Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QZ7kFhp2ie7G7ISBnEHYUIb1lGc.roa
File:                     QZ7kFhp2ie7G7ISBnEHYUIb1lGc.roa (raw, json)
Hash identifier:          rujbpQ41GIekH8GiYaRDVV35gElg9eY7D43gpwZOelA=
Subject key identifier:   41:9E:E4:16:1A:76:89:EE:C6:EC:84:81:9C:41:D8:50:86:F5:94:67
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196DCECD8D894A05E6ED9BAA22F2AFA06C3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QZ7kFhp2ie7G7ISBnEHYUIb1lGc.roa
Signing time:             Sat 17 May 2025 06:27:11 +0000
ROA not before:           Sat 17 May 2025 06:27:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208437
IP address blocks:        151.242.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 19:08:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:dc:ec:d8:d8:94:a0:5e:6e:d9:ba:a2:2f:2a:fa:06:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 17 06:27:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=419ee4161a7689eec6ec84819c41d85086f59467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ba:d8:5f:3d:ab:16:8e:bb:67:47:a6:e5:9e:
                    29:a6:bb:b5:4f:b7:08:04:46:10:32:96:82:65:51:
                    72:e2:73:5b:37:b4:cb:c7:cb:38:7f:53:99:58:ad:
                    7f:9b:3c:f6:1e:51:87:5c:ea:1b:06:14:32:19:ec:
                    c6:1f:a6:3b:f8:6a:e9:5d:06:f9:f3:99:21:51:1f:
                    e8:73:c1:37:ba:bb:8e:a7:34:25:90:25:72:e0:1e:
                    46:cf:98:b8:1f:81:92:d6:e2:d9:b2:9d:24:4a:b4:
                    65:ea:e5:d8:11:66:b5:ee:01:35:d4:37:2c:2b:79:
                    bc:2d:fb:27:ca:10:e4:5c:1f:f6:d5:f2:87:a6:40:
                    b2:3a:5e:c9:74:59:fb:90:ac:43:09:a2:1a:9a:98:
                    54:58:79:70:35:12:14:2d:f4:36:ef:0f:73:95:65:
                    43:ad:e6:b0:1f:e0:85:8b:ae:2b:49:e1:85:87:f6:
                    20:7c:f9:4a:1f:9f:c5:ba:92:eb:5a:9a:64:a4:0a:
                    8a:03:39:d1:cb:ad:4f:3e:92:dc:a1:89:ed:45:d1:
                    7d:72:6c:69:2b:51:b3:14:5e:85:0c:9f:4c:6d:96:
                    18:55:eb:33:10:d8:b1:e4:bf:fd:79:7c:d0:3b:53:
                    ea:99:77:1f:44:72:07:5d:20:cb:df:ef:e2:4f:07:
                    55:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:9E:E4:16:1A:76:89:EE:C6:EC:84:81:9C:41:D8:50:86:F5:94:67
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QZ7kFhp2ie7G7ISBnEHYUIb1lGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:af:63:46:7c:7c:67:ea:8f:d3:93:1d:19:1b:be:46:36:26:
         b6:e6:59:1b:38:cb:79:8c:21:8b:b2:ee:4e:37:19:ab:25:fa:
         36:95:ed:93:86:bf:3e:23:29:53:6d:24:d2:ad:41:0f:0e:82:
         df:29:38:6b:cf:ac:de:0f:0b:25:75:d4:ad:1f:01:30:4c:84:
         fc:a1:66:1c:b0:3a:71:74:2b:d0:47:da:5d:6e:c6:1a:f4:93:
         e6:d1:ac:f6:77:c8:e5:fe:52:f5:03:16:08:3b:a3:c3:3b:51:
         98:9e:cd:d1:82:45:f2:99:64:fe:91:39:ce:c4:72:4d:f9:d8:
         6d:95:83:16:81:b0:a6:25:41:52:86:50:69:6a:b4:8c:13:d6:
         f7:e5:f2:ac:88:57:2d:e6:0c:bf:0f:87:f4:bf:c3:fb:ff:9a:
         45:a3:37:3a:7e:ca:32:2b:a6:46:85:10:70:6d:13:bc:d7:83:
         14:56:5f:d3:ce:d9:32:1b:e3:39:a4:92:d4:b4:1b:82:f1:2e:
         b5:84:66:22:33:1f:0b:f8:e7:d9:3d:62:99:dd:1f:9d:ca:56:
         7a:46:7d:68:d8:fa:95:1f:6b:e4:6d:c3:1f:39:c1:7f:a9:24:
         98:d1:c0:37:c8:a8:c9:c2:7e:67:c9:35:0f:e0:1d:27:2c:b8:
         47:ae:ff:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbc7NjYlKBebtm6oi8q+gbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE3MDYyNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTllZTQxNjFhNzY4OWVlYzZlYzg0ODE5YzQxZDg1MDg2ZjU5NDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7rYXz2rFo67Z0em5Z4ppru1T7cI
BEYQMpaCZVFy4nNbN7TLx8s4f1OZWK1/mzz2HlGHXOobBhQyGezGH6Y7+GrpXQb5
85khUR/oc8E3uruOpzQlkCVy4B5Gz5i4H4GS1uLZsp0kSrRl6uXYEWa17gE11Dcs
K3m8LfsnyhDkXB/21fKHpkCyOl7JdFn7kKxDCaIamphUWHlwNRIULfQ27w9zlWVD
reawH+CFi64rSeGFh/YgfPlKH5/FupLrWppkpAqKAznRy61PPpLcoYntRdF9cmxp
K1GzFF6FDJ9MbZYYVeszENix5L/9eXzQO1PqmXcfRHIHXSDL3+/iTwdVAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGe5BYadonuxuyEgZxB2FCG9ZRnMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUVo3a0ZocDJpZTdHN0lTQm5FSFlVSWIxbEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IAMA0G
CSqGSIb3DQEBCwUAA4IBAQAXr2NGfHxn6o/Tkx0ZG75GNia25lkbOMt5jCGLsu5O
NxmrJfo2le2Thr8+IylTbSTSrUEPDoLfKThrz6zeDwslddStHwEwTIT8oWYcsDpx
dCvQR9pdbsYa9JPm0az2d8jl/lL1AxYIO6PDO1GYns3RgkXymWT+kTnOxHJN+dht
lYMWgbCmJUFShlBparSME9b35fKsiFct5gy/D4f0v8P7/5pFozc6fsoyK6ZGhRBw
bRO814MUVl/TztkyG+M5pJLUtBuC8S61hGYiMx8L+OfZPWKZ3R+dylZ6Rn1o2PqV
H2vkbcMfOcF/qSSY0cA3yKjJwn5nyTUP4B0nLLhHrv/8
-----END CERTIFICATE-----