Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/C64oZI9-jUFTBT8VVShEiCorM_g.roa
File:                     C64oZI9-jUFTBT8VVShEiCorM_g.roa (raw, json)
Hash identifier:          YXtymYOSowTMNW2ZSxAr4wJlKe9YFHkWCC4yTwLDauc=
Subject key identifier:   0B:AE:28:64:8F:7E:8D:41:53:05:3F:15:55:28:44:88:2A:2B:33:F8
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01974077BDA76FF7A39E485E81BCD94BB18A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/C64oZI9-jUFTBT8VVShEiCorM_g.roa
Signing time:             Thu 05 Jun 2025 14:21:18 +0000
ROA not before:           Thu 05 Jun 2025 14:21:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7979
IP address blocks:        151.240.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:77:bd:a7:6f:f7:a3:9e:48:5e:81:bc:d9:4b:b1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  5 14:21:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bae28648f7e8d4153053f15552844882a2b33f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:13:f8:91:df:10:75:bd:8b:a7:3f:c3:61:a9:
                    f5:a2:75:e7:df:26:c3:b1:9d:37:d5:72:da:f4:1b:
                    4b:4d:cc:4a:10:3d:12:31:68:f0:db:8c:83:88:ff:
                    7e:f8:00:19:79:9d:76:7e:ae:18:c2:b6:94:b3:5f:
                    86:11:c2:6d:c3:6a:b9:de:26:45:58:b9:26:32:9c:
                    3b:3a:35:56:20:a9:db:49:da:20:38:3e:09:9b:fd:
                    69:5e:46:65:09:e3:dd:cf:85:b0:b3:9f:09:7f:b9:
                    c2:e6:00:d5:49:da:a5:8f:92:c9:3e:10:fe:57:44:
                    b8:3a:33:82:8c:b9:8b:cc:10:8b:1f:36:67:d2:03:
                    c1:22:62:62:41:67:2d:eb:be:4d:7f:a9:db:ff:ff:
                    83:f9:a2:19:96:9e:3e:f7:47:f2:27:49:9c:2b:46:
                    4d:e4:6b:ba:fd:6a:66:6b:2b:6a:29:fb:39:d3:8e:
                    11:1a:a1:db:a5:b3:85:4b:f4:aa:47:73:b1:c7:c1:
                    bd:79:8f:2e:07:c2:4c:af:e2:84:6f:41:7d:c9:cc:
                    06:c4:fb:5d:e9:0f:65:d0:ed:9f:6e:9f:86:5e:75:
                    b8:db:19:55:16:b8:88:7b:a2:e8:d6:7f:0e:ad:c9:
                    40:f6:46:31:f2:33:31:2b:91:c0:64:4d:35:80:5b:
                    39:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:AE:28:64:8F:7E:8D:41:53:05:3F:15:55:28:44:88:2A:2B:33:F8
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/C64oZI9-jUFTBT8VVShEiCorM_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:89:5e:12:a9:1c:02:0d:7f:9a:38:c2:9b:eb:56:5d:e3:58:
         d3:01:77:f8:31:00:ae:f8:f3:1e:5d:f1:98:5c:7f:a3:e4:e2:
         d9:ef:e8:70:66:ca:65:63:36:48:18:0f:c8:00:1b:0d:e0:e9:
         eb:2a:c2:e8:32:66:a0:80:79:44:d8:8b:7a:c3:cf:00:ef:bc:
         9b:77:b8:6c:f1:24:8c:af:32:87:25:28:9a:fe:89:58:37:42:
         ba:1c:0c:06:c1:b4:f0:a4:78:30:94:84:66:d8:70:97:63:31:
         4b:69:0d:3f:e3:7b:03:b6:e7:21:b1:79:aa:83:d9:ac:80:f1:
         08:a4:dc:32:70:51:46:39:21:f1:4c:6c:e2:70:36:31:66:c3:
         a1:7d:9b:d3:1d:72:9d:f6:30:8e:d1:13:74:c3:25:55:e9:9a:
         27:cd:3a:0d:f4:c9:e5:fa:29:7e:ef:56:85:33:2c:16:6b:b5:
         86:6b:90:a7:44:67:3e:a4:c2:b5:70:61:b8:60:c7:7a:dc:32:
         26:da:99:c7:f2:ba:8b:ae:08:2f:e2:83:e4:0c:06:8a:5a:f0:
         45:c6:60:34:fb:37:e3:01:ae:95:06:7f:72:11:fc:58:fd:fa:
         4f:59:84:81:ae:b8:79:fa:88:15:9f:60:7d:24:b2:e7:f0:65:
         e7:97:cd:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdAd72nb/ejnkhegbzZS7GKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjA1MTQyMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmFlMjg2NDhmN2U4ZDQxNTMwNTNmMTU1NTI4NDQ4ODJhMmIzM2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRP4kd8Qdb2Lpz/DYan1onXn3ybD
sZ031XLa9BtLTcxKED0SMWjw24yDiP9++AAZeZ12fq4YwraUs1+GEcJtw2q53iZF
WLkmMpw7OjVWIKnbSdogOD4Jm/1pXkZlCePdz4Wws58Jf7nC5gDVSdqlj5LJPhD+
V0S4OjOCjLmLzBCLHzZn0gPBImJiQWct675Nf6nb//+D+aIZlp4+90fyJ0mcK0ZN
5Gu6/WpmaytqKfs5044RGqHbpbOFS/SqR3Oxx8G9eY8uB8JMr+KEb0F9ycwGxPtd
6Q9l0O2fbp+GXnW42xlVFriIe6Lo1n8OrclA9kYx8jMxK5HAZE01gFs5YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuuKGSPfo1BUwU/FVUoRIgqKzP4MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQzY0b1pJOS1qVUZUQlQ4VlZTaEVpQ29yTV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/ASMA0G
CSqGSIb3DQEBCwUAA4IBAQAaiV4SqRwCDX+aOMKb61Zd41jTAXf4MQCu+PMeXfGY
XH+j5OLZ7+hwZsplYzZIGA/IABsN4OnrKsLoMmaggHlE2It6w88A77ybd7hs8SSM
rzKHJSia/olYN0K6HAwGwbTwpHgwlIRm2HCXYzFLaQ0/43sDtuchsXmqg9msgPEI
pNwycFFGOSHxTGzicDYxZsOhfZvTHXKd9jCO0RN0wyVV6ZonzToN9Mnl+il+71aF
MywWa7WGa5CnRGc+pMK1cGG4YMd63DIm2pnH8rqLrggv4oPkDAaKWvBFxmA0+zfj
Aa6VBn9yEfxY/fpPWYSBrrh5+ogVn2B9JLLn8GXnl80J
-----END CERTIFICATE-----