Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/2-KvXPi31xhpOVS8Zx21w28TbFU.roa
File:                     2-KvXPi31xhpOVS8Zx21w28TbFU.roa (raw, json)
Hash identifier:          ODaMpl1krFM0sHXDDAB3IMVNKTBDYl5SuQkYvEDwXyQ=
Subject key identifier:   DB:E2:AF:5C:F8:B7:D7:18:69:39:54:BC:67:1D:B5:C3:6F:13:6C:55
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196D57C8951F1FB529E88B46DDFC20B84F5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/2-KvXPi31xhpOVS8Zx21w28TbFU.roa
Signing time:             Thu 15 May 2025 19:47:10 +0000
ROA not before:           Thu 15 May 2025 19:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12213
IP address blocks:        151.242.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d5:7c:89:51:f1:fb:52:9e:88:b4:6d:df:c2:0b:84:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 15 19:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbe2af5cf8b7d718693954bc671db5c36f136c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0c:f6:2d:b0:4b:78:52:b1:3e:32:5d:7e:69:
                    13:f8:3f:96:b1:9d:95:65:69:c2:37:c9:84:51:ed:
                    5c:9d:d9:01:17:f1:fa:97:44:5b:4a:ef:89:27:db:
                    d8:74:6e:f3:4a:b0:87:02:10:32:10:3c:c7:d0:bf:
                    d5:11:45:3e:0b:98:5b:d9:11:eb:99:89:d2:ca:53:
                    92:3b:09:aa:54:b9:d1:b4:8d:64:11:d9:f5:57:0f:
                    49:78:88:22:6f:65:e6:fc:e7:27:42:29:a8:e5:71:
                    ee:83:cb:34:fe:c9:bb:37:98:80:0c:83:c1:a8:f3:
                    1a:df:08:ea:5a:f9:3c:80:f3:63:0f:66:38:5c:4d:
                    0a:f3:3b:24:e1:81:dc:ab:3e:e1:e1:a2:29:53:09:
                    bf:c2:08:00:ed:81:16:dd:51:ed:d2:ed:4f:75:d5:
                    4a:c0:7c:88:91:d5:b7:81:45:e4:b3:34:00:66:f4:
                    b6:a0:12:e2:1c:93:cf:ee:e0:f2:f1:7f:df:43:fe:
                    3c:24:c6:80:90:8c:ed:55:c6:41:df:a5:df:9a:71:
                    ce:d4:cc:6a:2b:84:d1:4b:48:11:da:6c:20:99:bf:
                    a6:d6:ec:24:f8:fa:1e:dd:f8:d7:17:54:b7:84:23:
                    97:89:92:bf:06:12:e9:09:26:59:a7:72:81:a9:1a:
                    c5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E2:AF:5C:F8:B7:D7:18:69:39:54:BC:67:1D:B5:C3:6F:13:6C:55
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/2-KvXPi31xhpOVS8Zx21w28TbFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:80:c6:4c:88:12:0f:dd:e1:35:6a:5f:e2:ff:02:92:92:b6:
         55:9b:d7:5d:8b:7f:23:30:8d:13:3b:d0:0d:d6:20:1f:1b:48:
         8d:8f:28:9d:50:41:7b:0e:84:c4:d4:87:95:01:cd:2b:30:0e:
         6e:3e:fe:7c:db:2c:49:58:5f:53:08:9c:eb:77:dc:38:a6:55:
         c6:4e:af:02:7b:af:f5:3f:cf:ce:13:6a:55:92:31:24:34:2e:
         4c:72:cd:81:c1:c1:86:15:94:b7:1a:a1:b3:fd:17:9c:e6:0a:
         02:d9:bc:bb:ae:14:a8:4e:d7:20:5d:40:7b:a2:c6:ff:23:ec:
         aa:e8:5e:c0:5a:c3:b4:10:16:78:29:41:0a:88:18:af:74:fb:
         38:07:d4:ae:f4:6c:72:57:84:dc:b2:f7:c2:4f:64:31:25:8b:
         63:55:be:89:0f:a3:11:a1:9e:a6:aa:3c:c8:63:b3:7e:54:2f:
         93:67:e2:49:de:f4:50:1c:00:a4:fc:6a:46:f0:f2:50:83:f3:
         9f:a2:2f:25:13:98:a7:3f:f4:c5:86:8f:05:f7:5c:f5:5f:33:
         04:d4:c3:34:95:9a:7d:27:38:1f:66:2b:25:8c:4d:c6:c4:2f:
         eb:68:18:d8:b6:7a:d0:56:cf:6e:98:54:70:54:20:15:d3:e0:
         00:eb:d5:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbVfIlR8ftSnoi0bd/CC4T1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE1MTk0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUyYWY1Y2Y4YjdkNzE4NjkzOTU0YmM2NzFkYjVjMzZmMTM2YzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gz2LbBLeFKxPjJdfmkT+D+WsZ2V
ZWnCN8mEUe1cndkBF/H6l0RbSu+JJ9vYdG7zSrCHAhAyEDzH0L/VEUU+C5hb2RHr
mYnSylOSOwmqVLnRtI1kEdn1Vw9JeIgib2Xm/OcnQimo5XHug8s0/sm7N5iADIPB
qPMa3wjqWvk8gPNjD2Y4XE0K8zsk4YHcqz7h4aIpUwm/wggA7YEW3VHt0u1PddVK
wHyIkdW3gUXkszQAZvS2oBLiHJPP7uDy8X/fQ/48JMaAkIztVcZB36XfmnHO1Mxq
K4TRS0gR2mwgmb+m1uwk+Poe3fjXF1S3hCOXiZK/BhLpCSZZp3KBqRrFQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvir1z4t9cYaTlUvGcdtcNvE2xVMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMi1LdlhQaTMxeGhwT1ZTOFp4MjF3MjhUYkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JmMA0G
CSqGSIb3DQEBCwUAA4IBAQBEgMZMiBIP3eE1al/i/wKSkrZVm9ddi38jMI0TO9AN
1iAfG0iNjyidUEF7DoTE1IeVAc0rMA5uPv582yxJWF9TCJzrd9w4plXGTq8Ce6/1
P8/OE2pVkjEkNC5Mcs2BwcGGFZS3GqGz/Rec5goC2by7rhSoTtcgXUB7osb/I+yq
6F7AWsO0EBZ4KUEKiBivdPs4B9Su9GxyV4TcsvfCT2QxJYtjVb6JD6MRoZ6mqjzI
Y7N+VC+TZ+JJ3vRQHACk/GpG8PJQg/Ofoi8lE5inP/TFho8F91z1XzME1MM0lZp9
JzgfZisljE3GxC/raBjYtnrQVs9umFRwVCAV0+AA69WM
-----END CERTIFICATE-----