Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hVDOi33ZZ8hektVkSsb2TyWGxp0.roa
File:                     hVDOi33ZZ8hektVkSsb2TyWGxp0.roa (raw, json)
Hash identifier:          nrGuIm3aBOGCceuKxIMuM70+HvFmODQZAxxcCF+xeUs=
Subject key identifier:   85:50:CE:8B:7D:D9:67:C8:5E:92:D5:64:4A:C6:F6:4F:25:86:C6:9D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01953281CE7C59C276A57A9637C3EC1D5B5D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hVDOi33ZZ8hektVkSsb2TyWGxp0.roa
Signing time:             Sun 23 Feb 2025 11:12:02 +0000
ROA not before:           Sun 23 Feb 2025 11:12:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31863
IP address blocks:        151.243.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:32:81:ce:7c:59:c2:76:a5:7a:96:37:c3:ec:1d:5b:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 23 11:12:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8550ce8b7dd967c85e92d5644ac6f64f2586c69d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1b:17:02:7b:e7:b5:fc:eb:9d:90:8b:c9:49:
                    34:07:91:af:bc:eb:49:83:49:08:57:cc:45:ab:36:
                    e2:c6:5f:b1:5a:63:f7:54:84:21:75:dd:4b:07:93:
                    99:a0:04:98:7d:4d:bc:3b:2d:c7:51:c1:f1:85:b9:
                    29:09:b4:69:af:d8:9c:3a:5c:43:82:e5:ac:e2:e0:
                    94:e3:6c:89:4d:05:4b:06:11:ee:ae:db:bb:e1:32:
                    7c:de:69:ce:3e:61:b1:5f:3c:ee:7f:60:49:71:46:
                    d8:57:b2:d8:a7:52:40:16:8f:a3:6e:16:ae:ee:25:
                    05:80:c9:40:d2:78:e5:76:ab:60:16:2c:a8:75:87:
                    72:df:5f:ab:fb:5f:a8:77:2d:24:a1:fb:99:82:32:
                    63:26:31:21:f4:88:0e:1e:e2:52:a9:7d:42:e5:39:
                    ae:51:39:24:e5:d2:ea:f2:78:bb:e2:b6:1c:22:7a:
                    58:cd:ef:75:9e:14:76:01:90:29:95:de:55:b4:00:
                    4e:14:f0:aa:5b:62:fd:4c:85:34:1b:27:60:90:00:
                    e6:4f:46:a9:3b:6e:da:5e:92:ef:57:ff:6c:ea:d3:
                    7e:81:04:6d:ff:87:c6:93:53:45:51:91:32:e9:9d:
                    84:f1:41:4c:e2:33:a6:10:5c:a9:b6:79:96:d3:eb:
                    c5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:50:CE:8B:7D:D9:67:C8:5E:92:D5:64:4A:C6:F6:4F:25:86:C6:9D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hVDOi33ZZ8hektVkSsb2TyWGxp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:4a:25:a0:0d:46:52:d4:04:cc:54:67:ba:0a:b6:b0:db:f1:
         e1:84:46:47:40:c4:d1:cc:77:2b:97:e8:f8:7e:73:42:24:1d:
         36:10:36:26:58:e8:52:69:29:8d:7f:da:87:bd:e9:c0:b2:89:
         c3:f0:f4:40:11:ba:2e:20:b7:8d:b7:d3:17:0d:8d:67:2f:b6:
         99:09:ea:59:22:ca:f0:45:02:09:81:4c:52:5d:c2:59:22:4a:
         6f:2a:e3:65:39:7e:bd:9a:c3:42:80:09:d6:d8:17:8e:69:6c:
         22:1b:80:53:6c:0f:ef:d0:52:29:ce:e3:52:29:84:cd:3f:35:
         a2:e1:91:52:08:31:e7:3c:7a:55:74:52:1b:ee:d7:60:25:89:
         24:d4:4b:70:51:b8:66:fb:07:00:23:9c:41:80:7e:28:d3:2d:
         a5:00:41:0b:8c:25:3c:1f:be:47:ef:63:c8:fa:64:07:91:22:
         30:8e:21:ea:c6:d3:09:3d:ba:e7:7e:4c:b6:bc:48:e2:13:fb:
         82:69:bf:97:bb:38:cd:ca:68:d0:e7:31:e8:3e:3c:9a:e0:a0:
         57:82:37:ec:4b:74:79:c5:69:3c:37:7e:c1:f9:23:25:25:d0:
         ac:8b:8b:ca:cb:7d:da:db:a2:0f:be:50:ce:6c:21:49:08:fe:
         9f:29:3e:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUygc58WcJ2pXqWN8PsHVtdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjIzMTExMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTUwY2U4YjdkZDk2N2M4NWU5MmQ1NjQ0YWM2ZjY0ZjI1ODZjNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhsXAnvntfzrnZCLyUk0B5GvvOtJ
g0kIV8xFqzbixl+xWmP3VIQhdd1LB5OZoASYfU28Oy3HUcHxhbkpCbRpr9icOlxD
guWs4uCU42yJTQVLBhHurtu74TJ83mnOPmGxXzzuf2BJcUbYV7LYp1JAFo+jbhau
7iUFgMlA0njldqtgFiyodYdy31+r+1+ody0kofuZgjJjJjEh9IgOHuJSqX1C5Tmu
UTkk5dLq8ni74rYcInpYze91nhR2AZApld5VtABOFPCqW2L9TIU0GydgkADmT0ap
O27aXpLvV/9s6tN+gQRt/4fGk1NFUZEy6Z2E8UFM4jOmEFyptnmW0+vFvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVQzot92WfIXpLVZErG9k8lhsadMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvaFZET2kzM1paOGhla3RWa1NzYjJUeVdHeHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MxMA0G
CSqGSIb3DQEBCwUAA4IBAQBjSiWgDUZS1ATMVGe6Craw2/HhhEZHQMTRzHcrl+j4
fnNCJB02EDYmWOhSaSmNf9qHvenAsonD8PRAEbouILeNt9MXDY1nL7aZCepZIsrw
RQIJgUxSXcJZIkpvKuNlOX69msNCgAnW2BeOaWwiG4BTbA/v0FIpzuNSKYTNPzWi
4ZFSCDHnPHpVdFIb7tdgJYkk1EtwUbhm+wcAI5xBgH4o0y2lAEELjCU8H75H72PI
+mQHkSIwjiHqxtMJPbrnfky2vEjiE/uCab+XuzjNymjQ5zHoPjya4KBXgjfsS3R5
xWk8N37B+SMlJdCsi4vKy33a26IPvlDObCFJCP6fKT7V
-----END CERTIFICATE-----