Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/M752hboY4L4lesvbuBL9sQlYpJo.roa
File:                     M752hboY4L4lesvbuBL9sQlYpJo.roa (raw, json)
Hash identifier:          FedcytxR0UZES4dPuXHEufYOmKZXmTJr8OrmNAxwIcA=
Subject key identifier:   33:BE:76:85:BA:18:E0:BE:25:7A:CB:DB:B8:12:FD:B1:09:58:A4:9A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198E4DE870BC0BCD7C9F0E6EC0750114272
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/M752hboY4L4lesvbuBL9sQlYpJo.roa
Signing time:             Tue 26 Aug 2025 05:34:05 +0000
ROA not before:           Tue 26 Aug 2025 05:34:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213690
IP address blocks:        151.245.113.0/24 maxlen: 24
                          151.245.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Sep 2025 13:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e4:de:87:0b:c0:bc:d7:c9:f0:e6:ec:07:50:11:42:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 26 05:34:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33be7685ba18e0be257acbdbb812fdb10958a49a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:72:76:58:5e:a5:88:ee:73:5b:e2:1c:df:1c:
                    12:4f:d6:08:fb:4f:e7:66:88:ea:4e:e4:82:81:d4:
                    92:ad:d3:44:06:26:07:8e:e0:0c:c2:34:a3:e7:56:
                    71:5b:0a:2e:ec:82:f0:0d:09:38:c8:ae:d6:c1:7c:
                    8b:79:6d:14:e2:33:90:8d:13:b5:98:5d:ca:48:fb:
                    d3:d4:d2:d0:33:82:b6:ff:fd:1b:93:53:40:f3:b7:
                    31:39:54:3c:44:16:5e:53:15:84:a3:40:39:d2:15:
                    96:ce:41:56:c9:08:1e:bc:59:f0:fb:ba:10:0f:99:
                    d7:56:9b:9c:f9:92:52:4d:68:fb:d4:1b:63:99:de:
                    f4:b9:34:fc:01:31:81:ee:27:22:a4:84:35:c9:12:
                    ab:70:45:58:a8:f5:33:ee:34:a7:11:46:6c:59:b3:
                    c2:df:44:0c:0b:f1:a0:2c:2e:fa:9f:e4:c7:27:94:
                    7f:aa:fc:14:cc:33:4a:91:bf:e4:59:0f:58:fc:b4:
                    8c:19:5f:bb:51:0a:86:59:ec:72:81:06:41:ab:f6:
                    fc:ae:96:4c:1e:42:e8:8f:b8:dc:d4:c3:13:5c:34:
                    8a:21:4c:11:5a:43:ea:46:5e:fd:69:76:58:93:cb:
                    e8:5e:99:55:b7:5a:6f:96:14:81:78:d3:ca:3e:f2:
                    eb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:BE:76:85:BA:18:E0:BE:25:7A:CB:DB:B8:12:FD:B1:09:58:A4:9A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/M752hboY4L4lesvbuBL9sQlYpJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.113.0-151.245.114.255

    Signature Algorithm: sha256WithRSAEncryption
         33:73:ed:93:16:07:e3:6e:6f:d6:4b:b8:8c:15:f4:4c:cc:a0:
         28:24:a9:69:2e:29:b7:93:41:68:68:f6:49:25:f8:50:10:46:
         76:03:70:f1:0b:04:65:19:d3:4c:e0:00:d8:dc:0b:91:9e:ce:
         4c:83:31:cc:f7:ba:32:9a:14:23:d9:9c:87:52:23:86:ff:f6:
         18:70:32:0c:5d:50:3c:16:24:67:65:20:c9:7a:5f:68:f7:3c:
         ca:07:0a:05:84:39:3e:f7:e7:09:be:23:0d:b7:a9:5c:6a:8d:
         c4:c0:b2:41:3d:9e:dd:19:76:aa:80:79:34:13:b4:f1:25:33:
         4e:62:de:42:cb:c6:84:ba:58:fe:bc:78:6c:62:fd:65:e9:4a:
         3e:9b:3c:ef:f4:92:c4:41:7b:91:70:96:61:6e:b4:67:fb:c8:
         16:c9:ee:4c:71:df:ab:50:af:8d:24:a8:74:ec:b5:c6:9f:88:
         a1:0d:2b:6b:9f:71:e6:c6:99:43:73:78:b2:b6:f4:eb:25:1f:
         79:70:c8:8f:90:32:8f:3e:43:21:5d:6a:22:b2:39:3a:cc:7c:
         31:8c:25:3e:53:cb:ea:43:b0:23:74:85:1f:11:6e:d8:76:45:
         e0:5a:0c:0c:99:e2:3d:d8:cc:65:3e:fe:7a:50:cd:26:d0:a5:
         ba:d3:83:1a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjk3ocLwLzXyfDm7AdQEUJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODI2MDUzNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2JlNzY4NWJhMThlMGJlMjU3YWNiZGJiODEyZmRiMTA5NThhNDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXJ2WF6liO5zW+Ic3xwST9YI+0/n
ZojqTuSCgdSSrdNEBiYHjuAMwjSj51ZxWwou7ILwDQk4yK7WwXyLeW0U4jOQjRO1
mF3KSPvT1NLQM4K2//0bk1NA87cxOVQ8RBZeUxWEo0A50hWWzkFWyQgevFnw+7oQ
D5nXVpuc+ZJSTWj71Btjmd70uTT8ATGB7icipIQ1yRKrcEVYqPUz7jSnEUZsWbPC
30QMC/GgLC76n+THJ5R/qvwUzDNKkb/kWQ9Y/LSMGV+7UQqGWexygQZBq/b8rpZM
HkLoj7jc1MMTXDSKIUwRWkPqRl79aXZYk8voXplVt1pvlhSBeNPKPvLr3QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDO+doW6GOC+JXrL27gS/bEJWKSaMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTTc1Mmhib1k0TDRsZXN2YnVCTDlzUWxZcEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACX9XED
BACX9XIwDQYJKoZIhvcNAQELBQADggEBADNz7ZMWB+Nub9ZLuIwV9EzMoCgkqWku
KbeTQWho9kkl+FAQRnYDcPELBGUZ00zgANjcC5GezkyDMcz3ujKaFCPZnIdSI4b/
9hhwMgxdUDwWJGdlIMl6X2j3PMoHCgWEOT735wm+Iw23qVxqjcTAskE9nt0ZdqqA
eTQTtPElM05i3kLLxoS6WP68eGxi/WXpSj6bPO/0ksRBe5FwlmFutGf7yBbJ7kxx
36tQr40kqHTstcafiKENK2ufcebGmUNzeLK29OslH3lwyI+QMo8+QyFdaiKyOTrM
fDGMJT5Ty+pDsCN0hR8Rbth2ReBaDAyZ4j3YzGU+/npQzSbQpbrTgxo=
-----END CERTIFICATE-----