Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qO3dU8R7Cvrnc5H3vGJ8D0njy5c.roa
File:                     qO3dU8R7Cvrnc5H3vGJ8D0njy5c.roa (raw, json)
Hash identifier:          H1MW8jLI6OoX7liBK3MFvGYLz6ozJ0w4R+hx/pb91qY=
Subject key identifier:   A8:ED:DD:53:C4:7B:0A:FA:E7:73:91:F7:BC:62:7C:0F:49:E3:CB:97
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01991D526F3D1425D80972F7E2BC8DFF795E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qO3dU8R7Cvrnc5H3vGJ8D0njy5c.roa
Signing time:             Sat 06 Sep 2025 04:39:25 +0000
ROA not before:           Sat 06 Sep 2025 04:39:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36002
IP address blocks:        151.244.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1d:52:6f:3d:14:25:d8:09:72:f7:e2:bc:8d:ff:79:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  6 04:39:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8eddd53c47b0afae77391f7bc627c0f49e3cb97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8d:8e:d7:f7:3e:cd:5a:a2:0e:94:13:40:f6:
                    58:22:96:32:07:9c:85:56:78:94:6c:8b:d6:1f:0a:
                    21:5d:83:b9:f6:f1:b0:64:01:23:51:db:41:6c:02:
                    c6:64:89:f5:e5:32:ce:38:36:93:1b:79:19:0c:b0:
                    af:50:3e:ca:bb:8f:e6:d7:ff:56:fc:2f:68:b2:52:
                    20:62:ba:04:96:e9:b7:41:c0:fb:9d:e3:11:d2:7f:
                    46:0a:8d:ed:56:74:0f:73:91:94:12:73:eb:47:2b:
                    d4:33:10:90:f7:bd:0e:8a:0d:2a:43:a2:94:e1:2f:
                    08:ed:26:cf:30:97:0c:70:94:58:5e:fe:1d:2b:be:
                    d7:6f:59:54:0a:46:14:0c:b8:17:e3:7e:30:b6:6b:
                    01:09:23:98:58:67:7c:1f:70:9f:dc:d4:15:a9:c1:
                    68:0a:0a:32:d9:24:d3:32:61:48:84:07:c3:aa:bc:
                    1d:62:ee:08:1d:e5:63:c2:cf:0f:64:9a:3f:00:d1:
                    15:c9:0d:c6:1c:dd:67:51:73:a1:24:06:41:66:9d:
                    82:8d:fe:60:8c:a6:57:f9:08:4f:66:8c:7f:1f:0e:
                    2e:80:08:42:40:01:ed:00:dc:b7:e1:3d:30:6c:c5:
                    6a:67:2c:da:18:ce:2a:d7:f4:dc:a1:8e:9b:09:fa:
                    0a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:ED:DD:53:C4:7B:0A:FA:E7:73:91:F7:BC:62:7C:0F:49:E3:CB:97
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qO3dU8R7Cvrnc5H3vGJ8D0njy5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:41:f5:02:fb:7a:b1:81:fb:a5:f3:f1:59:1a:f2:92:f9:40:
         7e:ee:c0:82:e3:90:b0:df:10:ad:5f:33:e6:32:3f:84:52:e0:
         08:61:4b:da:f7:16:08:73:3e:cb:fc:cc:6f:25:eb:63:5a:34:
         9f:dc:9a:27:c2:3c:a5:e1:0b:5f:fa:bb:dd:1d:dc:5e:29:50:
         3d:b6:03:05:92:5c:c2:e3:ef:d5:89:66:f8:f5:5f:16:e8:5f:
         7e:f9:5b:26:b7:7c:c7:8e:a8:aa:59:a9:ca:d9:75:9c:04:8a:
         ff:9b:83:a9:96:43:ea:cf:d6:51:7c:27:6a:8f:26:3f:8f:6d:
         ed:7a:62:a0:70:00:40:59:1d:09:98:1d:87:3c:9b:d6:c3:85:
         87:ff:b0:e6:07:6e:f0:d4:b1:dd:13:0b:cd:7b:11:ae:44:c5:
         00:cf:32:e4:64:75:b2:01:46:32:51:64:16:c7:3d:d9:cb:90:
         96:bd:5c:08:ce:a6:35:05:a0:75:91:95:aa:a8:e8:4b:08:ab:
         3f:e0:8b:c0:b1:d0:2a:b7:79:00:26:4f:03:b9:da:c2:72:5d:
         c9:bc:cd:60:86:9d:7a:09:ac:87:d8:46:20:ef:87:9b:b7:c1:
         98:05:67:75:e3:0f:4e:90:cf:d2:54:4e:3e:50:a6:cf:74:8a:
         4b:ba:67:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkdUm89FCXYCXL34ryN/3leMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTA2MDQzOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVkZGQ1M2M0N2IwYWZhZTc3MzkxZjdiYzYyN2MwZjQ5ZTNjYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoY2O1/c+zVqiDpQTQPZYIpYyB5yF
VniUbIvWHwohXYO59vGwZAEjUdtBbALGZIn15TLOODaTG3kZDLCvUD7Ku4/m1/9W
/C9oslIgYroElum3QcD7neMR0n9GCo3tVnQPc5GUEnPrRyvUMxCQ970Oig0qQ6KU
4S8I7SbPMJcMcJRYXv4dK77Xb1lUCkYUDLgX434wtmsBCSOYWGd8H3Cf3NQVqcFo
Cgoy2STTMmFIhAfDqrwdYu4IHeVjws8PZJo/ANEVyQ3GHN1nUXOhJAZBZp2Cjf5g
jKZX+QhPZox/Hw4ugAhCQAHtANy34T0wbMVqZyzaGM4q1/TcoY6bCfoK2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjt3VPEewr653OR97xifA9J48uXMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcU8zZFU4UjdDdnJuYzVIM3ZHSjhEMG5qeTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/SGMA0G
CSqGSIb3DQEBCwUAA4IBAQBdQfUC+3qxgful8/FZGvKS+UB+7sCC45Cw3xCtXzPm
Mj+EUuAIYUva9xYIcz7L/MxvJetjWjSf3Jonwjyl4Qtf+rvdHdxeKVA9tgMFklzC
4+/ViWb49V8W6F9++Vsmt3zHjqiqWanK2XWcBIr/m4OplkPqz9ZRfCdqjyY/j23t
emKgcABAWR0JmB2HPJvWw4WH/7DmB27w1LHdEwvNexGuRMUAzzLkZHWyAUYyUWQW
xz3Zy5CWvVwIzqY1BaB1kZWqqOhLCKs/4IvAsdAqt3kAJk8DudrCcl3JvM1ghp16
CayH2EYg74ebt8GYBWd14w9OkM/SVE4+UKbPdIpLumch
-----END CERTIFICATE-----