Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ib0eX-Uz2yTdZ8gRBUOe2Jn6-4o.roa
File:                     Ib0eX-Uz2yTdZ8gRBUOe2Jn6-4o.roa (raw, json)
Hash identifier:          pIshxxNXu7q0GkQoCnGVQiwuY10dv1mMl2Esg6k723A=
Subject key identifier:   21:BD:1E:5F:E5:33:DB:24:DD:67:C8:11:05:43:9E:D8:99:FA:FB:8A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196CD3F29329EB1C5A4A41838FFC382E4E9
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ib0eX-Uz2yTdZ8gRBUOe2Jn6-4o.roa
Signing time:             Wed 14 May 2025 05:23:10 +0000
ROA not before:           Wed 14 May 2025 05:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10111
IP address blocks:        151.242.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:3f:29:32:9e:b1:c5:a4:a4:18:38:ff:c3:82:e4:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 14 05:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21bd1e5fe533db24dd67c81105439ed899fafb8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:78:45:40:0c:f9:72:87:68:00:2a:57:33:de:
                    33:88:00:c6:e3:8b:49:f7:9d:c5:2d:c5:9f:1e:5b:
                    57:e9:89:47:f1:7c:a2:a8:e0:15:1c:a4:ae:26:89:
                    2c:34:cc:c9:a2:34:53:da:40:9d:38:d8:a2:3c:dc:
                    fd:01:82:1c:c4:3b:39:80:40:3c:23:39:45:8d:c9:
                    c6:05:2f:43:c5:63:b1:4d:e4:93:a8:3f:21:9a:f8:
                    e7:31:8c:c8:f7:45:0e:8c:cc:ae:92:4d:83:4c:0f:
                    48:2c:8b:c1:d0:88:db:08:99:4e:e6:b9:bd:9c:6a:
                    57:ba:0a:1e:33:ef:da:46:16:32:6e:86:f5:11:6d:
                    b9:36:32:63:c4:43:c9:1a:ec:6c:f6:7a:c2:42:c3:
                    76:20:27:4d:e6:5b:21:a8:f5:a9:bf:80:07:44:97:
                    c7:4c:64:cb:47:2d:08:c1:b8:a1:00:56:4b:20:0f:
                    62:88:49:d5:09:84:bd:ae:df:5b:ba:0e:22:20:ab:
                    b4:17:2b:bd:fb:02:12:dc:70:15:e4:ed:23:4f:b0:
                    58:b3:f3:01:00:0a:fb:7d:77:47:d5:29:c8:39:34:
                    df:8a:96:58:95:c4:55:10:8c:39:bb:44:d3:32:62:
                    0c:ea:22:1c:61:9c:74:23:04:7b:c7:49:03:5c:a2:
                    ba:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BD:1E:5F:E5:33:DB:24:DD:67:C8:11:05:43:9E:D8:99:FA:FB:8A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ib0eX-Uz2yTdZ8gRBUOe2Jn6-4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:6c:be:fd:27:78:2c:52:0a:60:0f:ab:79:ce:78:2b:f2:87:
         ad:2a:77:3b:bd:fd:7d:09:cb:6f:31:1e:ce:9c:f2:2d:7b:43:
         87:3b:d7:8d:f3:84:46:30:a4:b1:36:a6:ed:8f:46:82:49:9a:
         24:30:1c:c6:ca:81:2f:7c:0b:3e:21:db:de:fa:8d:71:6e:2f:
         95:02:a3:cb:42:90:8a:9a:87:e7:36:de:08:bb:15:a3:c0:63:
         d4:9d:5c:d4:df:63:15:fa:db:bb:24:7a:1e:af:e2:c8:4d:b7:
         14:f6:f0:12:59:46:c0:bc:8e:75:ca:0a:0d:3b:11:ff:72:f1:
         92:43:27:e6:99:24:f1:62:0c:e5:0a:29:ab:0b:9e:08:56:57:
         61:09:6f:91:ac:e1:74:76:0f:9e:bc:a3:9b:8f:9b:39:a9:c7:
         39:a8:3a:eb:0d:27:7b:55:79:b6:fe:72:b2:27:f1:23:75:ae:
         d9:25:1f:29:36:f2:ce:4e:fb:b8:3f:25:c6:9e:7e:b7:e1:76:
         cb:72:25:26:fb:f0:38:3a:2b:30:b6:d6:78:2c:38:8a:40:10:
         f7:6d:de:18:e5:7d:e9:8a:47:2b:b6:39:b6:f5:18:d0:da:6a:
         1d:19:1f:fc:f9:9e:15:c0:3e:4f:2d:83:61:81:6a:88:c7:5b:
         9d:d4:34:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbNPykynrHFpKQYOP/DguTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE0MDUyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWJkMWU1ZmU1MzNkYjI0ZGQ2N2M4MTEwNTQzOWVkODk5ZmFmYjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunhFQAz5codoACpXM94ziADG44tJ
953FLcWfHltX6YlH8XyiqOAVHKSuJoksNMzJojRT2kCdONiiPNz9AYIcxDs5gEA8
IzlFjcnGBS9DxWOxTeSTqD8hmvjnMYzI90UOjMyukk2DTA9ILIvB0IjbCJlO5rm9
nGpXugoeM+/aRhYybob1EW25NjJjxEPJGuxs9nrCQsN2ICdN5lshqPWpv4AHRJfH
TGTLRy0IwbihAFZLIA9iiEnVCYS9rt9bug4iIKu0Fyu9+wIS3HAV5O0jT7BYs/MB
AAr7fXdH1SnIOTTfipZYlcRVEIw5u0TTMmIM6iIcYZx0IwR7x0kDXKK63QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCG9Hl/lM9sk3WfIEQVDntiZ+vuKMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSWIwZVgtVXoyeVRkWjhnUkJVT2UySm42LTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JBMA0G
CSqGSIb3DQEBCwUAA4IBAQCQbL79J3gsUgpgD6t5zngr8oetKnc7vf19CctvMR7O
nPIte0OHO9eN84RGMKSxNqbtj0aCSZokMBzGyoEvfAs+Idve+o1xbi+VAqPLQpCK
mofnNt4IuxWjwGPUnVzU32MV+tu7JHoer+LITbcU9vASWUbAvI51ygoNOxH/cvGS
QyfmmSTxYgzlCimrC54IVldhCW+RrOF0dg+evKObj5s5qcc5qDrrDSd7VXm2/nKy
J/Ejda7ZJR8pNvLOTvu4PyXGnn634XbLciUm+/A4OiswttZ4LDiKQBD3bd4Y5X3p
ikcrtjm29RjQ2modGR/8+Z4VwD5PLYNhgWqIx1ud1DQZ
-----END CERTIFICATE-----