Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dmCFJpZKa0CtmMe8RYN9owZeD6M.roa
File:                     dmCFJpZKa0CtmMe8RYN9owZeD6M.roa (raw, json)
Hash identifier:          rYkQ86J0dz2B+bk8VxBUEzc3Pvit9TXqx9oaCXuFl8Y=
Subject key identifier:   76:60:85:26:96:4A:6B:40:AD:98:C7:BC:45:83:7D:A3:06:5E:0F:A3
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194AD7BE961B28955A20F23BF9D12C135BB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dmCFJpZKa0CtmMe8RYN9owZeD6M.roa
Signing time:             Tue 28 Jan 2025 15:16:06 +0000
ROA not before:           Tue 28 Jan 2025 15:16:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199959
IP address blocks:        151.242.52.0/22 maxlen: 24
                          151.243.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 14:41:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ad:7b:e9:61:b2:89:55:a2:0f:23:bf:9d:12:c1:35:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 28 15:16:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76608526964a6b40ad98c7bc45837da3065e0fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:26:d7:92:a9:7e:d7:21:ce:38:d1:ac:87:d2:
                    99:b7:e5:86:39:da:c2:93:46:10:7e:48:26:59:8d:
                    80:45:a3:b9:0d:60:e0:7d:fe:90:f5:ad:e1:5a:f7:
                    0e:12:21:9d:9f:01:13:72:59:fd:79:6d:a1:79:31:
                    42:fe:44:aa:62:c2:40:87:fe:09:bc:28:08:b5:43:
                    cc:e8:04:89:74:24:42:7e:f1:ca:68:8c:5c:49:21:
                    33:5d:84:3f:56:5b:55:14:87:73:e1:4d:18:0a:94:
                    f5:cd:49:55:7b:c5:e8:34:29:ec:b9:24:b1:b1:79:
                    8a:28:2b:c9:e9:25:79:50:a2:01:43:98:5d:a5:32:
                    b7:3d:e9:02:bc:83:49:e0:b0:12:72:94:b6:da:73:
                    73:78:28:20:31:98:86:14:bd:b1:fd:a5:1c:a5:15:
                    60:c0:de:58:d0:8f:a3:9e:fb:a4:c7:3b:0f:95:df:
                    24:95:21:0b:10:f7:6b:3a:96:64:84:1e:ae:39:ad:
                    e4:d8:be:ef:3c:d4:5e:51:c9:88:c4:d5:9b:00:4d:
                    1e:c2:57:cc:a2:7d:61:46:ff:a2:16:84:84:18:fd:
                    86:90:fa:4e:f7:67:38:0b:2e:6b:30:16:68:e5:04:
                    79:9d:69:54:79:59:ec:11:ea:d9:e5:b7:2a:4b:8b:
                    e4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:60:85:26:96:4A:6B:40:AD:98:C7:BC:45:83:7D:A3:06:5E:0F:A3
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dmCFJpZKa0CtmMe8RYN9owZeD6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.52.0/22
                  151.243.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:f2:63:2b:8a:81:2a:59:12:08:a5:d7:96:f0:e0:a2:9e:c0:
         e7:9c:fa:89:46:55:7e:60:2b:9d:20:ef:3b:a1:fc:34:14:16:
         da:fa:70:79:8e:92:53:a1:48:0b:f8:c0:d2:9a:4e:e9:0b:bc:
         14:67:49:25:f0:d1:48:61:cd:ae:ed:79:b3:ce:f0:4c:e8:91:
         5b:cf:95:43:42:5f:69:65:9f:03:66:64:c1:9c:26:9f:c3:01:
         3e:40:58:b7:77:14:34:c4:51:1f:68:6e:e9:f2:41:86:3c:06:
         df:ca:3f:3d:a0:1f:07:e3:7c:5c:d2:1c:4d:93:39:ec:b0:0f:
         98:41:4a:c8:7f:b8:60:2a:cc:94:1a:5c:7d:b9:f6:22:77:d9:
         6a:c7:74:7a:4a:4a:ea:3e:07:d1:38:59:27:cf:71:c9:45:ef:
         0c:8a:16:e8:87:39:68:21:ea:56:c9:bc:92:f7:0c:f1:2c:09:
         cc:fb:4b:4c:02:31:84:b7:cf:c5:7d:90:96:15:06:3a:46:df:
         4c:06:63:73:83:51:a2:d9:8f:c4:a7:19:25:52:51:a5:1d:bb:
         95:65:af:5f:74:3c:66:2a:02:7b:ae:c2:7a:24:2a:23:a2:c9:
         12:29:0e:75:02:0b:d8:6c:a3:51:1e:0f:2b:0e:c4:02:cc:cb:
         64:d4:c8:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSte+lhsolVog8jv50SwTW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTI4MTUxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjYwODUyNjk2NGE2YjQwYWQ5OGM3YmM0NTgzN2RhMzA2NWUwZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCbXkql+1yHOONGsh9KZt+WGOdrC
k0YQfkgmWY2ARaO5DWDgff6Q9a3hWvcOEiGdnwETcln9eW2heTFC/kSqYsJAh/4J
vCgItUPM6ASJdCRCfvHKaIxcSSEzXYQ/VltVFIdz4U0YCpT1zUlVe8XoNCnsuSSx
sXmKKCvJ6SV5UKIBQ5hdpTK3PekCvINJ4LAScpS22nNzeCggMZiGFL2x/aUcpRVg
wN5Y0I+jnvukxzsPld8klSELEPdrOpZkhB6uOa3k2L7vPNReUcmIxNWbAE0ewlfM
on1hRv+iFoSEGP2GkPpO92c4Cy5rMBZo5QR5nWlUeVnsEerZ5bcqS4vkXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHZghSaWSmtArZjHvEWDfaMGXg+jMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZG1DRkpwWkthMEN0bU1lOFJZTjlvd1plRDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCl/I0AwQC
l/NkMA0GCSqGSIb3DQEBCwUAA4IBAQCO8mMrioEqWRIIpdeW8OCinsDnnPqJRlV+
YCudIO87ofw0FBba+nB5jpJToUgL+MDSmk7pC7wUZ0kl8NFIYc2u7XmzzvBM6JFb
z5VDQl9pZZ8DZmTBnCafwwE+QFi3dxQ0xFEfaG7p8kGGPAbfyj89oB8H43xc0hxN
kznssA+YQUrIf7hgKsyUGlx9ufYid9lqx3R6SkrqPgfROFknz3HJRe8Mihbohzlo
IepWybyS9wzxLAnM+0tMAjGEt8/FfZCWFQY6Rt9MBmNzg1Gi2Y/EpxklUlGlHbuV
Za9fdDxmKgJ7rsJ6JCojoskSKQ51AgvYbKNRHg8rDsQCzMtk1Mh/
-----END CERTIFICATE-----