Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xPjF-wY-impJtVQ4xm7_V6Z75aY.roa
File:                     xPjF-wY-impJtVQ4xm7_V6Z75aY.roa (raw, json)
Hash identifier:          wJyNJ30Ar0kTzQp1Chmu/c/dFc73bpMDEGjqEgDXHsI=
Subject key identifier:   C4:F8:C5:FB:06:3E:8A:6A:49:B5:54:38:C6:6E:FF:57:A6:7B:E5:A6
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196583A31BC24C8AB2AC10F756E7DCC2CE1
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xPjF-wY-impJtVQ4xm7_V6Z75aY.roa
Signing time:             Mon 21 Apr 2025 12:02:10 +0000
ROA not before:           Mon 21 Apr 2025 12:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23532
IP address blocks:        151.242.152.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:58:3a:31:bc:24:c8:ab:2a:c1:0f:75:6e:7d:cc:2c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 21 12:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4f8c5fb063e8a6a49b55438c66eff57a67be5a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:22:93:ec:1d:ad:20:91:3f:82:32:58:35:f2:
                    fc:43:33:ca:da:a4:56:8c:13:83:1a:b1:59:d8:e7:
                    28:24:b1:b0:fa:70:e3:07:f6:67:32:39:52:5e:d3:
                    55:c6:4e:a5:90:e1:c7:c2:42:f3:38:57:63:38:40:
                    79:e3:8e:f4:5f:7a:3b:ff:a2:ac:d2:5c:56:58:d7:
                    6a:3f:4b:d2:70:14:37:4f:a1:90:6d:9c:4f:58:b5:
                    8f:8e:fb:04:eb:7b:ca:4a:2b:3b:a8:fa:6d:b3:0a:
                    6d:ac:30:9f:4e:a4:f3:5d:a0:60:4f:97:d8:9d:ee:
                    22:94:90:14:c8:18:05:24:b4:9d:4d:52:da:be:74:
                    98:d7:1e:a7:29:54:aa:4f:5c:ab:4b:fc:1f:2c:56:
                    5b:02:25:e5:d1:72:dc:88:82:f6:3f:88:47:b4:23:
                    d7:d4:f5:0c:8e:fc:23:f0:51:f3:3c:9b:ea:fb:cc:
                    9f:83:95:9d:a0:7d:ae:9c:0e:01:8e:5e:a1:15:35:
                    8e:4e:60:71:7c:64:c1:c0:23:17:ef:3b:68:d4:4c:
                    5b:37:da:77:8c:73:7d:ae:f6:6f:23:21:ef:e8:17:
                    22:35:c8:fe:33:a8:b7:c2:af:03:be:c8:9c:44:f9:
                    68:56:b7:d7:d1:99:a2:78:4b:56:71:cf:48:1b:55:
                    9e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F8:C5:FB:06:3E:8A:6A:49:B5:54:38:C6:6E:FF:57:A6:7B:E5:A6
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xPjF-wY-impJtVQ4xm7_V6Z75aY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:25:1f:89:19:8c:90:ed:1d:15:78:ca:8d:a4:16:24:63:b4:
         0d:25:bc:3f:d9:e5:39:3c:b9:95:2c:de:29:a1:e7:b5:e7:cd:
         4c:24:85:49:93:53:d7:51:66:8b:ca:b8:c8:f7:da:26:4b:3c:
         9b:54:14:94:df:91:14:28:b6:2e:be:8f:1a:2d:e3:97:cd:5a:
         6f:65:a3:e3:e1:0a:ac:82:ad:76:0b:4f:39:23:eb:ad:8f:27:
         69:70:57:9f:85:7f:d5:24:4a:07:c5:4f:42:85:c9:e3:17:22:
         d4:92:45:e9:a9:d8:44:db:aa:90:dc:13:6a:16:50:8b:02:73:
         c2:19:ea:be:80:39:60:00:be:3c:6d:96:54:a4:8d:77:4e:e2:
         b6:18:fb:98:16:22:f9:ac:2b:18:4c:4d:bd:25:ba:6e:13:0d:
         b2:62:04:cb:cb:8b:c5:b0:35:6b:2f:35:d5:b5:2d:e3:28:3a:
         5c:e0:0a:72:cd:78:b0:68:7b:40:b0:17:c2:9b:3f:ab:24:0b:
         2c:ab:3d:3a:c5:66:d1:9f:61:ea:95:a1:38:29:93:33:fe:0b:
         e3:18:a3:71:a3:b5:78:9c:2d:7f:cf:e4:bf:dc:c1:ad:23:7a:
         62:9e:61:b2:e8:63:58:f8:70:82:e6:14:9c:30:f5:8f:24:51:
         dd:26:e9:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZYOjG8JMirKsEPdW59zCzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDIxMTIwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGY4YzVmYjA2M2U4YTZhNDliNTU0MzhjNjZlZmY1N2E2N2JlNWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yKT7B2tIJE/gjJYNfL8QzPK2qRW
jBODGrFZ2OcoJLGw+nDjB/ZnMjlSXtNVxk6lkOHHwkLzOFdjOEB54470X3o7/6Ks
0lxWWNdqP0vScBQ3T6GQbZxPWLWPjvsE63vKSis7qPptswptrDCfTqTzXaBgT5fY
ne4ilJAUyBgFJLSdTVLavnSY1x6nKVSqT1yrS/wfLFZbAiXl0XLciIL2P4hHtCPX
1PUMjvwj8FHzPJvq+8yfg5WdoH2unA4Bjl6hFTWOTmBxfGTBwCMX7zto1ExbN9p3
jHN9rvZvIyHv6BciNcj+M6i3wq8DvsicRPloVrfX0ZmieEtWcc9IG1WeswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMT4xfsGPopqSbVUOMZu/1eme+WmMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveFBqRi13WS1pbXBKdFZRNHhtN19WNlo3NWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/KYMA0G
CSqGSIb3DQEBCwUAA4IBAQCyJR+JGYyQ7R0VeMqNpBYkY7QNJbw/2eU5PLmVLN4p
oee1581MJIVJk1PXUWaLyrjI99omSzybVBSU35EUKLYuvo8aLeOXzVpvZaPj4Qqs
gq12C085I+utjydpcFefhX/VJEoHxU9ChcnjFyLUkkXpqdhE26qQ3BNqFlCLAnPC
Geq+gDlgAL48bZZUpI13TuK2GPuYFiL5rCsYTE29JbpuEw2yYgTLy4vFsDVrLzXV
tS3jKDpc4ApyzXiwaHtAsBfCmz+rJAssqz06xWbRn2HqlaE4KZMz/gvjGKNxo7V4
nC1/z+S/3MGtI3pinmGy6GNY+HCC5hScMPWPJFHdJunz
-----END CERTIFICATE-----