Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QfBJ2T1jIC7MBpIJ6BI7-jMFrqk.roa
File:                     QfBJ2T1jIC7MBpIJ6BI7-jMFrqk.roa (raw, json)
Hash identifier:          16knTFc2FDvp8rzc4hW0/IrUhq6bbsjkUziyYa5qJ2E=
Subject key identifier:   41:F0:49:D9:3D:63:20:2E:CC:06:92:09:E8:12:3B:FA:33:05:AE:A9
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019604E61706281EC0F6C3FD606DFA830344
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QfBJ2T1jIC7MBpIJ6BI7-jMFrqk.roa
Signing time:             Sat 05 Apr 2025 07:41:49 +0000
ROA not before:           Sat 05 Apr 2025 07:41:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        151.242.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:14:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:04:e6:17:06:28:1e:c0:f6:c3:fd:60:6d:fa:83:03:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr  5 07:41:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41f049d93d63202ecc069209e8123bfa3305aea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9b:f5:ea:d5:1f:6f:57:ef:ff:4e:fa:d0:0f:
                    6c:50:53:e9:f7:a5:36:93:4f:e2:e0:b8:42:90:ff:
                    7c:86:83:8c:1d:e9:6b:98:d5:00:5c:00:e4:41:43:
                    2b:75:cb:49:34:ce:ff:d0:8e:e5:b8:c4:07:a2:dc:
                    c1:8c:b7:77:75:70:ec:e8:9d:88:65:41:0a:eb:77:
                    d8:a6:a6:da:7e:86:a5:58:df:58:00:53:26:44:09:
                    db:bd:ec:26:ef:28:8a:54:98:38:ec:b8:4d:a7:f1:
                    d5:bc:a6:e4:0e:5a:18:f7:5d:7e:5c:d0:35:35:16:
                    30:af:e5:75:60:e2:5a:f6:db:96:18:bf:0e:b7:b5:
                    77:31:46:f6:c7:dc:f9:bd:53:0c:7c:c9:1f:03:75:
                    d4:d9:6c:b9:ba:19:bf:b9:19:1e:5c:12:22:f8:ab:
                    67:56:c0:f4:08:3f:bf:c0:93:aa:16:f7:2f:35:09:
                    aa:7d:ea:1c:ce:e5:59:bd:c3:b4:5d:e9:ab:e0:4d:
                    28:e2:5c:01:7a:b8:be:55:49:22:61:b8:f9:af:31:
                    58:4b:ef:25:49:e0:a2:ed:b4:98:74:5e:bf:d8:91:
                    a4:34:d9:2f:20:68:d9:b6:d9:be:d5:dc:b0:dc:ff:
                    d0:e8:13:d8:43:9f:e6:65:5e:02:36:f4:4b:4f:d5:
                    c1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F0:49:D9:3D:63:20:2E:CC:06:92:09:E8:12:3B:FA:33:05:AE:A9
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QfBJ2T1jIC7MBpIJ6BI7-jMFrqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:9e:d2:14:27:0a:e2:99:06:6f:49:a4:00:de:67:bd:93:98:
         ee:ac:3a:48:21:1b:80:14:ae:39:ae:60:68:26:8a:9a:5e:55:
         8c:fc:4e:f9:ee:2d:78:78:62:b5:67:c0:41:99:15:4a:7d:26:
         fd:9c:ee:da:29:2a:9e:56:b4:9c:4e:6c:0d:e6:95:b5:e3:c2:
         c1:e2:b5:3e:0e:c6:36:f3:45:c2:e0:70:bf:8c:b9:a7:b0:98:
         a1:e6:98:5f:0e:3b:44:42:8a:26:93:20:9d:a1:f5:54:56:dc:
         56:b9:31:74:2c:4a:65:6c:df:2e:03:91:d7:d3:80:f7:7f:f6:
         c0:e7:ec:d4:f2:b6:71:c5:0a:8f:d3:63:8c:47:b1:89:80:65:
         f8:fe:71:f3:56:1d:43:a3:20:0c:3a:21:23:66:17:24:fc:07:
         ed:81:69:41:09:80:6f:05:f0:81:86:c8:53:42:7d:2c:3c:c2:
         90:81:83:16:97:b4:0c:b3:03:cd:f9:13:ec:a5:e9:db:30:8f:
         ef:c9:b0:f0:7a:3f:40:27:93:79:a5:47:e0:87:5a:53:fa:98:
         e0:ea:d0:a0:fb:93:cc:33:4a:02:d8:af:4c:eb:17:22:17:cb:
         e6:f0:16:96:bf:85:9c:5d:66:9f:b2:ff:50:bc:ab:29:1f:12:
         86:b7:f0:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYE5hcGKB7A9sP9YG36gwNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDA1MDc0MTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWYwNDlkOTNkNjMyMDJlY2MwNjkyMDllODEyM2JmYTMzMDVhZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpv16tUfb1fv/0760A9sUFPp96U2
k0/i4LhCkP98hoOMHelrmNUAXADkQUMrdctJNM7/0I7luMQHotzBjLd3dXDs6J2I
ZUEK63fYpqbafoalWN9YAFMmRAnbvewm7yiKVJg47LhNp/HVvKbkDloY911+XNA1
NRYwr+V1YOJa9tuWGL8Ot7V3MUb2x9z5vVMMfMkfA3XU2Wy5uhm/uRkeXBIi+Ktn
VsD0CD+/wJOqFvcvNQmqfeoczuVZvcO0Xemr4E0o4lwBeri+VUkiYbj5rzFYS+8l
SeCi7bSYdF6/2JGkNNkvIGjZttm+1dyw3P/Q6BPYQ5/mZV4CNvRLT9XBMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHwSdk9YyAuzAaSCegSO/ozBa6pMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUWZCSjJUMWpJQzdNQnBJSjZCSTctak1GcnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IQMA0G
CSqGSIb3DQEBCwUAA4IBAQBEntIUJwrimQZvSaQA3me9k5jurDpIIRuAFK45rmBo
JoqaXlWM/E757i14eGK1Z8BBmRVKfSb9nO7aKSqeVrScTmwN5pW148LB4rU+DsY2
80XC4HC/jLmnsJih5phfDjtEQoomkyCdofVUVtxWuTF0LEplbN8uA5HX04D3f/bA
5+zU8rZxxQqP02OMR7GJgGX4/nHzVh1DoyAMOiEjZhck/AftgWlBCYBvBfCBhshT
Qn0sPMKQgYMWl7QMswPN+RPspenbMI/vybDwej9AJ5N5pUfgh1pT+pjg6tCg+5PM
M0oC2K9M6xciF8vm8BaWv4WcXWafsv9QvKspHxKGt/A3
-----END CERTIFICATE-----