Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/bb8uY2pzQlcl3dUS50ncGnBSfKA.roa
File:                     bb8uY2pzQlcl3dUS50ncGnBSfKA.roa (raw, json)
Hash identifier:          GG2LHCueegjDey308F9u8K+IvHercXNBJFmCkavryMU=
Subject key identifier:   6D:BF:2E:63:6A:73:42:57:25:DD:D5:12:E7:49:DC:1A:70:52:7C:A0
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01974ED8263E55FD4FCC240E553F01A04486
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/bb8uY2pzQlcl3dUS50ncGnBSfKA.roa
Signing time:             Sun 08 Jun 2025 09:21:17 +0000
ROA not before:           Sun 08 Jun 2025 09:21:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53038
IP address blocks:        107.150.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 09:21:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4e:d8:26:3e:55:fd:4f:cc:24:0e:55:3f:01:a0:44:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  8 09:21:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dbf2e636a73425725ddd512e749dc1a70527ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9b:59:0e:c1:23:0f:43:64:af:f5:4f:24:82:
                    52:bd:44:af:5d:67:4e:fe:b1:71:ba:3c:df:e1:30:
                    01:25:33:0a:ef:23:03:15:f3:02:38:ac:89:47:a6:
                    44:02:81:d4:5a:55:fd:27:70:c7:b6:84:6d:35:57:
                    53:d7:f7:36:24:d8:79:51:8d:e7:3c:d8:4f:bf:5b:
                    e7:e3:3e:d9:e8:a6:41:83:d8:46:53:d7:4e:24:ca:
                    4f:cc:54:73:b4:96:32:92:87:eb:77:8a:18:b5:2d:
                    49:ed:43:fb:fb:03:55:d8:cb:d5:37:3e:90:47:0b:
                    39:de:41:1f:8b:99:5a:50:9c:58:62:a0:0f:a7:87:
                    1d:41:7f:50:c6:c6:df:80:a1:b1:c0:a9:22:a2:6b:
                    80:8d:1f:f5:e3:cd:ad:4d:15:63:9a:2b:36:8e:24:
                    69:d5:5c:3f:6c:9e:e3:20:32:74:fa:0a:21:b5:a3:
                    42:b0:d6:08:79:57:15:bb:dc:59:cc:a9:1a:08:01:
                    3d:60:d4:82:fe:32:2c:30:f4:aa:cc:b6:05:2b:93:
                    60:c7:81:24:9f:d9:36:7d:a5:77:77:49:38:00:63:
                    b6:82:f8:f1:b3:f4:f3:c9:09:24:42:20:28:4f:72:
                    a2:bc:bf:37:2d:d6:7a:47:ba:14:9d:ed:97:65:30:
                    c7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:BF:2E:63:6A:73:42:57:25:DD:D5:12:E7:49:DC:1A:70:52:7C:A0
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/bb8uY2pzQlcl3dUS50ncGnBSfKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:ec:59:ac:0a:1a:aa:48:48:f3:93:9e:3c:80:d7:ad:c5:c1:
         6c:3e:39:07:36:79:08:c0:7a:29:30:1d:a6:91:38:fe:82:80:
         85:67:fe:7c:93:c3:4f:71:07:ed:ca:1c:b4:68:5e:e7:dc:99:
         cf:52:a8:4a:cc:b3:9e:37:b8:d1:85:65:4a:0f:cc:32:0b:6e:
         7c:e1:72:e5:e9:2e:e3:f8:13:77:e2:11:21:40:55:08:2e:dc:
         f4:b0:86:cb:ac:a6:7c:5e:22:95:fd:b1:3f:ca:7b:4a:88:c4:
         5e:a3:e2:d5:ca:b1:bb:6b:b8:9a:11:a5:a4:21:7e:7e:27:d6:
         e0:a3:94:3b:c7:2c:2e:b9:2c:4c:de:95:97:dd:c9:dc:0d:8a:
         04:4a:5a:e7:c7:ce:81:fa:ec:c4:09:7d:d7:07:ac:48:82:40:
         ef:c5:7e:ea:41:13:1a:28:bb:3d:2c:7f:5c:2d:f8:cb:fb:ad:
         bf:e9:fe:d6:a6:56:91:8e:f1:e3:70:3e:ba:6c:a9:0a:ac:00:
         ee:27:71:68:1c:8e:fd:03:bf:6e:1c:c1:c6:9e:53:72:1b:7f:
         18:e0:a5:d9:f5:da:04:cf:2b:1c:78:d7:cd:f0:cf:5b:66:ad:
         f1:27:27:6a:ee:7e:c7:5e:b8:42:42:66:40:a5:7f:6a:15:d1:
         2d:1d:64:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdO2CY+Vf1PzCQOVT8BoESGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNjA4MDkyMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJmMmU2MzZhNzM0MjU3MjVkZGQ1MTJlNzQ5ZGMxYTcwNTI3Y2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZtZDsEjD0Nkr/VPJIJSvUSvXWdO
/rFxujzf4TABJTMK7yMDFfMCOKyJR6ZEAoHUWlX9J3DHtoRtNVdT1/c2JNh5UY3n
PNhPv1vn4z7Z6KZBg9hGU9dOJMpPzFRztJYykofrd4oYtS1J7UP7+wNV2MvVNz6Q
Rws53kEfi5laUJxYYqAPp4cdQX9QxsbfgKGxwKkiomuAjR/1482tTRVjmis2jiRp
1Vw/bJ7jIDJ0+gohtaNCsNYIeVcVu9xZzKkaCAE9YNSC/jIsMPSqzLYFK5Ngx4Ek
n9k2faV3d0k4AGO2gvjxs/TzyQkkQiAoT3KivL83LdZ6R7oUne2XZTDHRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2/LmNqc0JXJd3VEudJ3BpwUnygMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYmI4dVkycHpRbGNsM2RVUzUwbmNHbkJTZktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAa5anMA0G
CSqGSIb3DQEBCwUAA4IBAQCz7FmsChqqSEjzk548gNetxcFsPjkHNnkIwHopMB2m
kTj+goCFZ/58k8NPcQftyhy0aF7n3JnPUqhKzLOeN7jRhWVKD8wyC2584XLl6S7j
+BN34hEhQFUILtz0sIbLrKZ8XiKV/bE/yntKiMReo+LVyrG7a7iaEaWkIX5+J9bg
o5Q7xywuuSxM3pWX3cncDYoESlrnx86B+uzECX3XB6xIgkDvxX7qQRMaKLs9LH9c
LfjL+62/6f7WplaRjvHjcD66bKkKrADuJ3FoHI79A79uHMHGnlNyG38Y4KXZ9doE
zysceNfN8M9bZq3xJydq7n7HXrhCQmZApX9qFdEtHWTA
-----END CERTIFICATE-----