b8:a4:2d:b4:39:65:19:db:d0:40:
                    38:1b:5e:c2:cb:c5:da:bc:57:d6:2d:4d:8c:0a:ec:
                    db:66:bb:a0:e9:65:ac:38:5f:76:0e:3c:bb:69:2c:
                    b1:87:5f:a2:4c:ff:fe:5f:21:77:7d:b1:91:ca:77:
                    14:33:41:cb:6e:90:23:7c:65:ed:06:08:13:bf:e3:
                    19:74:c9:47:20:c3:32:4a:39:96:5d:db:66:de:f4:
                    6f:f3:e4:b9:72:b0:33:22:d2:29:48:96:d4:0d:f2:
                    bc:e3:fa:88:af:5c:10:0e:32:99:c9:70:d0:b5:b9:
                    9b:c4:9a:de:6e:dc:c5:d0:95:09:19:aa:3d:3c:68:
                    56:1c:ea:79:7f:a7:f9:a6:95:b6:29:cc:8d:96:41:
                    c4:6e:6b:fa:3a:32:3d:ed:2f:be:b0:cb:76:03:54:
                    af:a3:3f:c7:0c:4e:82:13:22:66:82:cb:5b:48:5a:
                    70:66:89:cc:13:f4:6b:26:df:64:4b:91:d4:cd:ef:
                    75:d3:6b:bc:04:23:8c:01:69:49:9c:42:46:3b:49:
                    3d:9d:e2:fa:13:71:b6:31:6d:ee:5d:6e:17:f1:c4:
                    40:3f:54:6f:8f:98:39:aa:11:19:6b:b8:be:a5:dd:
                    99:84:a1:74:43:4e:16:9f:c8:9f:79:12:75:96:d0:
                    af:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:AA:3F:77:18:21:04:3D:0D:86:98:A3:5C:2E:65:DE:13:A5:C4:DC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pao_dxghBD0NhpijXC5l3hOlxNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:f5:18:57:66:44:46:bd:6b:b0:01:e8:e3:1f:b8:8f:da:13:
         23:94:67:49:48:50:9a:82:fc:4d:16:11:48:53:22:0a:89:75:
         92:4d:41:48:6f:da:d7:54:ad:8d:fd:83:7c:71:33:dc:02:44:
         91:97:3f:97:42:e3:d2:29:2f:e2:d2:f0:62:db:ee:2e:96:13:
         54:81:63:c8:16:a2:90:98:54:82:d7:3c:8d:14:d6:a8:2e:31:
         da:fe:62:94:be:ce:4a:26:05:ed:1d:85:0a:67:7b:e3:9f:e0:
         58:88:81:55:d5:8e:cb:18:0c:39:dc:46:25:fc:09:83:4d:73:
         11:24:04:c1:61:a1:9e:76:ad:67:4a:2e:37:4a:41:08:e5:ff:
         45:a4:eb:91:3c:a0:c0:e6:42:dd:b0:05:15:98:b3:3a:bf:18:
         8b:88:a5:bc:de:d2:a4:74:4f:4e:64:ad:58:d9:64:57:47:a7:
         a4:ca:1b:fb:8d:f5:c1:4e:07:b4:e7:84:eb:ef:ac:34:71:3b:
         07:0c:29:11:2f:89:60:ae:8e:8f:cc:93:f8:c3:47:e1:1f:1a:
         fb:c3:61:9d:87:9c:3f:82:f5:71:77:cb:87:e5:e8:5f:46:b4:
         e2:44:ec:a4:40:dc:e8:95:7d:8f:4d:5d:40:84:f1:83:21:f7:
         7d:a3:a9:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf9+WbBN1/mJW0DmmAlyqHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzEyMDkzMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWFhM2Y3NzE4MjEwNDNkMGQ4Njk4YTM1YzJlNjVkZTEzYTVjNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIeM67ikLbQ5ZRnb0EA4G17Cy8Xa
vFfWLU2MCuzbZrug6WWsOF92Djy7aSyxh1+iTP/+XyF3fbGRyncUM0HLbpAjfGXt
BggTv+MZdMlHIMMySjmWXdtm3vRv8+S5crAzItIpSJbUDfK84/qIr1wQDjKZyXDQ
tbmbxJrebtzF0JUJGao9PGhWHOp5f6f5ppW2KcyNlkHEbmv6OjI97S++sMt2A1Sv
oz/HDE6CEyJmgstbSFpwZonME/RrJt9kS5HUze9102u8BCOMAWlJnEJGO0k9neL6
E3G2MW3uXW4X8cRAP1Rvj5g5qhEZa7i+pd2ZhKF0Q04Wn8ifeRJ1ltCvDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWqP3cYIQQ9DYaYo1wuZd4TpcTcMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcGFvX2R4Z2hCRDBOaHBpalhDNWwzaE9seE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/BMMA0G
CSqGSIb3DQEBCwUAA4IBAQBX9RhXZkRGvWuwAejjH7iP2hMjlGdJSFCagvxNFhFI
UyIKiXWSTUFIb9rXVK2N/YN8cTPcAkSRlz+XQuPSKS/i0vBi2+4ulhNUgWPIFqKQ
mFSC1zyNFNaoLjHa/mKUvs5KJgXtHYUKZ3vjn+BYiIFV1Y7LGAw53EYl/AmDTXMR
JATBYaGedq1nSi43SkEI5f9FpOuRPKDA5kLdsAUVmLM6vxiLiKW83tKkdE9OZK1Y
2WRXR6ekyhv7jfXBTge054Tr76w0cTsHDCkRL4lgro6PzJP4w0fhHxr7w2Gdh5w/
gvVxd8uH5ehfRrTiROykQNzolX2PTV1AhPGDIfd9o6m0
-----END CERTIFICATE-----