Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dEzZF1m3eVNhP2CeghTJgU-ALm8.roa
File:                     dEzZF1m3eVNhP2CeghTJgU-ALm8.roa (raw, json)
Hash identifier:          CjLqERoPTYAi1QEjY8Zl/Flahg/clfIJ4CZ+P03ZoSo=
Subject key identifier:   74:4C:D9:17:59:B7:79:53:61:3F:60:9E:82:14:C9:81:4F:80:2E:6F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196EC2380B9ECC3596E13A821FA9357D03D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dEzZF1m3eVNhP2CeghTJgU-ALm8.roa
Signing time:             Tue 20 May 2025 05:21:11 +0000
ROA not before:           Tue 20 May 2025 05:21:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213690
IP address blocks:        151.244.113.0/24 maxlen: 24
                          151.245.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 11:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ec:23:80:b9:ec:c3:59:6e:13:a8:21:fa:93:57:d0:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 20 05:21:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=744cd91759b77953613f609e8214c9814f802e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9c:9d:9f:41:ec:1e:57:c8:c4:7a:4b:e9:db:
                    38:db:dc:02:4e:54:3c:8d:99:36:79:6a:42:1b:50:
                    c7:2c:26:1c:e0:b0:30:cb:fd:d4:72:d1:82:5a:e6:
                    a6:13:6d:1e:dd:44:db:85:55:8b:ac:34:8e:20:61:
                    86:d4:60:78:bb:21:89:c6:b5:ef:65:9a:b8:04:09:
                    06:1f:6c:a6:3e:6f:72:b6:cd:8f:ed:d5:20:d0:37:
                    47:41:ea:a8:04:a0:bb:a9:f6:1e:22:51:e9:08:ad:
                    95:67:9f:16:ba:42:3e:2d:f7:71:0f:c0:3c:06:c4:
                    50:ef:52:b1:49:31:d2:5c:2a:3f:f8:4a:21:85:8b:
                    75:43:5f:3d:db:6b:cb:51:ab:6a:bb:4e:bc:ed:4c:
                    bb:be:c1:10:a9:3f:48:10:92:b4:91:cc:31:ac:b5:
                    11:84:9d:8f:0a:a2:61:a9:73:b5:bb:37:45:83:1a:
                    af:ce:36:b3:bf:14:7f:00:b1:5b:62:5e:c3:07:2b:
                    93:01:f6:8a:dd:9b:c4:f7:cd:83:ee:2f:91:7e:24:
                    3c:aa:73:d0:e8:9b:ae:8f:81:0f:12:36:05:af:59:
                    54:74:82:87:f4:6b:a6:1d:4e:3a:35:7a:81:7e:f6:
                    f5:7d:08:5a:b1:1c:3f:b4:7d:9d:8e:fb:2b:39:31:
                    2e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:4C:D9:17:59:B7:79:53:61:3F:60:9E:82:14:C9:81:4F:80:2E:6F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dEzZF1m3eVNhP2CeghTJgU-ALm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.113.0/24
                  151.245.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:2f:da:c3:d0:d9:aa:93:39:c3:e7:67:60:06:39:36:b6:df:
         7b:65:b0:60:04:cb:ef:b1:46:f6:4b:1c:a5:f2:73:e7:34:c7:
         4c:80:d7:2c:25:e6:79:0e:2f:cf:ba:5a:14:fa:d9:df:48:28:
         6c:82:ad:61:fa:6b:15:31:db:79:fc:6e:a2:1d:c3:52:d9:64:
         3a:46:1e:3f:3b:fc:10:c4:42:a8:86:3a:01:d1:ab:66:d6:05:
         66:d4:21:9c:f3:38:33:6a:05:f6:ae:9d:5e:6e:0a:40:66:c2:
         20:0c:04:30:2b:4d:13:99:7a:80:69:85:76:fd:3e:31:e4:13:
         2b:d9:47:c3:0b:a4:32:4a:bf:40:e1:e8:c3:1f:4b:f7:e9:e4:
         e4:38:66:d5:a0:00:df:3f:78:aa:b5:3b:45:d5:56:3d:90:16:
         ad:1a:65:f9:33:d9:c5:4e:b1:9f:9c:15:42:2a:e9:65:e7:c5:
         69:c6:c5:21:62:b2:d3:eb:29:2f:5e:e1:d6:2d:95:e0:90:33:
         e4:1d:ea:1e:8d:01:26:a7:5f:29:21:45:13:92:9f:08:6e:18:
         66:5b:4f:a4:da:84:bd:b7:74:52:5e:7a:35:cd:76:38:57:c8:
         f6:cf:41:14:32:9e:07:f8:30:1f:f1:3e:49:e3:e4:1f:46:f7:
         f2:de:ab:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbsI4C57MNZbhOoIfqTV9A9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIwMDUyMTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDRjZDkxNzU5Yjc3OTUzNjEzZjYwOWU4MjE0Yzk4MTRmODAyZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpydn0HsHlfIxHpL6ds429wCTlQ8
jZk2eWpCG1DHLCYc4LAwy/3UctGCWuamE20e3UTbhVWLrDSOIGGG1GB4uyGJxrXv
ZZq4BAkGH2ymPm9yts2P7dUg0DdHQeqoBKC7qfYeIlHpCK2VZ58WukI+LfdxD8A8
BsRQ71KxSTHSXCo/+EohhYt1Q18922vLUatqu0687Uy7vsEQqT9IEJK0kcwxrLUR
hJ2PCqJhqXO1uzdFgxqvzjazvxR/ALFbYl7DByuTAfaK3ZvE982D7i+RfiQ8qnPQ
6Juuj4EPEjYFr1lUdIKH9GumHU46NXqBfvb1fQhasRw/tH2djvsrOTEubwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHRM2RdZt3lTYT9gnoIUyYFPgC5vMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZEV6WkYxbTNlVk5oUDJDZWdoVEpnVS1BTG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/RxAwQA
l/VyMA0GCSqGSIb3DQEBCwUAA4IBAQClL9rD0NmqkznD52dgBjk2tt97ZbBgBMvv
sUb2Sxyl8nPnNMdMgNcsJeZ5Di/PuloU+tnfSChsgq1h+msVMdt5/G6iHcNS2WQ6
Rh4/O/wQxEKohjoB0atm1gVm1CGc8zgzagX2rp1ebgpAZsIgDAQwK00TmXqAaYV2
/T4x5BMr2UfDC6QySr9A4ejDH0v36eTkOGbVoADfP3iqtTtF1VY9kBatGmX5M9nF
TrGfnBVCKull58VpxsUhYrLT6ykvXuHWLZXgkDPkHeoejQEmp18pIUUTkp8Ibhhm
W0+k2oS9t3RSXno1zXY4V8j2z0EUMp4H+DAf8T5J4+QfRvfy3qtJ
-----END CERTIFICATE-----