Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fO0NJasjtdemovouiwhvMLwQRCo.roa
File:                     fO0NJasjtdemovouiwhvMLwQRCo.roa (raw, json)
Hash identifier:          uoS7Yhc6WbDIJ2+ElyLshZsCEdwrG0H8VWBaIcfrJiE=
Subject key identifier:   7C:ED:0D:25:AB:23:B5:D7:A6:A2:FA:2E:8B:08:6F:30:BC:10:44:2A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019922801BC0F7FC345CF278B7066A8DF889
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fO0NJasjtdemovouiwhvMLwQRCo.roa
Signing time:             Sun 07 Sep 2025 04:47:25 +0000
ROA not before:           Sun 07 Sep 2025 04:47:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214994
IP address blocks:        151.245.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:22:80:1b:c0:f7:fc:34:5c:f2:78:b7:06:6a:8d:f8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  7 04:47:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ced0d25ab23b5d7a6a2fa2e8b086f30bc10442a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8b:fb:f0:27:0b:47:2a:59:1b:85:fd:36:8a:
                    66:bf:aa:e7:4c:c2:86:c9:21:a5:5f:d5:9c:df:32:
                    9c:ee:d2:21:ab:47:96:a0:c6:46:56:2d:f2:7d:93:
                    5a:55:e8:1a:c2:bb:45:fc:44:83:78:5b:47:b2:fb:
                    6f:11:39:31:d1:c2:88:0d:24:c8:82:48:30:b4:f7:
                    a7:bf:21:34:09:05:9e:f9:9f:67:af:76:f7:9a:89:
                    bc:51:fa:1d:b3:c4:52:4d:48:d8:73:35:db:31:e8:
                    47:07:1e:3c:83:17:9a:17:7f:14:da:d7:c8:b7:41:
                    62:d7:f0:68:9d:b7:51:55:77:70:70:41:8c:2e:aa:
                    ad:02:83:66:35:c4:d8:4b:d4:a7:1e:ba:b2:ee:e9:
                    f1:b2:c6:9e:44:26:3f:53:84:4c:38:c2:a1:a2:19:
                    35:57:50:57:13:32:4d:33:f2:80:5c:46:08:ef:ba:
                    00:82:b3:4d:51:0a:77:b3:84:c8:c6:5b:8a:d4:b4:
                    77:30:23:93:f2:45:82:01:f8:23:7d:90:08:e5:c9:
                    48:84:2e:0e:f7:91:1e:83:80:64:60:c8:0b:b1:96:
                    b0:6e:d6:2c:99:ad:3c:94:70:ac:31:fc:38:d9:db:
                    cb:cd:34:b4:e3:da:9a:aa:e8:cc:fd:9f:02:38:45:
                    bd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:ED:0D:25:AB:23:B5:D7:A6:A2:FA:2E:8B:08:6F:30:BC:10:44:2A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fO0NJasjtdemovouiwhvMLwQRCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:39:4e:a6:24:1a:2b:19:37:19:e8:ab:d4:df:ff:1b:2d:58:
         b7:08:62:b9:ba:7d:93:38:05:dd:71:34:a6:7f:fe:d7:08:36:
         5b:a5:a0:80:61:4e:49:c3:bb:a0:5d:97:a9:67:40:0d:e1:90:
         cb:1d:0d:f1:b3:df:8b:c0:97:68:4d:4a:33:c2:98:06:66:e4:
         4c:46:3b:37:a3:6e:0a:d5:fc:4c:be:cb:ec:13:50:f4:02:9f:
         de:b5:f1:be:e7:ac:aa:4f:63:72:5a:d9:53:d3:de:e2:fc:15:
         71:0e:c8:27:2d:75:66:fb:26:ae:84:b4:c5:ce:40:73:02:61:
         cf:38:9e:81:4a:6f:38:18:2f:a9:43:b7:23:9f:2e:21:f4:06:
         33:8a:86:86:52:ce:17:68:de:41:bd:41:c0:a2:d7:87:ab:b7:
         68:3d:cd:53:d3:cc:ea:7c:7b:c1:9d:22:59:89:67:ac:c5:e8:
         5d:87:00:84:59:ed:ff:85:6b:d4:37:d3:97:55:dd:b0:a1:68:
         0a:19:8b:e5:7a:e8:b5:da:1d:cf:3e:1d:10:a9:0b:77:f4:ec:
         f2:88:23:91:d1:a6:10:59:72:44:9a:82:36:9e:a3:30:91:f7:
         7f:6e:18:bf:d2:a2:d5:cc:2d:d3:76:10:3b:eb:1a:81:81:84:
         2b:f9:a5:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkigBvA9/w0XPJ4twZqjfiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTA3MDQ0NzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2VkMGQyNWFiMjNiNWQ3YTZhMmZhMmU4YjA4NmYzMGJjMTA0NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIv78CcLRypZG4X9Nopmv6rnTMKG
ySGlX9Wc3zKc7tIhq0eWoMZGVi3yfZNaVegawrtF/ESDeFtHsvtvETkx0cKIDSTI
gkgwtPenvyE0CQWe+Z9nr3b3mom8Ufods8RSTUjYczXbMehHBx48gxeaF38U2tfI
t0Fi1/BonbdRVXdwcEGMLqqtAoNmNcTYS9SnHrqy7unxssaeRCY/U4RMOMKhohk1
V1BXEzJNM/KAXEYI77oAgrNNUQp3s4TIxluK1LR3MCOT8kWCAfgjfZAI5clIhC4O
95Eeg4BkYMgLsZawbtYsma08lHCsMfw42dvLzTS049qaqujM/Z8COEW9owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHztDSWrI7XXpqL6LosIbzC8EEQqMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZk8wTkphc2p0ZGVtb3ZvdWl3aHZNTHdRUkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/UAMA0G
CSqGSIb3DQEBCwUAA4IBAQA+OU6mJBorGTcZ6KvU3/8bLVi3CGK5un2TOAXdcTSm
f/7XCDZbpaCAYU5Jw7ugXZepZ0AN4ZDLHQ3xs9+LwJdoTUozwpgGZuRMRjs3o24K
1fxMvsvsE1D0Ap/etfG+56yqT2NyWtlT097i/BVxDsgnLXVm+yauhLTFzkBzAmHP
OJ6BSm84GC+pQ7cjny4h9AYzioaGUs4XaN5BvUHAoteHq7doPc1T08zqfHvBnSJZ
iWesxehdhwCEWe3/hWvUN9OXVd2woWgKGYvleui12h3PPh0QqQt39OzyiCOR0aYQ
WXJEmoI2nqMwkfd/bhi/0qLVzC3TdhA76xqBgYQr+aVu
-----END CERTIFICATE-----