Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6MPDHCEIPkyrhiRXAhNxoaMjsGY.roa
File:                     6MPDHCEIPkyrhiRXAhNxoaMjsGY.roa (raw, json)
Hash identifier:          a9s4Wm0aS4bXbdh7QH/FpIOPy/RlCujZfn8Ls77Kv80=
Subject key identifier:   E8:C3:C3:1C:21:08:3E:4C:AB:86:24:57:02:13:71:A1:A3:23:B0:66
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019879F18C3A86DA7DB5EF548A3855E9BC5B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6MPDHCEIPkyrhiRXAhNxoaMjsGY.roa
Signing time:             Tue 05 Aug 2025 11:15:29 +0000
ROA not before:           Tue 05 Aug 2025 11:15:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400529
IP address blocks:        151.241.18.0/24 maxlen: 24
                          151.244.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 21:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:79:f1:8c:3a:86:da:7d:b5:ef:54:8a:38:55:e9:bc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  5 11:15:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8c3c31c21083e4cab862457021371a1a323b066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:96:b4:19:2a:30:12:ac:05:c1:d3:82:4d:48:
                    22:cc:3c:dc:c2:a7:8b:ba:02:86:6a:e6:01:84:18:
                    af:6b:5d:46:61:84:74:ca:fa:9d:84:99:ce:5f:bd:
                    b2:87:30:d5:89:51:60:cc:a3:35:b1:de:dc:93:7f:
                    eb:e5:92:07:a9:fa:b6:67:9f:10:2c:43:12:ce:20:
                    5e:ad:0c:a2:f7:a3:96:5c:40:cb:35:e6:a7:00:b4:
                    af:32:fe:5d:10:76:81:b3:c2:72:09:4e:6e:ea:3d:
                    3f:cc:32:30:e1:d3:99:89:02:39:38:1f:a4:fd:dd:
                    85:22:2a:af:3d:d0:63:89:a0:05:d0:c0:bd:e8:51:
                    89:e0:fc:90:d3:07:3d:e9:33:d4:dd:2a:0f:46:a1:
                    d6:a7:aa:13:91:79:52:f4:6c:ce:1b:bc:fd:6c:50:
                    b4:09:2d:0b:e2:3a:cc:0f:24:c5:93:f5:49:b4:91:
                    5c:fb:90:fc:97:b8:77:14:85:a8:f6:47:f3:c8:1e:
                    d8:b3:2b:14:bd:a8:51:b9:61:bb:ac:e0:a8:88:41:
                    01:8f:10:18:61:73:a7:00:e9:22:73:69:19:fb:05:
                    71:67:7c:61:a2:14:3c:aa:6c:9b:4e:3a:f3:a4:d8:
                    dd:d0:dc:7a:9c:76:e6:3a:a1:da:0e:3b:b0:d8:a4:
                    71:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:C3:C3:1C:21:08:3E:4C:AB:86:24:57:02:13:71:A1:A3:23:B0:66
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6MPDHCEIPkyrhiRXAhNxoaMjsGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.18.0/24
                  151.244.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:56:0d:5c:16:ef:33:93:3d:88:8f:3c:69:cc:80:00:15:2f:
         a9:4f:aa:b0:89:e7:8c:6b:64:b8:2b:8c:05:b5:ce:81:58:f2:
         3e:a5:5c:9e:b2:3a:31:96:0e:f5:57:31:a2:30:6b:88:dd:b1:
         a1:a5:a7:2d:94:a1:16:57:99:c6:74:c3:b5:3c:f5:18:7f:88:
         68:f3:9c:81:f1:92:32:17:14:85:26:02:fc:8a:70:9a:16:19:
         45:52:7e:0c:99:bf:05:4d:dc:db:a9:66:72:63:52:51:55:5d:
         79:48:a0:85:32:96:ec:a6:67:32:2b:2a:77:dc:cf:d9:61:eb:
         aa:6f:e3:53:73:03:b1:12:f3:43:d7:d7:12:84:e4:42:2f:f4:
         6e:5f:81:51:a4:bb:7c:40:2d:22:75:ff:d5:39:99:1f:5b:1a:
         89:6b:db:d2:cf:11:35:69:56:b9:db:3f:a4:10:64:f2:bc:4d:
         a6:40:32:77:b7:88:0b:58:c8:07:b4:e2:0f:52:83:c4:cf:53:
         8a:78:ae:eb:1e:95:9d:2a:ab:bd:1f:11:80:e0:09:0e:04:58:
         ff:5c:f3:98:0a:4f:db:95:a7:20:43:e5:4e:a2:20:c4:3b:d0:
         e5:b3:cd:0a:30:87:d0:e3:a5:9c:2b:ee:23:40:ab:1e:0c:a5:
         e3:90:b1:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh58Yw6htp9te9UijhV6bxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODA1MTExNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGMzYzMxYzIxMDgzZTRjYWI4NjI0NTcwMjEzNzFhMWEzMjNiMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJa0GSowEqwFwdOCTUgizDzcwqeL
ugKGauYBhBiva11GYYR0yvqdhJnOX72yhzDViVFgzKM1sd7ck3/r5ZIHqfq2Z58Q
LEMSziBerQyi96OWXEDLNeanALSvMv5dEHaBs8JyCU5u6j0/zDIw4dOZiQI5OB+k
/d2FIiqvPdBjiaAF0MC96FGJ4PyQ0wc96TPU3SoPRqHWp6oTkXlS9GzOG7z9bFC0
CS0L4jrMDyTFk/VJtJFc+5D8l7h3FIWo9kfzyB7YsysUvahRuWG7rOCoiEEBjxAY
YXOnAOkic2kZ+wVxZ3xhohQ8qmybTjrzpNjd0Nx6nHbmOqHaDjuw2KRxlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOjDwxwhCD5Mq4YkVwITcaGjI7BmMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNk1QREhDRUlQa3lyaGlSWEFoTnhvYU1qc0dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/ESAwQA
l/T6MA0GCSqGSIb3DQEBCwUAA4IBAQBnVg1cFu8zkz2IjzxpzIAAFS+pT6qwieeM
a2S4K4wFtc6BWPI+pVyesjoxlg71VzGiMGuI3bGhpactlKEWV5nGdMO1PPUYf4ho
85yB8ZIyFxSFJgL8inCaFhlFUn4Mmb8FTdzbqWZyY1JRVV15SKCFMpbspmcyKyp3
3M/ZYeuqb+NTcwOxEvND19cShORCL/RuX4FRpLt8QC0idf/VOZkfWxqJa9vSzxE1
aVa52z+kEGTyvE2mQDJ3t4gLWMgHtOIPUoPEz1OKeK7rHpWdKqu9HxGA4AkOBFj/
XPOYCk/blacgQ+VOoiDEO9Dls80KMIfQ46WcK+4jQKseDKXjkLEF
-----END CERTIFICATE-----