Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5AsZp9IzctnlVAjaf7IAfPKutGU.roa
File:                     5AsZp9IzctnlVAjaf7IAfPKutGU.roa (raw, json)
Hash identifier:          5Cw/dtqSr4Q6Pwd0BnYV4JpLUTaCZxwKRce20sssv9w=
Subject key identifier:   E4:0B:19:A7:D2:33:72:D9:E5:54:08:DA:7F:B2:00:7C:F2:AE:B4:65
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196F928AF6EAFAE621E3623C39A894C27A0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5AsZp9IzctnlVAjaf7IAfPKutGU.roa
Signing time:             Thu 22 May 2025 18:01:55 +0000
ROA not before:           Thu 22 May 2025 18:01:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136621
IP address blocks:        151.243.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f9:28:af:6e:af:ae:62:1e:36:23:c3:9a:89:4c:27:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 22 18:01:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e40b19a7d23372d9e55408da7fb2007cf2aeb465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:03:98:96:27:82:1f:30:be:b1:ba:92:32:3c:
                    a5:c6:95:ab:06:11:d8:39:14:b7:09:e2:b2:59:b3:
                    c8:c7:76:3c:e0:82:93:43:2b:bb:9a:c1:d4:c1:3c:
                    3c:6d:f1:65:20:39:ef:34:c6:f3:39:00:33:1a:35:
                    be:fa:ff:bb:83:24:cf:76:9b:f1:5d:e4:a0:fb:b1:
                    48:93:4c:90:20:50:ff:92:57:d9:b5:67:4e:2d:b8:
                    5f:54:2d:b1:27:35:19:ab:df:78:3f:54:a1:b3:83:
                    d6:ee:cb:97:14:b7:8b:db:46:0a:95:58:64:65:8f:
                    21:a3:df:31:79:69:37:3a:5b:ec:c2:f5:06:81:3d:
                    a3:51:d5:bf:e1:02:45:95:97:6e:4a:14:f1:ab:4d:
                    33:01:b6:66:b3:53:d7:9d:b1:8f:01:45:8f:76:7c:
                    79:e5:1a:3f:70:06:f1:34:7b:e5:ee:2e:b5:d8:df:
                    8c:32:98:fd:f9:91:d4:07:5f:71:8e:b9:35:4e:63:
                    9f:4c:3f:7c:f5:d1:c9:74:b6:ce:39:7d:93:8f:66:
                    0a:ab:d7:f4:0e:3e:85:ff:f9:a6:83:f0:f5:8a:1f:
                    11:88:d5:0f:80:e8:80:57:99:94:d1:92:ad:d6:42:
                    0b:a7:b4:26:f9:72:8f:6e:56:32:68:49:41:1a:ae:
                    fb:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:0B:19:A7:D2:33:72:D9:E5:54:08:DA:7F:B2:00:7C:F2:AE:B4:65
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5AsZp9IzctnlVAjaf7IAfPKutGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:97:a2:82:8e:12:48:ea:e5:0c:3d:88:df:a0:75:20:14:df:
         a9:79:a9:a2:4a:77:21:78:29:ff:ff:f3:03:87:1d:19:dd:08:
         66:e3:df:af:0b:eb:4c:09:c7:9e:79:97:33:27:63:9a:d4:1f:
         57:2a:27:00:01:21:0b:81:1a:25:a8:bd:f1:bf:8a:ec:ae:79:
         eb:a5:0f:86:e2:fb:34:9e:b5:92:a5:eb:e8:6d:e1:6e:a4:94:
         4c:a2:76:1e:8c:ee:56:cd:91:31:9b:e1:57:ab:fd:51:9f:33:
         f6:af:b8:7d:31:6f:69:b9:cd:17:4a:fd:48:9d:c3:36:21:40:
         f4:00:94:8d:df:bc:8c:d1:3a:1b:8b:62:c8:4a:c4:6c:63:32:
         6c:b3:f5:fe:a3:47:2c:dd:be:e9:dc:ae:ad:66:f0:f9:c2:f6:
         14:5a:0c:2a:4c:4e:96:35:ad:ca:1a:ac:41:bd:c6:db:f8:f1:
         26:eb:2c:06:2a:8c:7d:55:bc:17:05:ce:5e:1a:ca:35:8b:a8:
         bd:2d:9b:4b:29:0b:c1:fe:5f:37:ee:1b:d6:41:a6:24:5f:49:
         71:c8:62:92:c8:3e:27:e2:1a:08:c9:b6:68:17:a6:de:b0:8e:
         1c:c8:9b:dc:53:e4:94:cb:45:66:46:22:e6:07:1a:35:34:4a:
         14:7d:e1:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb5KK9ur65iHjYjw5qJTCegMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIyMTgwMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDBiMTlhN2QyMzM3MmQ5ZTU1NDA4ZGE3ZmIyMDA3Y2YyYWViNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngOYlieCHzC+sbqSMjylxpWrBhHY
ORS3CeKyWbPIx3Y84IKTQyu7msHUwTw8bfFlIDnvNMbzOQAzGjW++v+7gyTPdpvx
XeSg+7FIk0yQIFD/klfZtWdOLbhfVC2xJzUZq994P1Shs4PW7suXFLeL20YKlVhk
ZY8ho98xeWk3OlvswvUGgT2jUdW/4QJFlZduShTxq00zAbZms1PXnbGPAUWPdnx5
5Ro/cAbxNHvl7i612N+MMpj9+ZHUB19xjrk1TmOfTD989dHJdLbOOX2Tj2YKq9f0
Dj6F//mmg/D1ih8RiNUPgOiAV5mU0ZKt1kILp7Qm+XKPblYyaElBGq77XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQLGafSM3LZ5VQI2n+yAHzyrrRlMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNUFzWnA5SXpjdG5sVkFqYWY3SUFmUEt1dEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/OSMA0G
CSqGSIb3DQEBCwUAA4IBAQB/l6KCjhJI6uUMPYjfoHUgFN+peamiSncheCn///MD
hx0Z3Qhm49+vC+tMCceeeZczJ2Oa1B9XKicAASELgRolqL3xv4rsrnnrpQ+G4vs0
nrWSpevobeFupJRMonYejO5WzZExm+FXq/1RnzP2r7h9MW9puc0XSv1IncM2IUD0
AJSN37yM0Tobi2LISsRsYzJss/X+o0cs3b7p3K6tZvD5wvYUWgwqTE6WNa3KGqxB
vcbb+PEm6ywGKox9VbwXBc5eGso1i6i9LZtLKQvB/l837hvWQaYkX0lxyGKSyD4n
4hoIybZoF6besI4cyJvcU+SUy0VmRiLmBxo1NEoUfeF7
-----END CERTIFICATE-----