Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o5ja-25dITEobmuWOA7g7--Sq90.roa
File:                     o5ja-25dITEobmuWOA7g7--Sq90.roa (raw, json)
Hash identifier:          4y/ps7kXpxFdNq/z9FKFJUwbRxeITdshoOKKZaJcUOE=
Subject key identifier:   A3:98:DA:FB:6E:5D:21:31:28:6E:6B:96:38:0E:E0:EF:EF:92:AB:DD
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01978C4A8677085D21D8CF9339BCFFEDA4AF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o5ja-25dITEobmuWOA7g7--Sq90.roa
Signing time:             Fri 20 Jun 2025 07:43:03 +0000
ROA not before:           Fri 20 Jun 2025 07:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        151.243.128.0/22 maxlen: 22
                          151.243.132.0/24 maxlen: 24
                          151.243.133.0/24 maxlen: 24
                          151.243.134.0/24 maxlen: 24
                          151.243.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:4a:86:77:08:5d:21:d8:cf:93:39:bc:ff:ed:a4:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 20 07:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a398dafb6e5d2131286e6b96380ee0efef92abdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ba:e2:fc:88:67:e6:ff:3a:30:62:94:84:ba:
                    f4:47:e6:ba:dd:af:27:1a:03:fb:96:68:b6:b0:23:
                    3c:4e:fd:8a:48:29:ad:0a:89:dd:40:b1:12:e5:67:
                    88:b9:63:c6:6c:21:05:0e:30:56:e7:44:fa:36:b8:
                    1c:cd:e5:b4:97:cd:b3:20:6d:78:16:b2:a8:32:a7:
                    22:7b:1a:0b:58:e2:0e:3a:f6:89:c4:43:04:3f:0d:
                    bd:b6:73:cc:67:d5:d0:b3:b8:9a:bd:b6:e5:ed:38:
                    f3:c6:e5:40:75:37:a3:67:de:e4:ac:04:eb:46:82:
                    08:db:46:e7:75:39:8a:40:6d:cb:cb:28:55:5b:23:
                    63:6d:ee:bf:46:52:65:71:58:47:3d:7b:97:ee:ac:
                    1b:75:23:e4:47:a6:1e:62:67:5a:42:c5:e8:5e:12:
                    68:4c:c2:7a:36:86:16:3e:2c:2c:41:68:d1:c3:dd:
                    90:30:dd:f9:3b:6e:fa:e3:43:2d:84:c7:2f:97:50:
                    68:47:67:65:a6:56:df:cd:63:2f:d8:d7:3b:95:81:
                    ac:f4:4e:7b:b0:d0:5c:2e:b4:bb:a8:3b:ca:a0:73:
                    35:4d:48:80:c8:6e:05:8b:23:7f:e9:ee:0f:a3:90:
                    5e:8d:81:d0:f6:06:a2:a0:bb:6b:df:93:40:b6:99:
                    6a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:98:DA:FB:6E:5D:21:31:28:6E:6B:96:38:0E:E0:EF:EF:92:AB:DD
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o5ja-25dITEobmuWOA7g7--Sq90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:b0:73:4a:3d:0f:d2:0e:4b:14:bc:3a:ce:03:fe:79:7c:c5:
         e6:79:a4:5f:96:46:ce:b4:35:e1:03:f1:5c:84:1d:8a:ca:c3:
         8f:f9:16:d9:fa:45:2d:95:56:98:aa:5f:26:28:1e:03:30:2e:
         46:ea:09:92:6a:08:2a:21:d6:43:75:78:cf:c2:c7:c0:47:86:
         d6:aa:c3:f8:f6:ba:c2:b0:0e:92:cd:ff:6b:07:1d:1a:02:67:
         df:58:aa:db:75:ba:e6:34:91:78:31:bf:ba:97:2b:76:13:3f:
         22:90:7e:61:f4:57:11:1e:64:56:bc:75:8c:17:53:1e:bb:eb:
         d1:3f:26:d7:60:0e:74:ae:91:36:34:4a:d0:f0:4e:a5:b0:e7:
         4b:a2:43:98:88:c7:d6:97:70:a3:69:54:c0:4f:d8:46:0f:fe:
         8c:4a:aa:70:32:38:df:08:5b:80:70:b9:09:d7:0a:1b:e7:aa:
         1a:7f:f3:ce:52:49:32:fd:01:38:74:15:c6:a4:28:28:7b:d1:
         e8:08:b3:9f:f6:33:d0:1a:8a:fc:b9:9a:5c:64:b7:7f:6a:8f:
         04:d2:f3:70:00:69:51:ee:d9:26:91:a3:ef:a2:1e:66:69:22:
         b9:09:14:ac:73:86:7d:0c:95:33:44:96:51:d3:5d:95:9f:70:
         bd:96:ea:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeMSoZ3CF0h2M+TObz/7aSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIwMDc0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzk4ZGFmYjZlNWQyMTMxMjg2ZTZiOTYzODBlZTBlZmVmOTJhYmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7ri/Ihn5v86MGKUhLr0R+a63a8n
GgP7lmi2sCM8Tv2KSCmtCondQLES5WeIuWPGbCEFDjBW50T6NrgczeW0l82zIG14
FrKoMqciexoLWOIOOvaJxEMEPw29tnPMZ9XQs7iavbbl7TjzxuVAdTejZ97krATr
RoII20bndTmKQG3LyyhVWyNjbe6/RlJlcVhHPXuX7qwbdSPkR6YeYmdaQsXoXhJo
TMJ6NoYWPiwsQWjRw92QMN35O27640MthMcvl1BoR2dlplbfzWMv2Nc7lYGs9E57
sNBcLrS7qDvKoHM1TUiAyG4FiyN/6e4Po5BejYHQ9gaioLtr35NAtplq4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOY2vtuXSExKG5rljgO4O/vkqvdMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbzVqYS0yNWRJVEVvYm11V09BN2c3LS1TcTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDl/OAMA0G
CSqGSIb3DQEBCwUAA4IBAQBZsHNKPQ/SDksUvDrOA/55fMXmeaRflkbOtDXhA/Fc
hB2KysOP+RbZ+kUtlVaYql8mKB4DMC5G6gmSaggqIdZDdXjPwsfAR4bWqsP49rrC
sA6Szf9rBx0aAmffWKrbdbrmNJF4Mb+6lyt2Ez8ikH5h9FcRHmRWvHWMF1Meu+vR
PybXYA50rpE2NErQ8E6lsOdLokOYiMfWl3CjaVTAT9hGD/6MSqpwMjjfCFuAcLkJ
1wob56oaf/POUkky/QE4dBXGpCgoe9HoCLOf9jPQGor8uZpcZLd/ao8E0vNwAGlR
7tkmkaPvoh5maSK5CRSsc4Z9DJUzRJZR012Vn3C9lupn
-----END CERTIFICATE-----