Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/oq9t2rs_HbpFYjRD8mFqYXoE46U.roa
File:                     oq9t2rs_HbpFYjRD8mFqYXoE46U.roa (raw, json)
Hash identifier:          gXApTIB8Kyf9sedHu4Q+UhWAVu+feb0au/lfRkUV9PY=
Subject key identifier:   A2:AF:6D:DA:BB:3F:1D:BA:45:62:34:43:F2:61:6A:61:7A:04:E3:A5
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196EC237E573145A487BDE873FD693A9603
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/oq9t2rs_HbpFYjRD8mFqYXoE46U.roa
Signing time:             Tue 20 May 2025 05:21:11 +0000
ROA not before:           Tue 20 May 2025 05:21:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22439
IP address blocks:        151.244.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 05:14:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ec:23:7e:57:31:45:a4:87:bd:e8:73:fd:69:3a:96:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 20 05:21:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2af6ddabb3f1dba45623443f2616a617a04e3a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:0e:e0:d1:9e:51:4e:39:de:ae:00:da:84:ff:
                    5b:33:a9:80:fe:9d:b5:d6:0b:67:67:95:4e:8f:b3:
                    2f:e2:30:ef:26:0e:c0:93:57:62:5f:76:84:7f:b8:
                    f1:57:ae:39:36:4e:4d:2a:0c:a6:e6:8d:ea:74:54:
                    ad:6e:fa:51:91:7c:71:ce:97:fa:46:a2:c1:fc:28:
                    86:1a:f5:1e:33:66:74:15:6d:de:64:f7:3d:59:aa:
                    96:87:79:9c:9e:8a:82:ce:59:0f:d6:11:6a:0a:28:
                    66:86:a5:2f:81:23:07:01:6d:2e:00:76:f3:4f:7b:
                    79:a8:4f:38:ac:a7:df:2d:30:e7:8f:d9:8c:47:08:
                    a4:bd:29:3b:81:ed:df:6d:fe:a0:6e:a0:ab:c3:8b:
                    28:c8:49:60:30:2b:a0:fe:31:07:75:2d:63:a2:8e:
                    40:80:6a:4c:c8:68:ef:69:82:b3:c6:fd:22:33:51:
                    5e:fb:eb:b2:46:75:7d:84:8d:11:27:e8:36:24:a8:
                    6c:72:3f:d7:f0:cb:6f:99:95:52:b8:c0:2e:65:ca:
                    66:2b:e5:cf:f9:ff:7b:1c:8a:71:14:a3:88:a0:63:
                    e4:67:72:f2:e1:77:f9:d4:bd:e4:af:99:37:9a:b4:
                    e9:16:01:6c:67:45:99:03:92:83:97:b7:10:77:80:
                    19:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AF:6D:DA:BB:3F:1D:BA:45:62:34:43:F2:61:6A:61:7A:04:E3:A5
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/oq9t2rs_HbpFYjRD8mFqYXoE46U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:58:0f:a7:e6:ee:f6:cc:db:d8:4c:a2:4b:92:9c:16:d1:b8:
         e7:5e:31:ea:cf:be:50:4f:a2:78:ef:9c:3f:94:67:27:59:d1:
         1a:73:59:1a:b7:69:47:d0:26:88:b3:b0:92:f2:0e:14:47:f4:
         2c:a7:fe:12:fd:be:a1:47:59:a5:29:b8:4e:62:1e:86:f9:f3:
         7b:9a:5c:68:65:85:7a:7c:ff:d4:6c:72:82:3e:a4:eb:1e:a0:
         88:ca:53:81:9f:48:b6:48:c7:ac:a9:d6:01:13:c1:8d:30:f2:
         47:c3:e1:f9:98:e8:b5:b0:a3:69:20:c8:b1:94:8b:78:0a:bd:
         01:84:15:95:0c:dd:a1:ad:94:e8:a8:95:43:7d:f8:70:c5:d8:
         80:b3:2a:a3:4a:b7:d3:38:ae:9c:cd:b6:93:3b:21:0e:a9:55:
         80:a6:50:36:c4:83:6b:73:f9:4e:67:d9:76:de:4d:52:34:0b:
         82:b2:a5:16:66:ca:ee:f9:58:ba:fe:2a:98:7c:27:11:89:a5:
         6b:b1:98:4c:c8:0c:06:59:55:88:18:2c:ed:45:3e:e1:34:b8:
         b9:d4:c8:b9:86:a8:3e:a9:50:05:88:01:28:4f:3b:18:90:26:
         46:f7:44:d6:36:8d:70:95:01:01:66:5c:c8:b5:eb:0e:9e:4d:
         7c:d6:c9:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbsI35XMUWkh73oc/1pOpYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIwMDUyMTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmFmNmRkYWJiM2YxZGJhNDU2MjM0NDNmMjYxNmE2MTdhMDRlM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+w7g0Z5RTjnergDahP9bM6mA/p21
1gtnZ5VOj7Mv4jDvJg7Ak1diX3aEf7jxV645Nk5NKgym5o3qdFStbvpRkXxxzpf6
RqLB/CiGGvUeM2Z0FW3eZPc9WaqWh3mcnoqCzlkP1hFqCihmhqUvgSMHAW0uAHbz
T3t5qE84rKffLTDnj9mMRwikvSk7ge3fbf6gbqCrw4soyElgMCug/jEHdS1joo5A
gGpMyGjvaYKzxv0iM1Fe++uyRnV9hI0RJ+g2JKhscj/X8MtvmZVSuMAuZcpmK+XP
+f97HIpxFKOIoGPkZ3Ly4Xf51L3kr5k3mrTpFgFsZ0WZA5KDl7cQd4AZxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKvbdq7Px26RWI0Q/JhamF6BOOlMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvb3E5dDJyc19IYnBGWWpSRDhtRnFZWG9FNDZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/QuMA0G
CSqGSIb3DQEBCwUAA4IBAQC2WA+n5u72zNvYTKJLkpwW0bjnXjHqz75QT6J475w/
lGcnWdEac1kat2lH0CaIs7CS8g4UR/Qsp/4S/b6hR1mlKbhOYh6G+fN7mlxoZYV6
fP/UbHKCPqTrHqCIylOBn0i2SMesqdYBE8GNMPJHw+H5mOi1sKNpIMixlIt4Cr0B
hBWVDN2hrZToqJVDffhwxdiAsyqjSrfTOK6czbaTOyEOqVWAplA2xINrc/lOZ9l2
3k1SNAuCsqUWZsru+Vi6/iqYfCcRiaVrsZhMyAwGWVWIGCztRT7hNLi51Mi5hqg+
qVAFiAEoTzsYkCZG90TWNo1wlQEBZlzItesOnk181slD
-----END CERTIFICATE-----