Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JUyMdg3nes4tA2o53DpAK6qzsf0.roa
File:                     JUyMdg3nes4tA2o53DpAK6qzsf0.roa (raw, json)
Hash identifier:          dXw65KovpGCf0auNMPezKIZape91M6jwRTr8Gl1Egg4=
Subject key identifier:   25:4C:8C:76:0D:E7:7A:CE:2D:03:6A:39:DC:3A:40:2B:AA:B3:B1:FD
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019734E51A8F5DA8FBD247B786F7C6C49871
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JUyMdg3nes4tA2o53DpAK6qzsf0.roa
Signing time:             Tue 03 Jun 2025 08:25:19 +0000
ROA not before:           Tue 03 Jun 2025 08:25:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209554
IP address blocks:        151.240.12.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:34:e5:1a:8f:5d:a8:fb:d2:47:b7:86:f7:c6:c4:98:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  3 08:25:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=254c8c760de77ace2d036a39dc3a402baab3b1fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4d:30:13:07:b7:09:7b:d1:4f:e9:fe:bf:59:
                    c6:3a:69:a5:3e:86:d4:c6:98:6a:24:ec:c0:4b:d6:
                    99:dc:87:f3:da:5b:51:d2:af:12:11:23:4f:a9:e1:
                    97:91:89:d6:e3:01:05:3c:c1:08:4a:3b:39:10:f3:
                    1b:20:7f:b6:83:e5:c8:d0:f9:f4:44:a4:27:82:1f:
                    56:37:5c:c0:43:54:ea:34:63:a1:f6:ae:c4:51:94:
                    32:ed:c9:e2:cc:8a:0b:d2:da:50:72:a8:11:f8:9a:
                    4c:cd:6e:cb:b8:dd:9b:11:78:c2:39:de:a6:3c:13:
                    8f:89:c2:93:17:32:83:bd:81:dc:a2:ea:50:c3:da:
                    0d:bb:1e:17:2a:f2:3f:ad:d6:9a:be:ad:87:db:0e:
                    83:fd:1a:16:62:8a:20:f4:23:ce:ff:89:4b:bb:68:
                    92:7b:b1:67:2b:26:ec:a6:03:de:24:7b:16:08:c2:
                    70:62:34:2b:a1:c0:d4:a5:da:8d:95:2c:dc:a9:95:
                    c1:94:09:e5:01:36:da:f1:94:53:4e:dd:c9:c7:bf:
                    ea:39:1f:77:19:66:75:d5:57:e8:d1:8a:64:a7:20:
                    0d:ec:07:75:f6:80:19:2f:28:8f:5b:82:5b:19:56:
                    87:d9:ab:0d:da:52:ed:72:64:5e:bd:35:54:67:cc:
                    a6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4C:8C:76:0D:E7:7A:CE:2D:03:6A:39:DC:3A:40:2B:AA:B3:B1:FD
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JUyMdg3nes4tA2o53DpAK6qzsf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:d5:48:e7:14:26:30:bf:10:96:19:86:2b:60:15:30:6d:b8:
         f7:76:95:ef:2e:e0:b9:32:76:c8:03:68:a0:ed:1d:5c:b0:52:
         7b:fd:bc:09:89:c9:4c:ec:a5:e0:91:28:47:b5:cd:70:c1:8a:
         e0:a9:1d:30:a8:c8:8d:4d:12:75:cf:eb:0a:e9:80:f8:45:f0:
         ea:26:06:1a:52:90:26:70:71:d0:37:cf:89:77:98:11:c1:99:
         8d:97:96:92:97:3d:cd:45:64:e3:63:96:34:c6:09:8e:9d:c9:
         69:a2:5e:ab:c1:5e:fa:f4:bc:b9:74:af:a8:96:4e:52:c5:e4:
         05:62:3e:6e:de:a0:9e:be:7a:0c:2a:e8:b3:61:6d:f4:1e:45:
         aa:18:58:7f:df:63:34:8d:03:71:42:2c:9a:28:26:d0:a3:4a:
         fc:15:1a:1f:7d:55:f8:61:b7:53:e5:e0:83:00:e8:a5:04:0c:
         d6:28:d9:06:96:c9:4d:75:82:c8:6c:26:8c:74:c6:0a:d7:48:
         9a:8e:38:86:80:09:7c:95:67:e4:7f:86:11:46:db:12:af:98:
         52:1c:9f:5f:a5:74:6b:65:23:04:53:66:7c:3d:51:45:65:12:
         9d:1e:39:8b:e3:34:2c:f1:c8:a3:3c:70:2d:06:67:00:5c:41:
         40:28:5c:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc05RqPXaj70ke3hvfGxJhxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjAzMDgyNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTRjOGM3NjBkZTc3YWNlMmQwMzZhMzlkYzNhNDAyYmFhYjNiMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw00wEwe3CXvRT+n+v1nGOmmlPobU
xphqJOzAS9aZ3Ifz2ltR0q8SESNPqeGXkYnW4wEFPMEISjs5EPMbIH+2g+XI0Pn0
RKQngh9WN1zAQ1TqNGOh9q7EUZQy7cnizIoL0tpQcqgR+JpMzW7LuN2bEXjCOd6m
PBOPicKTFzKDvYHcoupQw9oNux4XKvI/rdaavq2H2w6D/RoWYoog9CPO/4lLu2iS
e7FnKybspgPeJHsWCMJwYjQrocDUpdqNlSzcqZXBlAnlATba8ZRTTt3Jx7/qOR93
GWZ11Vfo0YpkpyAN7Ad19oAZLyiPW4JbGVaH2asN2lLtcmRevTVUZ8ymBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVMjHYN53rOLQNqOdw6QCuqs7H9MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSlV5TWRnM25lczR0QTJvNTNEcEFLNnF6c2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/AMMA0G
CSqGSIb3DQEBCwUAA4IBAQBf1UjnFCYwvxCWGYYrYBUwbbj3dpXvLuC5MnbIA2ig
7R1csFJ7/bwJiclM7KXgkShHtc1wwYrgqR0wqMiNTRJ1z+sK6YD4RfDqJgYaUpAm
cHHQN8+Jd5gRwZmNl5aSlz3NRWTjY5Y0xgmOnclpol6rwV769Ly5dK+olk5SxeQF
Yj5u3qCevnoMKuizYW30HkWqGFh/32M0jQNxQiyaKCbQo0r8FRoffVX4YbdT5eCD
AOilBAzWKNkGlslNdYLIbCaMdMYK10iajjiGgAl8lWfkf4YRRtsSr5hSHJ9fpXRr
ZSMEU2Z8PVFFZRKdHjmL4zQs8cijPHAtBmcAXEFAKFzP
-----END CERTIFICATE-----