Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/mF8xylUzZxi7qhJ1TvVk6Af6q8A.roa
File:                     mF8xylUzZxi7qhJ1TvVk6Af6q8A.roa (raw, json)
Hash identifier:          w+xSd65KFCEFR0Hhvics2YvKpA4t1Bh57n9F2kqJXnM=
Subject key identifier:   98:5F:31:CA:55:33:67:18:BB:AA:12:75:4E:F5:64:E8:07:FA:AB:C0
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198E0F31E29E1275E1AA35E37D7AFB60B3D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/mF8xylUzZxi7qhJ1TvVk6Af6q8A.roa
Signing time:             Mon 25 Aug 2025 11:18:05 +0000
ROA not before:           Mon 25 Aug 2025 11:18:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61112
IP address blocks:        151.242.125.0/24 maxlen: 24
                          151.242.137.0/24 maxlen: 24
                          151.242.164.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Sep 2025 13:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:f3:1e:29:e1:27:5e:1a:a3:5e:37:d7:af:b6:0b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 25 11:18:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=985f31ca55336718bbaa12754ef564e807faabc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d3:ea:4a:a1:88:69:6f:77:9b:b1:09:a1:2f:
                    4a:dc:dc:ad:ed:b6:05:4e:a5:e0:75:7c:59:da:ba:
                    7c:ff:ab:99:16:d4:ad:bc:aa:52:71:12:5f:fe:a1:
                    ef:9c:4c:d2:2b:ba:3f:a1:a3:e7:1d:f7:70:dc:9f:
                    8a:f6:ac:a5:3b:de:bd:34:96:6c:29:b1:90:19:48:
                    07:13:48:a9:22:27:da:d6:11:d2:24:fe:60:d6:46:
                    8c:5f:5a:61:94:75:58:1a:66:4c:01:77:9f:ca:f0:
                    83:16:3c:d4:3b:d3:fb:3a:91:04:be:73:44:aa:14:
                    6c:dc:33:4e:0a:c3:55:cd:01:f9:10:96:51:7d:c3:
                    fd:c3:6a:da:33:70:ba:88:9c:b8:a7:88:b2:b5:7e:
                    ba:0d:b4:bc:08:5c:53:08:91:47:ae:31:74:97:c2:
                    32:4a:8e:6d:53:ad:ed:be:2c:3a:dd:b0:91:30:44:
                    88:20:9d:0b:b9:9a:a9:b4:9e:62:27:ac:f0:b8:56:
                    9a:51:22:0c:62:6c:97:82:06:01:82:64:1b:2c:99:
                    0d:d3:89:36:00:18:42:61:29:45:69:44:67:d4:ad:
                    c8:98:e1:7a:19:3c:a1:c7:11:f7:c8:cf:c6:16:63:
                    28:ba:7a:ca:f8:4b:f7:9d:8e:b1:e9:b3:2d:c6:f2:
                    8d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5F:31:CA:55:33:67:18:BB:AA:12:75:4E:F5:64:E8:07:FA:AB:C0
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/mF8xylUzZxi7qhJ1TvVk6Af6q8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.125.0/24
                  151.242.137.0/24
                  151.242.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:82:ba:81:1d:90:90:4a:35:2a:ef:07:d1:89:b4:8d:47:97:
         18:28:d6:10:f7:7a:82:82:e2:4a:76:82:ee:db:28:79:af:69:
         ae:62:1d:61:0e:ae:b1:47:87:a1:c5:b7:01:bf:e3:38:ad:e2:
         6b:f8:0d:64:9d:f4:84:dc:4e:1c:fc:f0:9b:8c:92:f0:37:29:
         42:f0:96:f3:f9:36:46:b6:7f:c2:fa:1a:d3:56:fd:d5:9d:a4:
         54:dd:0a:a2:c4:02:63:b2:7d:28:3c:ed:cd:4f:bc:fd:f2:89:
         1d:ce:5a:d0:8d:2f:63:d1:f9:f6:fd:3c:13:b6:1f:d5:57:07:
         d7:c0:54:8d:73:db:26:61:ee:d4:80:74:b1:ff:40:23:be:52:
         5f:d8:54:83:8d:16:38:7c:51:f0:c1:4c:7c:b5:c5:24:42:df:
         34:62:ba:f0:ff:aa:ff:0f:44:a8:ce:67:54:53:c6:7a:8a:bd:
         60:19:1d:a3:ff:d3:ad:7f:3e:a9:6f:d9:bf:50:2f:b8:d1:4c:
         9c:b7:a5:9f:99:40:65:25:c4:8c:f4:44:57:47:ef:54:48:47:
         65:eb:15:5e:30:2b:42:cf:46:32:29:84:b5:8f:19:05:f7:53:
         28:71:09:33:73:bb:5c:75:36:e2:36:61:63:ef:da:b2:d4:a2:
         c4:4e:5a:14
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjg8x4p4SdeGqNeN9evtgs9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODI1MTExODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODVmMzFjYTU1MzM2NzE4YmJhYTEyNzU0ZWY1NjRlODA3ZmFhYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9PqSqGIaW93m7EJoS9K3Nyt7bYF
TqXgdXxZ2rp8/6uZFtStvKpScRJf/qHvnEzSK7o/oaPnHfdw3J+K9qylO969NJZs
KbGQGUgHE0ipIifa1hHSJP5g1kaMX1phlHVYGmZMAXefyvCDFjzUO9P7OpEEvnNE
qhRs3DNOCsNVzQH5EJZRfcP9w2raM3C6iJy4p4iytX66DbS8CFxTCJFHrjF0l8Iy
So5tU63tviw63bCRMESIIJ0LuZqptJ5iJ6zwuFaaUSIMYmyXggYBgmQbLJkN04k2
ABhCYSlFaURn1K3ImOF6GTyhxxH3yM/GFmMounrK+Ev3nY6x6bMtxvKNuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJhfMcpVM2cYu6oSdU71ZOgH+qvAMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbUY4eHlsVXpaeGk3cWhKMVR2Vms2QWY2cThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/J9AwQA
l/KJAwQBl/KkMA0GCSqGSIb3DQEBCwUAA4IBAQA2grqBHZCQSjUq7wfRibSNR5cY
KNYQ93qCguJKdoLu2yh5r2muYh1hDq6xR4ehxbcBv+M4reJr+A1knfSE3E4c/PCb
jJLwNylC8Jbz+TZGtn/C+hrTVv3VnaRU3QqixAJjsn0oPO3NT7z98okdzlrQjS9j
0fn2/TwTth/VVwfXwFSNc9smYe7UgHSx/0AjvlJf2FSDjRY4fFHwwUx8tcUkQt80
Yrrw/6r/D0SozmdUU8Z6ir1gGR2j/9Otfz6pb9m/UC+40Uyct6WfmUBlJcSM9ERX
R+9USEdl6xVeMCtCz0YyKYS1jxkF91MocQkzc7tcdTbiNmFj79qy1KLETloU
-----END CERTIFICATE-----