Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/z4fztk2ts-5JGyd7G8vHA_YLaos.roa
File:                     z4fztk2ts-5JGyd7G8vHA_YLaos.roa (raw, json)
Hash identifier:          pELeIMbSQwSwsOaOrn5kX+4MKczFTojCKPq7bPQxImI=
Subject key identifier:   CF:87:F3:B6:4D:AD:B3:EE:49:1B:27:7B:1B:CB:C7:03:F6:0B:6A:8B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019970EADC7C3A7FEF7E3CE88D81C5D9B7A9
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/z4fztk2ts-5JGyd7G8vHA_YLaos.roa
Signing time:             Mon 22 Sep 2025 10:14:24 +0000
ROA not before:           Mon 22 Sep 2025 10:14:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205896
IP address blocks:        151.241.99.0/24 maxlen: 24
                          151.243.200.0/24 maxlen: 24
                          151.245.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:70:ea:dc:7c:3a:7f:ef:7e:3c:e8:8d:81:c5:d9:b7:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 22 10:14:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf87f3b64dadb3ee491b277b1bcbc703f60b6a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b8:fd:d8:bd:f3:c1:9d:30:7b:f3:da:76:c8:
                    1a:1f:3d:99:0e:65:e6:c7:98:85:ac:c5:a2:9a:72:
                    3a:86:ba:38:99:f9:59:d1:5d:f6:29:47:eb:16:6c:
                    6c:1a:18:1e:01:a3:1b:a4:64:20:c4:29:27:cc:22:
                    b5:02:bb:fa:a1:1b:7d:2e:1c:64:91:f6:2a:d2:da:
                    76:cb:be:5a:22:18:ba:c5:5e:61:4c:13:9d:49:73:
                    50:94:33:90:bf:06:85:a3:2c:07:80:86:63:69:f6:
                    cc:9d:43:0f:c5:2a:ee:36:1d:ae:9c:fd:3a:ae:f2:
                    22:91:ca:f8:62:6b:cb:5a:21:4f:21:1a:6e:ef:59:
                    1a:c5:a9:3a:fd:da:9b:c5:1d:4f:95:aa:74:3f:c4:
                    2b:d3:0b:86:cb:83:d0:16:42:00:db:4f:b7:cb:a7:
                    dc:97:69:18:b9:47:83:3c:a3:58:fc:19:d1:ee:c2:
                    4d:15:38:3f:9c:99:58:8d:63:42:76:ea:f3:9c:34:
                    83:94:e0:68:b1:83:a9:70:50:68:8f:41:9c:a2:dd:
                    b3:73:29:f6:34:0b:cf:5c:8e:13:30:1c:ab:1c:43:
                    58:ba:5e:e9:13:c8:28:9b:45:4d:fc:6d:f4:2d:6b:
                    71:d5:a8:53:67:f8:95:73:10:51:e1:d5:e1:37:ae:
                    5d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:87:F3:B6:4D:AD:B3:EE:49:1B:27:7B:1B:CB:C7:03:F6:0B:6A:8B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/z4fztk2ts-5JGyd7G8vHA_YLaos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.99.0/24
                  151.243.200.0/24
                  151.245.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:94:dd:fc:59:b7:c5:b2:46:3d:04:45:d0:57:c8:c4:4e:e3:
         24:4b:b1:1e:27:b3:d8:63:6a:96:64:45:ae:23:41:4f:a8:23:
         73:79:9b:b3:29:f3:c9:95:96:68:c2:61:88:7c:d7:ad:9c:f3:
         f8:c2:8d:48:5a:ac:bd:4d:7f:9f:28:04:84:02:26:5b:99:1a:
         3c:1e:84:88:6f:3d:be:97:4b:43:7a:31:a0:2e:7c:43:da:d3:
         f2:d7:8e:46:6a:05:38:2a:c2:02:90:cb:fb:6f:c1:61:ce:f7:
         5b:41:c0:1f:b1:b0:5b:ac:d1:cb:0a:54:9b:be:5b:ce:b6:c5:
         4d:d8:f1:35:c0:ff:3a:74:1e:fe:45:e7:b8:86:c6:84:94:85:
         20:4c:21:b2:73:73:4e:6d:30:4d:8c:29:76:eb:7c:68:26:a2:
         55:9a:25:4d:be:7e:e7:bd:2b:02:bb:d0:47:d2:ba:d1:6e:48:
         9f:13:dd:c6:51:cf:f4:22:50:d0:a0:89:14:37:24:ea:b0:9b:
         39:3c:70:83:dc:35:fb:df:a8:82:77:7b:6d:db:c6:a3:ae:d2:
         75:c9:a6:cd:28:9d:9a:b3:2b:7d:0d:4f:d0:1d:90:bc:61:ef:
         51:6b:dd:f8:7c:bf:80:3b:46:b1:1b:4e:af:7d:d6:9e:6d:e3:
         93:a2:73:41
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlw6tx8On/vfjzojYHF2bepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIyMTAxNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjg3ZjNiNjRkYWRiM2VlNDkxYjI3N2IxYmNiYzcwM2Y2MGI2YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLj92L3zwZ0we/PadsgaHz2ZDmXm
x5iFrMWimnI6hro4mflZ0V32KUfrFmxsGhgeAaMbpGQgxCknzCK1Arv6oRt9Lhxk
kfYq0tp2y75aIhi6xV5hTBOdSXNQlDOQvwaFoywHgIZjafbMnUMPxSruNh2unP06
rvIikcr4YmvLWiFPIRpu71kaxak6/dqbxR1Plap0P8Qr0wuGy4PQFkIA20+3y6fc
l2kYuUeDPKNY/BnR7sJNFTg/nJlYjWNCdurznDSDlOBosYOpcFBoj0Gcot2zcyn2
NAvPXI4TMByrHENYul7pE8gom0VN/G30LWtx1ahTZ/iVcxBR4dXhN65dAQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM+H87ZNrbPuSRsnexvLxwP2C2qLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvejRmenRrMnRzLTVKR3lkN0c4dkhBX1lMYW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/FjAwQA
l/PIAwQAl/UkMA0GCSqGSIb3DQEBCwUAA4IBAQCylN38WbfFskY9BEXQV8jETuMk
S7EeJ7PYY2qWZEWuI0FPqCNzeZuzKfPJlZZowmGIfNetnPP4wo1IWqy9TX+fKASE
AiZbmRo8HoSIbz2+l0tDejGgLnxD2tPy145GagU4KsICkMv7b8FhzvdbQcAfsbBb
rNHLClSbvlvOtsVN2PE1wP86dB7+Ree4hsaElIUgTCGyc3NObTBNjCl263xoJqJV
miVNvn7nvSsCu9BH0rrRbkifE93GUc/0IlDQoIkUNyTqsJs5PHCD3DX736iCd3tt
28ajrtJ1yabNKJ2asyt9DU/QHZC8Ye9Ra934fL+AO0axG06vfdaebeOTonNB
-----END CERTIFICATE-----