Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U0xQT7yaOsZMmuicvbh6IflWdao.roa
File:                     U0xQT7yaOsZMmuicvbh6IflWdao.roa (raw, json)
Hash identifier:          xzqPO0h/ZAZQj4jDftZJz3fv4Hdb/A7hLrU103xnk6k=
Subject key identifier:   53:4C:50:4F:BC:9A:3A:C6:4C:9A:E8:9C:BD:B8:7A:21:F9:56:75:AA
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0195BCB0AC67086BA7B28764B0C3A64320A0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U0xQT7yaOsZMmuicvbh6IflWdao.roa
Signing time:             Sat 22 Mar 2025 07:10:49 +0000
ROA not before:           Sat 22 Mar 2025 07:10:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214436
IP address blocks:        151.242.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bc:b0:ac:67:08:6b:a7:b2:87:64:b0:c3:a6:43:20:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 22 07:10:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=534c504fbc9a3ac64c9ae89cbdb87a21f95675aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:57:4b:b4:6b:fa:07:91:53:b7:07:04:ee:6f:
                    e1:c0:38:b0:ff:6f:ab:7c:f6:de:8e:6b:5b:e4:bf:
                    ab:c9:77:ad:09:00:e9:14:ef:39:fd:6d:dd:e3:0b:
                    64:35:a3:52:bb:42:77:a9:2d:4e:e8:1e:f2:47:49:
                    f9:65:a3:88:34:c8:f5:f0:46:3c:08:bd:ee:9e:12:
                    68:5d:ad:e0:b5:cb:fd:07:a9:96:73:77:88:7d:ef:
                    44:35:d0:1c:db:67:ee:3c:ab:19:99:b7:ce:39:49:
                    21:d8:12:0a:b3:fd:d8:1f:d1:42:8f:3a:fd:7e:06:
                    75:a1:28:a1:00:af:31:11:ed:0c:80:3f:03:80:42:
                    20:3a:59:a4:3e:bc:ad:62:b2:b2:e2:45:30:fb:1c:
                    2e:f8:10:43:a6:0a:e7:80:44:5a:db:e9:d8:bd:00:
                    e4:cb:9f:f0:57:a7:db:31:93:b6:12:11:8a:80:7a:
                    45:28:6c:ac:de:dd:f6:50:26:65:fa:9c:7e:70:a5:
                    b5:da:7e:72:8e:33:fa:a4:cd:1a:d7:dc:07:1a:71:
                    ba:1b:13:49:e1:81:5a:d6:7b:50:7e:a7:32:a5:0d:
                    48:d6:5a:78:0a:7e:c6:48:2a:9d:ef:53:6a:25:e2:
                    12:7a:16:41:03:c1:4a:5d:71:3f:a4:7c:0a:ad:48:
                    47:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:4C:50:4F:BC:9A:3A:C6:4C:9A:E8:9C:BD:B8:7A:21:F9:56:75:AA
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U0xQT7yaOsZMmuicvbh6IflWdao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c0:30:27:b4:78:b2:9d:05:19:56:8d:7d:67:1a:e8:d7:8f:
         0c:56:93:2f:8b:1c:70:42:dd:af:1c:e5:c5:d5:a4:58:f4:36:
         cd:9d:c6:c7:8f:f6:6c:58:05:5d:f0:9b:54:c2:fb:b7:60:6b:
         e4:3e:77:02:8f:c0:e9:35:5d:3d:74:a7:b2:36:87:f4:ca:68:
         88:ae:5f:dc:70:80:8c:a6:c3:84:25:e3:9a:22:46:cc:cf:e8:
         78:f4:13:0d:f2:1c:bf:dd:7c:10:e5:92:08:d4:36:57:83:62:
         82:ff:66:d8:97:18:56:cb:18:d4:e1:b8:2b:46:1d:c9:e5:61:
         1a:bf:c5:04:2d:e7:7f:3b:32:32:63:34:30:e2:e9:77:fe:66:
         ea:76:ce:25:af:31:43:c3:af:1f:f9:1c:18:50:71:c1:33:1f:
         15:50:19:ba:aa:8a:64:01:e8:92:af:8b:a6:61:53:7a:63:60:
         b6:c2:20:5e:3a:35:73:33:42:00:c4:47:fa:34:ce:b8:84:8a:
         fb:8e:3f:54:77:8b:f1:88:b8:d4:b6:fe:15:e7:e5:f3:02:32:
         51:5b:d7:7b:2d:89:9e:ea:ff:9b:a1:06:91:be:e0:2e:d5:24:
         59:50:11:b4:a3:e6:d8:8b:bd:41:2b:52:ed:3f:17:8f:ce:c5:
         68:24:ec:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW8sKxnCGunsodksMOmQyCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMzIyMDcxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzRjNTA0ZmJjOWEzYWM2NGM5YWU4OWNiZGI4N2EyMWY5NTY3NWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1dLtGv6B5FTtwcE7m/hwDiw/2+r
fPbejmtb5L+ryXetCQDpFO85/W3d4wtkNaNSu0J3qS1O6B7yR0n5ZaOINMj18EY8
CL3unhJoXa3gtcv9B6mWc3eIfe9ENdAc22fuPKsZmbfOOUkh2BIKs/3YH9FCjzr9
fgZ1oSihAK8xEe0MgD8DgEIgOlmkPrytYrKy4kUw+xwu+BBDpgrngERa2+nYvQDk
y5/wV6fbMZO2EhGKgHpFKGys3t32UCZl+px+cKW12n5yjjP6pM0a19wHGnG6GxNJ
4YFa1ntQfqcypQ1I1lp4Cn7GSCqd71NqJeISehZBA8FKXXE/pHwKrUhHQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNMUE+8mjrGTJronL24eiH5VnWqMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVTB4UVQ3eWFPc1pNbXVpY3ZiaDZJZmxXZGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IeMA0G
CSqGSIb3DQEBCwUAA4IBAQA9wDAntHiynQUZVo19Zxro148MVpMvixxwQt2vHOXF
1aRY9DbNncbHj/ZsWAVd8JtUwvu3YGvkPncCj8DpNV09dKeyNof0ymiIrl/ccICM
psOEJeOaIkbMz+h49BMN8hy/3XwQ5ZII1DZXg2KC/2bYlxhWyxjU4bgrRh3J5WEa
v8UELed/OzIyYzQw4ul3/mbqds4lrzFDw68f+RwYUHHBMx8VUBm6qopkAeiSr4um
YVN6Y2C2wiBeOjVzM0IAxEf6NM64hIr7jj9Ud4vxiLjUtv4V5+XzAjJRW9d7LYme
6v+boQaRvuAu1SRZUBG0o+bYi71BK1LtPxePzsVoJOyr
-----END CERTIFICATE-----