Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MAQb6yasKXlPB-EB0k3V1F8JM3A.roa
File:                     MAQb6yasKXlPB-EB0k3V1F8JM3A.roa (raw, json)
Hash identifier:          FFGEmHFV7nt+FYScS2gNG/iqvaavRFhOmiaCLoioH78=
Subject key identifier:   30:04:1B:EB:26:AC:29:79:4F:07:E1:01:D2:4D:D5:D4:5F:09:33:70
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196EC6392C3301A475FBFAF66DA2ED0D761
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MAQb6yasKXlPB-EB0k3V1F8JM3A.roa
Signing time:             Tue 20 May 2025 06:31:10 +0000
ROA not before:           Tue 20 May 2025 06:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3269
IP address blocks:        151.243.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ec:63:92:c3:30:1a:47:5f:bf:af:66:da:2e:d0:d7:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 20 06:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30041beb26ac29794f07e101d24dd5d45f093370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:47:ff:f8:8e:f6:c0:c0:59:f4:51:8d:f3:7c:
                    11:ec:98:ba:20:38:49:98:48:9b:30:46:ac:ee:bd:
                    53:d8:d1:6c:d5:da:dd:66:82:5b:13:fd:b6:21:72:
                    95:40:c8:c6:e6:6a:d4:a1:6c:cf:41:b9:bb:2a:7b:
                    08:17:c1:59:42:f3:4c:b0:df:19:e6:62:79:a9:bc:
                    ac:d6:e5:6c:88:5d:4f:7b:08:db:a6:6c:c9:cb:a3:
                    00:b8:16:4d:31:26:ba:c4:68:69:eb:e0:30:1d:d7:
                    7a:29:95:b9:7b:16:50:b5:df:21:98:41:b2:f6:d1:
                    3e:a8:b8:10:69:78:0a:25:80:6e:30:5a:fd:a5:06:
                    ff:79:bf:fb:13:b2:67:a7:50:93:d5:e3:e5:8e:a6:
                    eb:f2:bc:36:7b:88:34:dc:07:37:f3:45:3a:e4:26:
                    85:b0:98:ed:e7:9d:dd:11:2f:16:8c:81:71:4f:45:
                    ca:72:10:30:a9:61:bf:06:36:9c:9e:57:a8:8c:81:
                    ee:ef:48:5d:17:22:01:45:68:59:5f:8c:17:11:b5:
                    9a:39:b8:74:34:a6:c7:99:51:be:15:fe:ae:d7:e7:
                    57:92:bb:d5:41:53:73:d1:d6:b6:16:10:d6:a3:54:
                    b2:bc:e8:21:15:6d:68:81:63:4d:d7:b5:7d:a6:49:
                    94:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:04:1B:EB:26:AC:29:79:4F:07:E1:01:D2:4D:D5:D4:5F:09:33:70
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MAQb6yasKXlPB-EB0k3V1F8JM3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:fc:d3:8f:00:c0:61:65:d5:3f:49:34:a4:35:05:fb:d9:ea:
         19:fa:3b:12:87:47:7e:4f:22:20:e6:af:76:63:16:f6:d4:05:
         9c:13:52:7a:7c:d3:65:ab:cd:57:56:80:6e:16:70:23:1b:a0:
         a5:7d:de:c8:97:bb:26:59:5c:0d:e0:6b:04:44:42:05:90:a8:
         72:9d:76:1d:bb:ba:b4:e1:2e:8b:e9:c9:f3:3a:de:ca:21:30:
         c4:24:b4:f2:a7:8c:22:a3:d3:ad:ae:da:ab:b0:24:80:1d:26:
         25:f3:6a:2f:e8:50:b4:04:cb:d5:b0:28:01:5a:8a:6e:a2:e3:
         b1:c3:a2:c7:74:94:53:96:89:7e:fc:1e:95:9e:6e:b9:83:f3:
         7f:5a:08:dd:0a:ba:38:0b:bb:a6:d9:2a:1c:72:5e:4b:d4:00:
         be:38:54:32:26:b4:a7:0d:7a:2d:39:61:57:ee:82:6d:d4:01:
         06:9a:00:aa:86:b7:04:ff:ae:00:09:eb:78:74:5e:ef:e0:fc:
         36:9a:05:8f:a4:fb:9c:d1:13:4e:c3:ae:98:89:7f:ce:c0:34:
         e4:4c:ab:5d:4d:c6:8c:b2:f4:c9:5a:2d:fc:8f:3a:6f:22:5e:
         d9:ff:2b:90:98:11:14:1c:71:92:e8:e9:93:e4:38:f5:0d:96:
         e6:f0:50:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbsY5LDMBpHX7+vZtou0NdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIwMDYzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDA0MWJlYjI2YWMyOTc5NGYwN2UxMDFkMjRkZDVkNDVmMDkzMzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkf/+I72wMBZ9FGN83wR7Ji6IDhJ
mEibMEas7r1T2NFs1drdZoJbE/22IXKVQMjG5mrUoWzPQbm7KnsIF8FZQvNMsN8Z
5mJ5qbys1uVsiF1PewjbpmzJy6MAuBZNMSa6xGhp6+AwHdd6KZW5exZQtd8hmEGy
9tE+qLgQaXgKJYBuMFr9pQb/eb/7E7Jnp1CT1ePljqbr8rw2e4g03Ac380U65CaF
sJjt553dES8WjIFxT0XKchAwqWG/BjacnleojIHu70hdFyIBRWhZX4wXEbWaObh0
NKbHmVG+Ff6u1+dXkrvVQVNz0da2FhDWo1SyvOghFW1ogWNN17V9pkmU/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAEG+smrCl5TwfhAdJN1dRfCTNwMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTUFRYjZ5YXNLWGxQQi1FQjBrM1YxRjhKTTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MXMA0G
CSqGSIb3DQEBCwUAA4IBAQCA/NOPAMBhZdU/STSkNQX72eoZ+jsSh0d+TyIg5q92
Yxb21AWcE1J6fNNlq81XVoBuFnAjG6Clfd7Il7smWVwN4GsEREIFkKhynXYdu7q0
4S6L6cnzOt7KITDEJLTyp4wio9OtrtqrsCSAHSYl82ov6FC0BMvVsCgBWopuouOx
w6LHdJRTlol+/B6Vnm65g/N/WgjdCro4C7um2Soccl5L1AC+OFQyJrSnDXotOWFX
7oJt1AEGmgCqhrcE/64ACet4dF7v4Pw2mgWPpPuc0RNOw66YiX/OwDTkTKtdTcaM
svTJWi38jzpvIl7Z/yuQmBEUHHGS6OmT5Dj1DZbm8FA2
-----END CERTIFICATE-----