Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pmHE7aMgewjZt2w5FWDJ77YYJI0.roa
File:                     pmHE7aMgewjZt2w5FWDJ77YYJI0.roa (raw, json)
Hash identifier:          5170YC3IaZNqR8oavpH2suRlVNJP3+GwKuKQt+C0dwE=
Subject key identifier:   A6:61:C4:ED:A3:20:7B:08:D9:B7:6C:39:15:60:C9:EF:B6:18:24:8D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198407328237814F19998E6DED7F97BC3B1
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pmHE7aMgewjZt2w5FWDJ77YYJI0.roa
Signing time:             Fri 25 Jul 2025 07:19:05 +0000
ROA not before:           Fri 25 Jul 2025 07:19:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206378
IP address blocks:        151.240.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:73:28:23:78:14:f1:99:98:e6:de:d7:f9:7b:c3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 25 07:19:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a661c4eda3207b08d9b76c391560c9efb618248d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d9:fc:be:14:4b:c8:b3:d0:ef:a8:b7:02:0c:
                    c9:73:6d:fc:a7:89:0c:07:18:20:ed:e5:7f:01:32:
                    0b:ba:18:ba:58:c7:e9:33:d8:7c:d7:bf:a8:53:0e:
                    73:4e:46:02:cd:e5:c7:10:f4:bd:40:a1:a1:6d:9a:
                    f1:4f:a9:15:14:ac:69:25:ed:3c:cc:07:27:28:da:
                    38:84:13:4c:4c:29:76:ca:3f:8d:cd:01:71:e5:b0:
                    79:f0:7f:a5:00:d3:71:79:3f:0e:ee:ad:41:eb:cf:
                    65:9e:24:f8:c9:b9:cb:35:b1:90:1d:8a:fc:7a:b3:
                    ad:28:b3:35:f7:55:57:88:92:9c:5e:43:e3:e4:99:
                    12:63:13:c8:03:7a:d0:a4:d3:d6:cb:88:d2:9e:e8:
                    0b:13:d5:29:42:72:b7:a2:ee:d9:34:f8:44:fb:46:
                    c6:bb:27:c8:ac:e8:84:2e:4f:11:7a:7c:01:1e:4e:
                    be:85:13:01:05:47:79:2f:54:87:82:cf:a2:f1:f9:
                    08:a4:3b:84:2b:b1:4d:7b:88:f4:98:0c:e1:5c:b8:
                    f3:c7:f5:d6:d0:9e:a2:75:0b:2b:09:49:9c:30:c9:
                    72:08:3d:b4:67:0e:ba:e9:92:1c:f7:73:2c:63:09:
                    40:04:c8:3b:5a:86:39:be:5f:af:32:64:1d:b4:95:
                    16:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:61:C4:ED:A3:20:7B:08:D9:B7:6C:39:15:60:C9:EF:B6:18:24:8D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pmHE7aMgewjZt2w5FWDJ77YYJI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:26:2b:a3:8f:6f:5c:11:55:a3:a7:86:68:eb:3b:13:ff:ad:
         87:5a:42:fb:e9:77:ac:43:ed:0e:45:ec:40:6a:18:4b:1f:7f:
         ed:87:07:2f:51:20:92:fe:01:77:27:ee:b4:da:13:d7:23:3e:
         de:d6:e0:c9:fa:ca:3c:7f:e0:f1:19:32:88:cc:bc:49:df:6e:
         c9:f7:b3:15:88:ea:7a:5a:d1:33:a1:45:4c:65:22:f2:2e:ea:
         78:b1:9f:fb:06:af:f8:c0:f0:ef:4e:6d:e6:ba:c2:57:04:ee:
         ec:40:b6:80:44:66:34:37:e4:89:88:4c:7c:5b:3d:c3:71:aa:
         f7:8c:a8:4b:85:1c:40:d6:e6:6b:84:d7:02:18:b7:45:94:2a:
         88:3f:9d:1b:40:a9:43:bc:0d:e6:f8:4e:ee:cf:b5:70:47:94:
         76:2a:03:36:3d:76:fc:88:58:45:2e:bc:78:74:c8:5c:4f:9f:
         47:61:d0:a8:71:a1:0b:c9:5a:1c:51:22:9c:76:31:19:34:7e:
         b1:91:84:c1:21:bc:7c:aa:f1:42:67:b5:97:81:1a:8c:47:7d:
         3c:fb:50:9c:21:ae:b8:74:c6:f9:e0:34:51:6d:be:af:12:a6:
         6c:64:91:7c:df:e6:db:66:91:2c:fa:78:62:fd:a5:9e:7d:14:
         f0:b9:94:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhAcygjeBTxmZjm3tf5e8OxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzI1MDcxOTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjYxYzRlZGEzMjA3YjA4ZDliNzZjMzkxNTYwYzllZmI2MTgyNDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtn8vhRLyLPQ76i3AgzJc238p4kM
Bxgg7eV/ATILuhi6WMfpM9h817+oUw5zTkYCzeXHEPS9QKGhbZrxT6kVFKxpJe08
zAcnKNo4hBNMTCl2yj+NzQFx5bB58H+lANNxeT8O7q1B689lniT4ybnLNbGQHYr8
erOtKLM191VXiJKcXkPj5JkSYxPIA3rQpNPWy4jSnugLE9UpQnK3ou7ZNPhE+0bG
uyfIrOiELk8RenwBHk6+hRMBBUd5L1SHgs+i8fkIpDuEK7FNe4j0mAzhXLjzx/XW
0J6idQsrCUmcMMlyCD20Zw666ZIc93MsYwlABMg7WoY5vl+vMmQdtJUWOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZhxO2jIHsI2bdsORVgye+2GCSNMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcG1IRTdhTWdld2padDJ3NUZXREo3N1lZSkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/DmMA0G
CSqGSIb3DQEBCwUAA4IBAQARJiujj29cEVWjp4Zo6zsT/62HWkL76XesQ+0ORexA
ahhLH3/thwcvUSCS/gF3J+602hPXIz7e1uDJ+so8f+DxGTKIzLxJ327J97MViOp6
WtEzoUVMZSLyLup4sZ/7Bq/4wPDvTm3musJXBO7sQLaARGY0N+SJiEx8Wz3Dcar3
jKhLhRxA1uZrhNcCGLdFlCqIP50bQKlDvA3m+E7uz7VwR5R2KgM2PXb8iFhFLrx4
dMhcT59HYdCocaELyVocUSKcdjEZNH6xkYTBIbx8qvFCZ7WXgRqMR308+1CcIa64
dMb54DRRbb6vEqZsZJF83+bbZpEs+nhi/aWefRTwuZSR
-----END CERTIFICATE-----