Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gx1OfLawBezhXtcE2m9GWSGGhp0.roa
File:                     Gx1OfLawBezhXtcE2m9GWSGGhp0.roa (raw, json)
Hash identifier:          rPx3FOS1dbbLiqjbarR/OUX0D+CsXULsak4gygThGDQ=
Subject key identifier:   1B:1D:4E:7C:B6:B0:05:EC:E1:5E:D7:04:DA:6F:46:59:21:86:86:9D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019531B5C552604B7ADCF2F247494D3F9D19
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gx1OfLawBezhXtcE2m9GWSGGhp0.roa
Signing time:             Sun 23 Feb 2025 07:29:10 +0000
ROA not before:           Sun 23 Feb 2025 07:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211826
IP address blocks:        151.243.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:31:b5:c5:52:60:4b:7a:dc:f2:f2:47:49:4d:3f:9d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 23 07:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b1d4e7cb6b005ece15ed704da6f46592186869d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:10:02:03:ec:4c:84:74:22:a8:48:50:a7:fa:
                    6f:2f:8f:4a:9b:90:5b:30:d4:28:74:6a:62:6d:3e:
                    71:d1:c0:14:ef:cc:66:82:b6:a8:e6:1c:f2:01:d0:
                    6b:0e:46:23:bb:41:1c:88:9f:0e:2a:96:cb:84:b7:
                    4a:80:18:1a:83:c3:e5:7b:8b:87:0f:e3:5e:71:0b:
                    3d:98:29:97:a9:0a:88:b4:f5:b2:11:1b:54:47:48:
                    b1:57:0d:a1:93:bd:8a:ce:ca:b6:4d:f3:66:a6:ec:
                    f7:53:59:fa:cb:ba:6b:5b:ff:a4:41:4a:c2:20:81:
                    bd:7a:34:2d:dd:96:80:bd:78:71:78:4f:87:3e:f4:
                    3c:15:7c:8d:bd:e2:db:d9:f0:8c:c8:7c:30:aa:2c:
                    be:09:22:44:0e:10:16:51:20:40:82:13:b3:7d:12:
                    d4:3b:be:00:c3:a9:9d:fd:ae:91:7a:9e:2a:da:f6:
                    fe:0f:27:f8:d0:c6:31:c0:35:e4:22:ff:e2:36:46:
                    12:42:65:e7:07:ce:26:df:d8:70:3b:f5:8a:61:31:
                    4b:24:ea:88:39:e6:a0:ce:92:ff:40:de:e8:c0:48:
                    31:3c:c7:ca:a5:5b:e0:21:05:16:ef:89:c0:4d:2f:
                    db:20:53:52:d0:7c:09:1f:83:77:22:79:31:6b:71:
                    13:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:1D:4E:7C:B6:B0:05:EC:E1:5E:D7:04:DA:6F:46:59:21:86:86:9D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gx1OfLawBezhXtcE2m9GWSGGhp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:aa:e8:05:d4:7e:4b:fd:60:a3:8c:04:b7:dd:03:67:33:be:
         50:56:18:0b:98:b4:b7:b4:41:58:43:c2:96:67:a2:66:0a:d7:
         fd:d4:06:6e:cb:aa:f4:71:9a:4e:1c:35:34:e5:65:bc:46:10:
         98:02:f0:a8:b3:b9:a4:c5:6c:93:0f:70:de:a2:47:d0:a8:a6:
         97:15:47:c9:98:7d:82:2d:a7:2f:9f:9b:b7:45:4a:78:f1:30:
         52:0d:01:a4:2c:c1:5d:fd:4b:bb:b0:85:82:29:78:60:9c:b0:
         5d:9d:45:cd:9b:d7:b8:a7:a3:3b:0d:dd:fe:38:dc:21:9c:24:
         90:21:0c:e2:d4:59:b5:00:ce:a2:c2:20:e0:7b:65:23:61:1d:
         c9:ef:20:74:df:bb:34:b6:02:15:3c:b4:56:94:58:78:16:df:
         97:53:72:a8:fa:ee:bf:28:dc:a2:e2:20:9d:b2:ac:60:49:55:
         38:08:ef:2c:28:cd:c6:2e:fa:ce:f4:74:2b:46:f2:81:da:d3:
         ba:a9:39:23:7c:0a:a3:74:b4:91:9c:9b:55:a2:7c:3c:52:81:
         b6:24:f1:2a:2c:89:70:d9:3d:50:ee:ac:a6:28:5f:74:91:55:
         37:5f:a4:f3:4d:5f:4b:d1:ca:4a:75:ec:fe:38:b5:4b:11:9e:
         13:71:33:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUxtcVSYEt63PLyR0lNP50ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjIzMDcyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjFkNGU3Y2I2YjAwNWVjZTE1ZWQ3MDRkYTZmNDY1OTIxODY4NjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhACA+xMhHQiqEhQp/pvL49Km5Bb
MNQodGpibT5x0cAU78xmgrao5hzyAdBrDkYju0EciJ8OKpbLhLdKgBgag8Ple4uH
D+NecQs9mCmXqQqItPWyERtUR0ixVw2hk72Kzsq2TfNmpuz3U1n6y7prW/+kQUrC
IIG9ejQt3ZaAvXhxeE+HPvQ8FXyNveLb2fCMyHwwqiy+CSJEDhAWUSBAghOzfRLU
O74Aw6md/a6Rep4q2vb+Dyf40MYxwDXkIv/iNkYSQmXnB84m39hwO/WKYTFLJOqI
OeagzpL/QN7owEgxPMfKpVvgIQUW74nATS/bIFNS0HwJH4N3Inkxa3EThwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsdTny2sAXs4V7XBNpvRlkhhoadMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvR3gxT2ZMYXdCZXpoWHRjRTJtOUdXU0dHaHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NTMA0G
CSqGSIb3DQEBCwUAA4IBAQCCqugF1H5L/WCjjAS33QNnM75QVhgLmLS3tEFYQ8KW
Z6JmCtf91AZuy6r0cZpOHDU05WW8RhCYAvCos7mkxWyTD3DeokfQqKaXFUfJmH2C
Lacvn5u3RUp48TBSDQGkLMFd/Uu7sIWCKXhgnLBdnUXNm9e4p6M7Dd3+ONwhnCSQ
IQzi1Fm1AM6iwiDge2UjYR3J7yB037s0tgIVPLRWlFh4Ft+XU3Ko+u6/KNyi4iCd
sqxgSVU4CO8sKM3GLvrO9HQrRvKB2tO6qTkjfAqjdLSRnJtVonw8UoG2JPEqLIlw
2T1Q7qymKF90kVU3X6TzTV9L0cpKdez+OLVLEZ4TcTMo
-----END CERTIFICATE-----