Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7N9NrHquBwP1JB72Yxw3wKXBSoM.roa
File:                     7N9NrHquBwP1JB72Yxw3wKXBSoM.roa (raw, json)
Hash identifier:          tk0k/4YQFljF+sCXkXGtLSrRWWK67686FK9ml55e0BU=
Subject key identifier:   EC:DF:4D:AC:7A:AE:07:03:F5:24:1E:F6:63:1C:37:C0:A5:C1:4A:83
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194B0AE649D79AE2AA1BD943254CAA3717D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7N9NrHquBwP1JB72Yxw3wKXBSoM.roa
Signing time:             Wed 29 Jan 2025 06:10:06 +0000
ROA not before:           Wed 29 Jan 2025 06:10:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207252
IP address blocks:        151.243.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b0:ae:64:9d:79:ae:2a:a1:bd:94:32:54:ca:a3:71:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 29 06:10:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecdf4dac7aae0703f5241ef6631c37c0a5c14a83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b2:3c:8f:ea:2f:58:ae:f1:f1:5f:61:84:70:
                    8b:f0:55:3e:8f:6a:19:f6:cf:92:3d:46:60:fb:23:
                    c8:59:84:1c:cc:bf:eb:92:33:02:30:1d:75:88:d2:
                    aa:e8:74:f1:4f:f5:eb:3c:ee:93:0a:b9:f4:de:0f:
                    d5:36:3c:b7:ed:ea:5e:54:22:3c:e5:ca:43:5d:3b:
                    7b:6d:fe:fa:34:18:ea:48:bd:08:db:8b:e8:5f:8c:
                    4f:f3:4a:e2:74:af:60:5e:41:c1:1d:3e:5b:9c:6e:
                    e4:0a:b5:65:7f:fd:d9:6a:d5:73:bc:d2:4c:23:3b:
                    e3:31:63:16:27:d2:0f:c7:6d:19:3d:d9:ad:ab:f2:
                    59:1f:51:a1:12:5d:df:9e:e9:16:96:89:b0:be:2c:
                    96:ee:a4:39:06:50:aa:d5:ba:74:6f:33:f3:51:08:
                    cd:68:55:17:28:5f:48:b6:b6:45:f6:5f:7b:2c:07:
                    96:bf:33:1b:2f:7b:51:4e:84:e6:bb:89:a1:f0:03:
                    99:1a:60:3b:75:87:55:35:76:47:20:6c:22:82:eb:
                    4b:eb:17:28:a7:bd:f8:f8:f1:db:b0:72:bd:16:a9:
                    47:2d:bc:13:c8:d8:b3:e6:f5:4a:7c:bf:60:27:9b:
                    46:15:44:59:8d:67:fa:ea:79:29:59:35:58:f7:fe:
                    da:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:DF:4D:AC:7A:AE:07:03:F5:24:1E:F6:63:1C:37:C0:A5:C1:4A:83
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7N9NrHquBwP1JB72Yxw3wKXBSoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:dd:98:7b:64:db:83:80:3d:0a:16:2f:29:ca:00:7c:b6:be:
         61:c9:cb:05:2a:4d:84:0b:53:a3:38:0c:99:18:2f:4e:aa:31:
         03:68:d4:23:c6:7b:1b:4d:52:e7:2f:d3:79:24:ab:37:35:1d:
         2c:7c:4c:36:84:21:fa:c0:fc:9a:06:8d:43:f7:00:9b:04:a6:
         7d:70:ba:25:2a:4c:94:f2:36:5b:fb:0a:a9:70:7b:c3:f2:29:
         10:04:f5:ae:60:71:8a:99:10:df:f9:f6:a8:af:72:94:f6:10:
         c2:c9:43:b6:56:b6:42:51:aa:f0:2d:42:4a:e8:17:3c:c0:05:
         4a:d5:26:29:b2:94:45:07:8f:c7:85:a7:61:b5:5c:2b:f8:2d:
         ab:0e:b2:61:85:27:a2:95:78:02:de:3f:37:df:2d:24:6b:8a:
         3a:09:4a:89:bd:25:06:ad:09:04:1d:93:16:5e:49:98:e6:67:
         83:59:73:ba:11:44:d0:73:23:df:08:c0:01:50:b8:85:64:ab:
         64:75:69:e9:c7:d0:d5:4a:ab:3b:55:0c:b3:ce:1a:3f:eb:59:
         90:8b:56:b6:c9:f0:3a:9b:f5:b1:02:24:c8:d9:09:72:0b:14:
         62:ac:a7:bc:cd:8f:af:33:68:71:b8:43:d3:df:d7:64:25:e0:
         9b:6f:7f:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSwrmSdea4qob2UMlTKo3F9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTI5MDYxMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2RmNGRhYzdhYWUwNzAzZjUyNDFlZjY2MzFjMzdjMGE1YzE0YTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7I8j+ovWK7x8V9hhHCL8FU+j2oZ
9s+SPUZg+yPIWYQczL/rkjMCMB11iNKq6HTxT/XrPO6TCrn03g/VNjy37epeVCI8
5cpDXTt7bf76NBjqSL0I24voX4xP80ridK9gXkHBHT5bnG7kCrVlf/3ZatVzvNJM
IzvjMWMWJ9IPx20ZPdmtq/JZH1GhEl3fnukWlomwviyW7qQ5BlCq1bp0bzPzUQjN
aFUXKF9ItrZF9l97LAeWvzMbL3tRToTmu4mh8AOZGmA7dYdVNXZHIGwigutL6xco
p734+PHbsHK9FqlHLbwTyNiz5vVKfL9gJ5tGFURZjWf66nkpWTVY9/7adwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzfTax6rgcD9SQe9mMcN8ClwUqDMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvN045TnJIcXVCd1AxSkI3Mll4dzN3S1hCU29NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/PQMA0G
CSqGSIb3DQEBCwUAA4IBAQBS3Zh7ZNuDgD0KFi8pygB8tr5hycsFKk2EC1OjOAyZ
GC9OqjEDaNQjxnsbTVLnL9N5JKs3NR0sfEw2hCH6wPyaBo1D9wCbBKZ9cLolKkyU
8jZb+wqpcHvD8ikQBPWuYHGKmRDf+faor3KU9hDCyUO2VrZCUarwLUJK6Bc8wAVK
1SYpspRFB4/HhadhtVwr+C2rDrJhhSeilXgC3j833y0ka4o6CUqJvSUGrQkEHZMW
XkmY5meDWXO6EUTQcyPfCMABULiFZKtkdWnpx9DVSqs7VQyzzho/61mQi1a2yfA6
m/WxAiTI2QlyCxRirKe8zY+vM2hxuEPT39dkJeCbb3/J
-----END CERTIFICATE-----