Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rnJwTECm7pjdoncsiJOsGBkgr7w.roa
File:                     rnJwTECm7pjdoncsiJOsGBkgr7w.roa (raw, json)
Hash identifier:          SXFnWn/EBG2QmZZi+c84Qssba+1+JxhUOQzIzQzrH5E=
Subject key identifier:   AE:72:70:4C:40:A6:EE:98:DD:A2:77:2C:88:93:AC:18:19:20:AF:BC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019748B349ECF07835F3655E411DF35B9972
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rnJwTECm7pjdoncsiJOsGBkgr7w.roa
Signing time:             Sat 07 Jun 2025 04:43:18 +0000
ROA not before:           Sat 07 Jun 2025 04:43:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141968
IP address blocks:        151.240.0.0/24 maxlen: 24
                          151.243.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:48:b3:49:ec:f0:78:35:f3:65:5e:41:1d:f3:5b:99:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  7 04:43:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae72704c40a6ee98dda2772c8893ac181920afbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:86:00:4f:d4:8d:93:0b:f9:3a:58:94:56:71:
                    36:d7:e0:97:4d:eb:89:e8:4e:20:5e:86:04:c7:4b:
                    3e:b5:7f:a2:7b:03:fe:cd:24:90:41:68:fd:46:e4:
                    43:2e:5e:88:d5:b2:28:6e:c1:a8:5b:4a:ce:40:d8:
                    00:b1:88:94:bd:00:fb:ca:b2:e4:94:b0:dc:bb:fb:
                    a8:83:0c:6c:29:3e:51:27:9b:3c:5b:82:43:7d:34:
                    a1:b8:ca:74:e5:56:6a:16:4e:53:ae:2a:23:83:24:
                    bb:e0:4d:3a:19:56:2d:91:e9:c8:6b:e6:75:cc:43:
                    25:b1:d6:f0:db:76:36:00:ef:74:8d:4c:09:64:e3:
                    bd:c8:98:ef:78:aa:db:21:86:01:77:f9:59:e3:84:
                    33:d9:7c:8c:12:73:39:d1:0e:c3:af:56:30:36:97:
                    69:c0:bd:74:83:eb:0c:b6:ad:a4:89:bf:78:5a:09:
                    95:2f:9c:18:f0:09:17:c7:59:c7:50:27:b0:c7:31:
                    cc:e5:f1:03:9d:0d:16:9a:33:af:e0:b2:05:84:9a:
                    5d:92:29:cd:82:8e:f7:e3:d4:79:4f:92:b7:87:95:
                    6f:d8:c1:b6:0e:40:83:d2:8d:97:95:df:e0:48:db:
                    0a:89:14:e3:00:c7:cf:0f:10:e7:e2:ae:a3:51:53:
                    1c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:72:70:4C:40:A6:EE:98:DD:A2:77:2C:88:93:AC:18:19:20:AF:BC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rnJwTECm7pjdoncsiJOsGBkgr7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.0.0/24
                  151.243.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:d6:ec:6a:ee:33:da:61:77:27:b2:f7:56:0a:eb:42:b1:b1:
         83:10:74:64:cf:87:93:ff:d6:9d:0f:fe:6d:0a:92:5f:a9:c9:
         31:3f:d8:f0:2f:57:4b:02:6e:f2:54:77:8f:a5:af:47:ae:04:
         3b:f3:1c:d4:b8:67:b9:4d:9f:82:16:58:7b:d2:b5:c6:98:0f:
         44:d1:f6:82:06:96:ca:0f:02:3a:e3:e6:8d:7a:73:ff:a0:b7:
         27:f1:c3:32:f9:38:80:b2:e1:56:7c:8f:06:62:cf:de:79:2d:
         55:1c:11:39:3d:9f:af:12:e0:78:13:09:be:f0:8a:5e:f3:21:
         cc:81:4d:78:ae:3d:bf:c8:3b:8e:e6:a8:c7:ae:58:ab:31:f7:
         e5:85:9c:33:7d:16:df:78:c9:d2:15:de:a6:29:4b:93:6c:f4:
         73:6c:fd:e8:cc:70:82:10:f7:16:ba:7d:65:2a:df:7b:46:4f:
         f7:a4:29:fd:33:af:7f:84:40:8c:80:fc:d3:e8:74:12:10:b9:
         02:3f:1c:5c:78:56:4c:c9:b4:86:92:aa:4c:62:bd:50:01:40:
         2f:be:bb:9b:43:60:cd:b8:4c:5c:fb:19:3b:11:30:de:fb:66:
         fa:4a:70:a8:1b:68:ec:fd:f5:89:c0:40:5b:c5:61:53:c5:89:
         95:90:9c:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdIs0ns8Hg182VeQR3zW5lyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjA3MDQ0MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcyNzA0YzQwYTZlZTk4ZGRhMjc3MmM4ODkzYWMxODE5MjBhZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYYAT9SNkwv5OliUVnE21+CXTeuJ
6E4gXoYEx0s+tX+iewP+zSSQQWj9RuRDLl6I1bIobsGoW0rOQNgAsYiUvQD7yrLk
lLDcu/uogwxsKT5RJ5s8W4JDfTShuMp05VZqFk5TriojgyS74E06GVYtkenIa+Z1
zEMlsdbw23Y2AO90jUwJZOO9yJjveKrbIYYBd/lZ44Qz2XyMEnM50Q7Dr1YwNpdp
wL10g+sMtq2kib94WgmVL5wY8AkXx1nHUCewxzHM5fEDnQ0WmjOv4LIFhJpdkinN
go7349R5T5K3h5Vv2MG2DkCD0o2Xld/gSNsKiRTjAMfPDxDn4q6jUVMcqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK5ycExApu6Y3aJ3LIiTrBgZIK+8MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcm5Kd1RFQ203cGpkb25jc2lKT3NHQmtncjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/AAAwQA
l/PeMA0GCSqGSIb3DQEBCwUAA4IBAQCD1uxq7jPaYXcnsvdWCutCsbGDEHRkz4eT
/9adD/5tCpJfqckxP9jwL1dLAm7yVHePpa9HrgQ78xzUuGe5TZ+CFlh70rXGmA9E
0faCBpbKDwI64+aNenP/oLcn8cMy+TiAsuFWfI8GYs/eeS1VHBE5PZ+vEuB4Ewm+
8Ipe8yHMgU14rj2/yDuO5qjHrlirMfflhZwzfRbfeMnSFd6mKUuTbPRzbP3ozHCC
EPcWun1lKt97Rk/3pCn9M69/hECMgPzT6HQSELkCPxxceFZMybSGkqpMYr1QAUAv
vrubQ2DNuExc+xk7ETDe+2b6SnCoG2js/fWJwEBbxWFTxYmVkJz5
-----END CERTIFICATE-----