Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5dOWslon4jRF1KXJxG49V6QZIcI.roa
File:                     5dOWslon4jRF1KXJxG49V6QZIcI.roa (raw, json)
Hash identifier:          hYYZ/H0lQk48HctDzAhP0jhb56kFDsswtvRC0Vf9DFU=
Subject key identifier:   E5:D3:96:B2:5A:27:E2:34:45:D4:A5:C9:C4:6E:3D:57:A4:19:21:C2
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019922801B6C6518ADFFD61BAE267824EE73
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5dOWslon4jRF1KXJxG49V6QZIcI.roa
Signing time:             Sun 07 Sep 2025 04:47:24 +0000
ROA not before:           Sun 07 Sep 2025 04:47:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        151.240.2.0/24 maxlen: 24
                          151.241.68.0/24 maxlen: 24
                          151.242.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:22:80:1b:6c:65:18:ad:ff:d6:1b:ae:26:78:24:ee:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  7 04:47:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5d396b25a27e23445d4a5c9c46e3d57a41921c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a3:d6:10:36:82:73:51:81:ed:cd:e2:31:88:
                    c3:60:73:57:18:4b:7e:a9:29:cd:35:48:63:43:99:
                    6f:b5:89:d2:f6:39:fa:e3:c0:9b:47:dc:c9:32:3b:
                    5d:99:e5:6f:b4:df:d8:c8:8e:72:97:8e:85:9b:c1:
                    39:22:2c:5a:06:f5:3c:8e:31:53:c7:8e:ca:c5:12:
                    5f:32:08:c2:00:04:50:50:5e:84:32:b3:23:36:2f:
                    08:e7:75:b2:6c:4a:c5:cb:89:83:68:d2:54:89:9d:
                    cb:3c:c1:12:5f:0b:da:ec:2d:ba:93:25:f3:48:91:
                    bc:99:98:50:85:54:df:e4:2f:96:47:2b:c1:39:23:
                    48:33:ce:ee:8f:f8:75:03:76:64:67:c4:ed:7a:e0:
                    e5:6e:45:2b:7d:f5:d0:77:1b:53:1c:4a:2d:cb:53:
                    1f:84:0c:b6:1f:4a:4e:2c:97:b7:e7:0b:af:cd:23:
                    76:9a:ab:15:0d:65:8a:0d:9b:3a:b5:96:9f:e8:b0:
                    f2:e7:0a:56:39:80:2e:e9:30:ee:9e:3b:3b:7a:7f:
                    4c:fe:75:8f:97:0f:26:7b:14:76:3d:b4:4e:f6:e1:
                    c7:15:86:38:bc:fd:e1:6d:17:f8:1e:19:20:1e:fb:
                    d3:1f:a1:5f:46:6e:fa:9f:4a:3e:83:5f:f6:63:8a:
                    44:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D3:96:B2:5A:27:E2:34:45:D4:A5:C9:C4:6E:3D:57:A4:19:21:C2
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5dOWslon4jRF1KXJxG49V6QZIcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.2.0/24
                  151.241.68.0/24
                  151.242.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:a4:27:4c:02:4a:23:7b:1c:43:8a:26:4a:9f:3e:23:c0:ba:
         90:0c:e9:37:f7:34:f8:83:27:40:2a:95:ab:1a:3b:97:e1:5d:
         97:60:ef:84:5c:43:1f:f6:53:ef:6b:5a:02:f1:2f:12:ab:78:
         98:f8:bf:7f:7d:c9:9c:7b:e8:5a:65:dc:9b:5e:58:ec:66:31:
         be:c1:92:f2:1c:f5:ad:a8:1c:78:97:12:2a:e5:5e:72:01:7d:
         20:93:6b:ba:43:ea:6e:b2:11:b9:3d:9c:8e:e6:8b:c5:7b:12:
         f8:b6:f8:3c:c5:f9:10:a5:35:28:6b:1b:cd:37:84:aa:ef:46:
         b7:c3:91:92:99:57:fe:b6:a9:4f:e1:23:4e:45:83:61:d1:4f:
         4d:e8:45:81:f7:72:4a:55:a1:fc:f7:ce:d8:f9:36:34:f1:17:
         f8:79:a9:01:f7:4a:e9:25:86:c2:3e:eb:7a:50:d7:83:19:ed:
         f9:ee:8e:ec:59:70:e9:ae:1b:27:c3:47:9f:2c:36:38:44:6e:
         f4:6e:fb:4d:51:a8:47:19:b2:8b:10:29:df:0f:23:41:0e:c0:
         73:ab:9a:aa:6e:c8:75:c6:f6:83:be:90:66:39:5d:ef:cf:c8:
         c2:fd:00:1e:23:da:fc:47:24:91:c0:6d:6d:1d:88:14:be:5e:
         95:b6:c0:51
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkigBtsZRit/9YbriZ4JO5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTA3MDQ0NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQzOTZiMjVhMjdlMjM0NDVkNGE1YzljNDZlM2Q1N2E0MTkyMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqPWEDaCc1GB7c3iMYjDYHNXGEt+
qSnNNUhjQ5lvtYnS9jn648CbR9zJMjtdmeVvtN/YyI5yl46Fm8E5IixaBvU8jjFT
x47KxRJfMgjCAARQUF6EMrMjNi8I53WybErFy4mDaNJUiZ3LPMESXwva7C26kyXz
SJG8mZhQhVTf5C+WRyvBOSNIM87uj/h1A3ZkZ8TteuDlbkUrffXQdxtTHEoty1Mf
hAy2H0pOLJe35wuvzSN2mqsVDWWKDZs6tZaf6LDy5wpWOYAu6TDunjs7en9M/nWP
lw8mexR2PbRO9uHHFYY4vP3hbRf4HhkgHvvTH6FfRm76n0o+g1/2Y4pEWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOXTlrJaJ+I0RdSlycRuPVekGSHCMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNWRPV3Nsb240alJGMUtYSnhHNDlWNlFaSWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/ACAwQA
l/FEAwQAl/L8MA0GCSqGSIb3DQEBCwUAA4IBAQBCpCdMAkojexxDiiZKnz4jwLqQ
DOk39zT4gydAKpWrGjuX4V2XYO+EXEMf9lPva1oC8S8Sq3iY+L9/fcmce+haZdyb
XljsZjG+wZLyHPWtqBx4lxIq5V5yAX0gk2u6Q+pushG5PZyO5ovFexL4tvg8xfkQ
pTUoaxvNN4Sq70a3w5GSmVf+tqlP4SNORYNh0U9N6EWB93JKVaH8987Y+TY08Rf4
eakB90rpJYbCPut6UNeDGe357o7sWXDprhsnw0efLDY4RG70bvtNUahHGbKLECnf
DyNBDsBzq5qqbsh1xvaDvpBmOV3vz8jC/QAeI9r8RySRwG1tHYgUvl6VtsBR
-----END CERTIFICATE-----