Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/w7CQusMox3MThOQgtBPmOx8DCuw.roa
File:                     w7CQusMox3MThOQgtBPmOx8DCuw.roa (raw, json)
Hash identifier:          yVNJePtndJno+0ArmglZgiTGbZwTi1shDdrfVFmZSFU=
Subject key identifier:   C3:B0:90:BA:C3:28:C7:73:13:84:E4:20:B4:13:E6:3B:1F:03:0A:EC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197FDF96617F31211430AC985A41B39B207
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/w7CQusMox3MThOQgtBPmOx8DCuw.roa
Signing time:             Sat 12 Jul 2025 09:31:09 +0000
ROA not before:           Sat 12 Jul 2025 09:31:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23532
IP address blocks:        151.242.152.0/23 maxlen: 24
                          151.243.49.0/24 maxlen: 24
                          151.243.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fd:f9:66:17:f3:12:11:43:0a:c9:85:a4:1b:39:b2:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 12 09:31:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3b090bac328c7731384e420b413e63b1f030aec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:94:0b:00:e0:28:9f:b7:6f:c9:2c:c2:28:
                    b7:33:a9:4f:fa:ca:c6:fd:91:19:92:37:f8:46:80:
                    55:fb:66:28:ac:95:86:f9:a1:8b:2b:3a:96:8e:6d:
                    b0:f3:11:b6:2f:f7:41:ef:00:4c:3e:c8:4c:2f:17:
                    b1:af:59:4d:b1:06:b8:87:14:11:83:d5:81:bb:0c:
                    f9:bd:b8:ec:a2:84:79:24:a2:c5:9e:e6:ca:47:dc:
                    34:e5:a5:64:79:aa:c0:b3:ed:f3:42:12:2a:43:f4:
                    ef:ec:5c:f0:d2:7a:15:4f:24:5e:20:b0:b8:6b:9f:
                    49:e2:ca:60:a9:9c:1f:5a:72:68:25:15:09:f7:dc:
                    98:73:a2:10:e3:39:ad:9e:0b:a7:f1:b2:39:4b:48:
                    84:84:91:a4:88:59:2b:7b:26:0b:1b:38:5a:e1:ce:
                    f8:4e:25:7e:70:6d:3e:54:b0:3c:d6:90:8f:6e:e4:
                    e4:5c:fa:7e:2f:e3:d5:2f:0f:2f:61:97:78:67:35:
                    b5:4a:6f:5c:09:34:63:dd:da:f4:9c:e6:76:3f:23:
                    f7:ed:3f:28:c1:a3:ef:5a:a8:82:27:00:d2:b8:34:
                    cf:56:16:b8:9c:06:26:1f:f5:86:08:ab:b8:de:c5:
                    74:46:49:d4:6b:c4:18:6d:9d:92:30:b1:2c:78:c8:
                    70:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:B0:90:BA:C3:28:C7:73:13:84:E4:20:B4:13:E6:3B:1F:03:0A:EC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/w7CQusMox3MThOQgtBPmOx8DCuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.152.0/23
                  151.243.49.0/24
                  151.243.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:1c:c9:31:69:6c:1d:f5:ff:d0:da:0e:b9:75:87:70:f9:93:
         a8:90:8a:5d:fc:74:d7:67:c8:ba:f9:73:6f:33:35:f2:8c:fd:
         f6:d7:c0:d3:f9:ce:04:2e:dc:57:b9:ed:87:87:3d:ae:90:e4:
         3e:eb:70:68:ad:71:07:b6:34:cb:58:02:81:69:96:86:4a:1c:
         7c:84:5a:8e:62:5e:f7:d5:c7:0d:41:d4:5c:68:63:3e:5b:44:
         7f:c3:43:6b:e0:49:3a:80:25:4c:85:24:ad:ba:0d:b3:78:0c:
         d0:3a:b8:5e:03:95:4b:cc:04:bf:98:d1:82:67:b9:a9:f3:97:
         42:1f:4b:50:0a:c2:0d:54:21:71:49:33:4e:8b:b3:58:d2:bf:
         5d:21:f3:45:88:63:ab:c2:35:86:7f:db:70:b8:16:00:bc:73:
         f1:e6:e4:8e:96:63:0e:30:88:b3:1f:60:e1:d3:0f:db:a6:17:
         13:21:ab:bf:59:03:6d:c1:d2:1c:9d:4b:ee:59:fa:17:c0:5b:
         aa:13:1e:c4:fb:a7:13:b3:35:ac:a3:2f:46:32:7f:a0:69:e6:
         ca:32:c6:bf:f8:b0:8b:8d:97:b1:d8:6a:92:02:a1:7d:34:47:
         84:28:17:73:d4:d4:5a:82:35:cf:93:d9:4e:0e:43:8b:bf:74:
         50:2c:eb:4c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZf9+WYX8xIRQwrJhaQbObIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzEyMDkzMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2IwOTBiYWMzMjhjNzczMTM4NGU0MjBiNDEzZTYzYjFmMDMwYWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr22UCwDgKJ+3b8kswii3M6lP+srG
/ZEZkjf4RoBV+2YorJWG+aGLKzqWjm2w8xG2L/dB7wBMPshMLxexr1lNsQa4hxQR
g9WBuwz5vbjsooR5JKLFnubKR9w05aVkearAs+3zQhIqQ/Tv7Fzw0noVTyReILC4
a59J4spgqZwfWnJoJRUJ99yYc6IQ4zmtngun8bI5S0iEhJGkiFkreyYLGzha4c74
TiV+cG0+VLA81pCPbuTkXPp+L+PVLw8vYZd4ZzW1Sm9cCTRj3dr0nOZ2PyP37T8o
waPvWqiCJwDSuDTPVha4nAYmH/WGCKu43sV0RknUa8QYbZ2SMLEseMhw2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMOwkLrDKMdzE4TkILQT5jsfAwrsMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdzdDUXVzTW94M01UaE9RZ3RCUG1PeDhEQ3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBl/KYAwQA
l/MxAwQAl/NfMA0GCSqGSIb3DQEBCwUAA4IBAQAeHMkxaWwd9f/Q2g65dYdw+ZOo
kIpd/HTXZ8i6+XNvMzXyjP3218DT+c4ELtxXue2Hhz2ukOQ+63BorXEHtjTLWAKB
aZaGShx8hFqOYl731ccNQdRcaGM+W0R/w0Nr4Ek6gCVMhSStug2zeAzQOrheA5VL
zAS/mNGCZ7mp85dCH0tQCsINVCFxSTNOi7NY0r9dIfNFiGOrwjWGf9twuBYAvHPx
5uSOlmMOMIizH2Dh0w/bphcTIau/WQNtwdIcnUvuWfoXwFuqEx7E+6cTszWsoy9G
Mn+gaebKMsa/+LCLjZex2GqSAqF9NEeEKBdz1NRagjXPk9lODkOLv3RQLOtM
-----END CERTIFICATE-----