Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R9Jvxo-2hIcWOWv4oFyKthlymYs.roa
File:                     R9Jvxo-2hIcWOWv4oFyKthlymYs.roa (raw, json)
Hash identifier:          pzy8jKFXiXZ+qYISYvDhXgOXVU9ECXxwYECiAXGNWbI=
Subject key identifier:   47:D2:6F:C6:8F:B6:84:87:16:39:6B:F8:A0:5C:8A:B6:19:72:99:8B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01991D5271F068CBC708A0ACA23A78109F02
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R9Jvxo-2hIcWOWv4oFyKthlymYs.roa
Signing time:             Sat 06 Sep 2025 04:39:26 +0000
ROA not before:           Sat 06 Sep 2025 04:39:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205380
IP address blocks:        151.242.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 14:10:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1d:52:71:f0:68:cb:c7:08:a0:ac:a2:3a:78:10:9f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  6 04:39:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47d26fc68fb6848716396bf8a05c8ab61972998b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9c:5e:7a:cd:7d:90:1a:b9:58:2b:e0:03:07:
                    49:87:13:15:92:95:ea:20:01:12:91:15:8f:95:17:
                    1e:3c:55:1a:bb:01:5f:54:62:dd:06:bf:bb:ba:fa:
                    b2:0a:19:9d:c0:96:c0:79:9b:99:5b:8d:7d:10:8d:
                    40:9b:04:eb:be:7e:48:a8:c7:0a:31:ef:4d:29:4a:
                    b3:82:0e:98:f8:d4:09:34:6f:c9:41:51:a5:42:3e:
                    99:ec:a1:7c:90:8a:0a:c2:28:a0:50:a9:d2:26:0b:
                    6f:8a:51:c4:dc:77:26:23:47:cc:ff:65:a0:0d:3f:
                    d6:72:28:de:08:66:3f:27:74:73:4e:52:c1:4a:11:
                    13:64:84:25:d4:35:07:6d:1f:05:c5:5c:b8:e5:fb:
                    9e:cd:80:73:65:08:e0:e2:8e:8f:5d:02:9c:5f:72:
                    2b:69:23:cf:f2:07:82:5b:d4:87:f5:8b:6d:82:b9:
                    2c:5c:08:73:c6:c8:f2:29:ef:7d:b0:f5:fb:5e:e2:
                    c0:00:1c:91:0a:8e:72:53:f5:cf:c1:11:5e:38:5b:
                    e6:89:7c:b3:d3:bc:a6:37:1d:fe:7e:81:06:db:f8:
                    05:65:f8:79:42:78:1a:49:f7:6e:58:0d:a6:15:60:
                    28:56:46:8e:41:5d:e1:26:05:c7:39:24:0c:17:2f:
                    31:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D2:6F:C6:8F:B6:84:87:16:39:6B:F8:A0:5C:8A:B6:19:72:99:8B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R9Jvxo-2hIcWOWv4oFyKthlymYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:30:13:2a:34:f9:66:ec:92:9b:e9:f1:63:c1:52:8c:29:a2:
         0d:a5:32:79:16:82:63:e8:1b:24:05:c8:91:c1:84:95:3d:50:
         e1:ba:aa:2c:4c:78:38:47:97:f0:03:af:3b:55:ae:ff:98:3f:
         83:76:98:7a:e1:e9:0e:41:38:d1:79:ce:71:e3:f1:04:8c:8c:
         15:7f:ea:30:30:c3:ee:5b:9a:0d:ea:21:fb:ad:10:dd:32:30:
         d0:0f:4f:66:97:31:a5:a2:ba:36:ed:c4:a4:81:49:5f:aa:29:
         aa:68:60:e5:a3:87:5a:3e:e0:87:e3:a0:2d:23:b1:d2:8d:5c:
         5f:e2:03:d3:44:30:3a:21:e2:38:8e:cd:c2:c1:95:44:0e:81:
         f3:35:1b:31:b8:71:30:b3:11:7d:72:d3:c9:3e:f4:df:25:0b:
         29:d1:83:75:be:75:8d:b9:93:89:ed:e9:65:1a:89:4c:b1:ad:
         76:68:b6:68:ed:d4:56:14:91:86:ec:4a:ce:f3:53:32:9f:ed:
         82:eb:a9:96:d0:43:ac:84:97:19:11:6f:4f:67:7b:7d:7e:af:
         97:28:9e:1d:82:e5:9d:cc:0b:60:8e:79:8e:1e:74:76:a8:40:
         5b:ea:06:d7:18:3e:25:75:91:f3:5d:1f:da:0b:81:ee:c6:d0:
         14:09:4c:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkdUnHwaMvHCKCsojp4EJ8CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTA2MDQzOTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2QyNmZjNjhmYjY4NDg3MTYzOTZiZjhhMDVjOGFiNjE5NzI5OThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpxees19kBq5WCvgAwdJhxMVkpXq
IAESkRWPlRcePFUauwFfVGLdBr+7uvqyChmdwJbAeZuZW419EI1AmwTrvn5IqMcK
Me9NKUqzgg6Y+NQJNG/JQVGlQj6Z7KF8kIoKwiigUKnSJgtvilHE3HcmI0fM/2Wg
DT/WcijeCGY/J3RzTlLBShETZIQl1DUHbR8FxVy45fuezYBzZQjg4o6PXQKcX3Ir
aSPP8geCW9SH9YttgrksXAhzxsjyKe99sPX7XuLAAByRCo5yU/XPwRFeOFvmiXyz
07ymNx3+foEG2/gFZfh5QngaSfduWA2mFWAoVkaOQV3hJgXHOSQMFy8xVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfSb8aPtoSHFjlr+KBcirYZcpmLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUjlKdnhvLTJoSWNXT1d2NG9GeUt0aGx5bVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/LOMA0G
CSqGSIb3DQEBCwUAA4IBAQB3MBMqNPlm7JKb6fFjwVKMKaINpTJ5FoJj6BskBciR
wYSVPVDhuqosTHg4R5fwA687Va7/mD+Ddph64ekOQTjRec5x4/EEjIwVf+owMMPu
W5oN6iH7rRDdMjDQD09mlzGloro27cSkgUlfqimqaGDlo4daPuCH46AtI7HSjVxf
4gPTRDA6IeI4js3CwZVEDoHzNRsxuHEwsxF9ctPJPvTfJQsp0YN1vnWNuZOJ7ell
GolMsa12aLZo7dRWFJGG7ErO81Myn+2C66mW0EOshJcZEW9PZ3t9fq+XKJ4dguWd
zAtgjnmOHnR2qEBb6gbXGD4ldZHzXR/aC4HuxtAUCUwE
-----END CERTIFICATE-----