Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fA5_mYO_KDmuIyBJqFgCR-2D8nY.roa
File:                     fA5_mYO_KDmuIyBJqFgCR-2D8nY.roa (raw, json)
Hash identifier:          2Ulck4hxkRXuiJ66b55s6hyDDmYVfE6Ivx1QxIJlNdI=
Subject key identifier:   7C:0E:7F:99:83:BF:28:39:AE:23:20:49:A8:58:02:47:ED:83:F2:76
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0195DB95EA83F80D0FBA2F479E3B03E30145
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fA5_mYO_KDmuIyBJqFgCR-2D8nY.roa
Signing time:             Fri 28 Mar 2025 07:09:49 +0000
ROA not before:           Fri 28 Mar 2025 07:09:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199959
IP address blocks:        151.242.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:db:95:ea:83:f8:0d:0f:ba:2f:47:9e:3b:03:e3:01:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 28 07:09:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c0e7f9983bf2839ae232049a8580247ed83f276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7b:7d:b4:a5:54:58:5e:e4:dc:4a:98:30:48:
                    9c:6a:4d:ab:f4:5a:72:00:e6:5f:41:ba:81:40:1a:
                    cf:d5:3d:e7:5c:2c:15:71:f2:4d:6e:38:a1:9e:d9:
                    55:f1:96:bc:ed:61:cf:94:89:0e:13:f0:e0:d2:73:
                    9f:e9:34:57:81:56:4a:59:9d:1f:0a:b7:8b:a7:9b:
                    fc:9b:47:1b:cb:aa:25:90:5f:31:a5:0d:52:d5:ac:
                    d7:98:83:e8:99:5b:c2:5a:56:5b:39:cf:af:3b:16:
                    16:15:a3:18:9b:2b:9f:56:2d:89:5e:bc:d8:dc:b6:
                    c3:b6:71:fc:04:6b:86:43:99:23:10:bf:01:80:da:
                    33:31:ad:6f:c9:07:28:e1:b2:f2:67:12:b3:12:ec:
                    45:b5:a2:cf:82:88:7e:a6:d8:d5:c8:05:aa:4a:ba:
                    ed:91:c9:ff:ec:53:6d:be:fb:25:ff:a3:f1:c2:a3:
                    98:c6:7f:fc:23:74:80:2c:f9:69:a8:fc:0f:f2:21:
                    af:ca:aa:01:98:dd:f6:d7:c8:2f:36:2e:eb:30:0b:
                    d0:f0:a0:35:f4:b3:0f:7a:0d:31:2c:49:64:e5:71:
                    1c:a6:cc:d1:c1:ca:d5:34:d7:aa:82:79:d4:e8:f3:
                    8a:cd:46:25:0b:3e:8b:d6:6e:61:2a:f7:6d:60:5f:
                    3b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:0E:7F:99:83:BF:28:39:AE:23:20:49:A8:58:02:47:ED:83:F2:76
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fA5_mYO_KDmuIyBJqFgCR-2D8nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:f2:b8:fb:2f:e3:3c:51:7d:9a:42:a7:12:7f:a9:d5:12:f2:
         62:89:a3:db:25:5d:71:be:dc:9f:72:45:fe:dd:30:b0:8d:5e:
         6d:9c:f6:8f:d9:2a:26:0d:21:6d:09:b7:36:a2:8f:18:d6:2e:
         d0:d3:39:d5:f1:fe:eb:97:bb:0f:9e:b4:d4:01:41:5c:76:4a:
         70:db:e0:5e:18:a3:89:86:a9:de:6b:a4:c7:19:36:1a:e3:60:
         89:b1:26:2c:d4:3c:b9:65:7b:04:51:c4:62:27:5b:55:cb:b7:
         6c:28:fd:23:95:6b:ff:3b:6c:83:bd:7b:3c:a6:99:b4:5d:21:
         3d:74:90:af:65:29:cf:7c:c1:2c:de:e3:60:4b:d7:76:1f:de:
         71:84:01:e7:c6:c3:d1:b5:e6:6b:2a:8d:e3:0a:45:39:c9:36:
         b0:9d:f4:cb:6e:67:e9:6f:ab:9f:ba:86:ea:1f:7a:94:95:3a:
         67:27:c1:d3:e4:a4:b2:cd:06:25:6b:da:4a:41:ae:3c:c6:75:
         a1:af:1a:6e:62:07:cb:23:12:ba:12:ad:10:a4:ab:28:8d:2b:
         03:60:51:26:ae:54:b3:29:44:3c:b3:1b:0d:4c:3d:78:42:57:
         e0:f8:f8:5f:4b:2e:a8:fe:9c:9c:a5:ea:f5:be:38:fc:ff:08:
         bc:74:d0:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXbleqD+A0Pui9HnjsD4wFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMzI4MDcwOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzBlN2Y5OTgzYmYyODM5YWUyMzIwNDlhODU4MDI0N2VkODNmMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXt9tKVUWF7k3EqYMEicak2r9Fpy
AOZfQbqBQBrP1T3nXCwVcfJNbjihntlV8Za87WHPlIkOE/Dg0nOf6TRXgVZKWZ0f
CreLp5v8m0cby6olkF8xpQ1S1azXmIPomVvCWlZbOc+vOxYWFaMYmyufVi2JXrzY
3LbDtnH8BGuGQ5kjEL8BgNozMa1vyQco4bLyZxKzEuxFtaLPgoh+ptjVyAWqSrrt
kcn/7FNtvvsl/6PxwqOYxn/8I3SALPlpqPwP8iGvyqoBmN3218gvNi7rMAvQ8KA1
9LMPeg0xLElk5XEcpszRwcrVNNeqgnnU6POKzUYlCz6L1m5hKvdtYF87+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwOf5mDvyg5riMgSahYAkftg/J2MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZkE1X21ZT19LRG11SXlCSnFGZ0NSLTJEOG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/I0MA0G
CSqGSIb3DQEBCwUAA4IBAQBp8rj7L+M8UX2aQqcSf6nVEvJiiaPbJV1xvtyfckX+
3TCwjV5tnPaP2SomDSFtCbc2oo8Y1i7Q0znV8f7rl7sPnrTUAUFcdkpw2+BeGKOJ
hqnea6THGTYa42CJsSYs1Dy5ZXsEUcRiJ1tVy7dsKP0jlWv/O2yDvXs8ppm0XSE9
dJCvZSnPfMEs3uNgS9d2H95xhAHnxsPRteZrKo3jCkU5yTawnfTLbmfpb6ufuobq
H3qUlTpnJ8HT5KSyzQYla9pKQa48xnWhrxpuYgfLIxK6Eq0QpKsojSsDYFEmrlSz
KUQ8sxsNTD14Qlfg+PhfSy6o/pycper1vjj8/wi8dNAT
-----END CERTIFICATE-----