Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tF_p7dUFacfT9ikiH-Nk6vaAoiY.roa
File:                     tF_p7dUFacfT9ikiH-Nk6vaAoiY.roa (raw, json)
Hash identifier:          UFJORolVJwu0q9Y//bmGv/I2T5c5EQekKH62YoM2y18=
Subject key identifier:   B4:5F:E9:ED:D5:05:69:C7:D3:F6:29:22:1F:E3:64:EA:F6:80:A2:26
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01981D4DABA47CB3D0F1C5C21FC1225CCF29
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tF_p7dUFacfT9ikiH-Nk6vaAoiY.roa
Signing time:             Fri 18 Jul 2025 11:31:26 +0000
ROA not before:           Fri 18 Jul 2025 11:31:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401776
IP address blocks:        151.242.27.0/24 maxlen: 24
                          151.244.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:4d:ab:a4:7c:b3:d0:f1:c5:c2:1f:c1:22:5c:cf:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 18 11:31:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b45fe9edd50569c7d3f629221fe364eaf680a226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:29:fb:7f:d9:ff:8f:da:fd:43:f3:a8:64:f3:
                    cd:46:c9:57:3b:3d:ce:98:9b:d0:f5:ed:bd:60:f0:
                    32:f3:ac:e4:e8:8c:c6:f2:15:31:05:22:4f:63:3a:
                    34:88:6f:b3:7d:b2:ee:92:dd:02:35:6d:72:5a:1f:
                    05:0e:a6:d7:62:e4:2c:b6:5e:37:2f:12:ba:fc:c2:
                    47:54:28:cb:f5:63:2c:13:cf:60:32:d1:ad:f0:6d:
                    1c:b2:44:33:38:7d:ee:5a:14:05:22:aa:bf:6c:4b:
                    72:48:27:78:2a:39:0b:74:34:7e:4d:45:fa:c3:df:
                    1c:a1:41:96:fe:67:7c:92:44:6d:91:04:2b:a8:af:
                    64:02:6d:b9:2a:53:69:60:99:a7:03:59:d9:ce:13:
                    6f:f9:dd:cf:ae:1b:7c:51:a5:a2:cc:53:ed:dd:be:
                    f2:1c:ec:1d:24:34:1d:68:6c:b0:4f:0d:9b:0d:f1:
                    81:d0:9c:38:f7:da:2c:d3:76:7e:f0:9c:e5:15:e5:
                    60:9a:98:fc:ed:b6:df:31:12:45:dc:80:6b:e7:7b:
                    97:a6:37:c8:f8:1a:e5:70:a1:e0:94:cf:f6:9c:37:
                    a2:d0:92:dd:0e:bd:c9:f7:72:a6:6f:90:55:29:5a:
                    5d:77:2d:ac:ad:66:9d:43:dc:7f:c6:27:7c:37:8e:
                    0c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5F:E9:ED:D5:05:69:C7:D3:F6:29:22:1F:E3:64:EA:F6:80:A2:26
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tF_p7dUFacfT9ikiH-Nk6vaAoiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.27.0/24
                  151.244.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:5c:9b:f4:c8:79:8a:3a:7d:13:f8:f6:eb:d8:1f:e1:6a:d2:
         9d:ea:4a:21:e9:de:f2:3e:2a:dd:cf:4a:85:28:ab:e4:cb:5d:
         fe:ed:58:da:f8:af:94:00:14:f3:04:d7:3d:bc:76:45:5b:aa:
         c3:2e:92:aa:a2:35:dc:47:4a:75:f8:62:d5:48:e3:1a:1d:a3:
         cb:e3:1a:8f:7e:f5:e3:31:81:a1:9c:b9:8e:a0:02:01:c9:02:
         10:aa:9f:c2:17:d9:33:a5:36:f5:4e:75:7a:b9:81:b7:c1:6d:
         b0:0b:b3:f1:16:59:3a:11:33:77:e9:e0:79:ea:0e:77:fa:c6:
         76:ed:0f:1b:13:ae:c0:ec:66:7a:d2:c0:97:fb:99:1a:ba:ad:
         a0:42:ea:61:ae:3c:71:c7:79:6f:ce:ee:0f:90:16:e0:0e:6d:
         17:57:e6:f4:41:e3:7e:d3:f7:ef:24:42:da:eb:07:41:f6:a7:
         3d:79:cf:95:82:46:23:c4:10:e7:c2:cc:47:9d:e3:be:a3:3c:
         cb:43:74:10:02:05:e8:02:d9:23:df:12:fa:fe:da:49:13:d1:
         16:a6:e4:08:38:90:b0:e9:0c:79:38:04:f4:64:41:fc:6d:9e:
         d1:a3:c8:ea:82:85:22:51:c1:96:94:60:9e:86:59:6f:5e:b7:
         9f:db:8f:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgdTaukfLPQ8cXCH8EiXM8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzE4MTEzMTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDVmZTllZGQ1MDU2OWM3ZDNmNjI5MjIxZmUzNjRlYWY2ODBhMjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyn7f9n/j9r9Q/OoZPPNRslXOz3O
mJvQ9e29YPAy86zk6IzG8hUxBSJPYzo0iG+zfbLukt0CNW1yWh8FDqbXYuQstl43
LxK6/MJHVCjL9WMsE89gMtGt8G0cskQzOH3uWhQFIqq/bEtySCd4KjkLdDR+TUX6
w98coUGW/md8kkRtkQQrqK9kAm25KlNpYJmnA1nZzhNv+d3Prht8UaWizFPt3b7y
HOwdJDQdaGywTw2bDfGB0Jw499os03Z+8JzlFeVgmpj87bbfMRJF3IBr53uXpjfI
+BrlcKHglM/2nDei0JLdDr3J93Kmb5BVKVpddy2srWadQ9x/xid8N44MZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLRf6e3VBWnH0/YpIh/jZOr2gKImMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdEZfcDdkVUZhY2ZUOWlraUgtTms2dmFBb2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/IbAwQA
l/QDMA0GCSqGSIb3DQEBCwUAA4IBAQBlXJv0yHmKOn0T+Pbr2B/hatKd6koh6d7y
Pirdz0qFKKvky13+7Vja+K+UABTzBNc9vHZFW6rDLpKqojXcR0p1+GLVSOMaHaPL
4xqPfvXjMYGhnLmOoAIByQIQqp/CF9kzpTb1TnV6uYG3wW2wC7PxFlk6ETN36eB5
6g53+sZ27Q8bE67A7GZ60sCX+5kauq2gQuphrjxxx3lvzu4PkBbgDm0XV+b0QeN+
0/fvJELa6wdB9qc9ec+VgkYjxBDnwsxHneO+ozzLQ3QQAgXoAtkj3xL6/tpJE9EW
puQIOJCw6Qx5OAT0ZEH8bZ7Ro8jqgoUiUcGWlGCehllvXref24+o
-----END CERTIFICATE-----