Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sBpAf1Gj8DmS84ThcolTGRN-Q7s.roa
File:                     sBpAf1Gj8DmS84ThcolTGRN-Q7s.roa (raw, json)
Hash identifier:          +mMy9h/wkFksiEvItBKlXx2txToDgDIZr7JExbXZ7ck=
Subject key identifier:   B0:1A:40:7F:51:A3:F0:39:92:F3:84:E1:72:89:53:19:13:7E:43:BB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01990DEB7167A89D18A11EB867DC5B59C9C8
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sBpAf1Gj8DmS84ThcolTGRN-Q7s.roa
Signing time:             Wed 03 Sep 2025 04:52:37 +0000
ROA not before:           Wed 03 Sep 2025 04:52:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203660
IP address blocks:        151.241.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Sep 2025 13:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0d:eb:71:67:a8:9d:18:a1:1e:b8:67:dc:5b:59:c9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  3 04:52:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b01a407f51a3f03992f384e172895319137e43bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:07:ea:6a:f6:64:d0:e6:b7:68:0b:6b:04:76:
                    d1:27:24:04:9a:44:1c:c9:f7:40:d4:90:cd:54:71:
                    2e:9b:be:67:a6:33:c0:a2:5d:ef:37:6e:30:54:a7:
                    d6:40:0f:5f:b2:b1:0a:5b:da:4f:3e:b7:ce:d4:ea:
                    3a:d5:fa:42:c6:0c:07:c7:e4:c9:c7:b6:0e:67:ed:
                    67:8c:3d:60:d3:ca:4f:09:3c:45:2a:9f:bb:79:17:
                    09:a2:40:a2:fd:ad:15:af:28:ed:b9:97:9a:4f:bd:
                    6e:67:ed:24:97:e1:2b:86:d1:40:f5:9e:17:6d:fe:
                    f6:c3:3e:1c:5f:79:3c:30:a7:b9:57:b9:c8:ef:2a:
                    9e:cc:0a:51:20:ea:4d:e4:e1:a4:06:90:63:ae:32:
                    15:c1:80:c2:05:1e:db:e8:a5:42:6e:7c:9c:c2:84:
                    36:fd:09:bd:a1:99:d6:99:01:3a:e6:d0:a7:70:0f:
                    1f:2d:e1:f3:d8:42:05:52:77:7a:cd:f8:8d:57:8b:
                    4b:d2:aa:96:0a:d7:42:5a:a4:1b:32:f3:97:c1:53:
                    13:f7:c5:40:47:3f:70:47:95:4e:9a:77:90:b9:fc:
                    ec:73:68:3a:ad:ca:21:f9:ef:5b:e2:05:c4:44:91:
                    a5:9e:db:ed:6e:71:b6:d0:7c:32:5e:dc:97:6c:e7:
                    b8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:1A:40:7F:51:A3:F0:39:92:F3:84:E1:72:89:53:19:13:7E:43:BB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sBpAf1Gj8DmS84ThcolTGRN-Q7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:ca:28:66:3e:94:3e:5e:f7:01:e1:d0:ab:39:02:be:6d:63:
         fa:f7:7a:b9:e8:00:1e:23:ef:54:03:12:b7:e4:9b:de:38:32:
         75:f5:a7:0f:74:01:64:48:ab:a9:36:81:b0:f6:83:0a:b8:49:
         6b:61:07:70:d4:9b:1b:30:15:5c:76:ca:83:17:2e:2c:35:10:
         c6:d2:d5:1f:5f:bb:a2:3b:a3:04:81:e1:e2:aa:29:62:62:8b:
         ae:66:cf:ee:8d:2c:f3:b6:28:35:b6:13:c6:12:ae:79:b2:c9:
         a4:3f:fb:7a:54:27:f1:bd:0f:1d:46:fb:a3:49:ed:c9:aa:0a:
         e1:6d:11:a0:8a:fa:ba:74:98:a1:76:24:60:f9:1a:e7:08:c2:
         59:47:30:4e:e9:40:65:1b:91:3f:23:8c:70:d9:53:e0:48:9d:
         24:55:25:57:a9:88:d1:ee:fc:38:1a:b0:ff:6e:72:26:b5:08:
         ea:0b:74:51:2b:45:f0:62:1b:d2:a6:a6:cb:3f:9a:d9:6a:1c:
         c6:61:21:8b:38:70:18:fa:55:7a:6a:1e:73:6f:6b:27:57:00:
         bd:4d:5e:e2:dc:32:9f:91:2a:74:fd:3a:3c:68:62:9d:0b:b9:
         5c:f2:78:85:f7:f8:e8:03:31:a7:c5:5e:bc:76:bb:4c:55:f1:
         37:bb:62:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkN63FnqJ0YoR64Z9xbWcnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTAzMDQ1MjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDFhNDA3ZjUxYTNmMDM5OTJmMzg0ZTE3Mjg5NTMxOTEzN2U0M2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQfqavZk0Oa3aAtrBHbRJyQEmkQc
yfdA1JDNVHEum75npjPAol3vN24wVKfWQA9fsrEKW9pPPrfO1Oo61fpCxgwHx+TJ
x7YOZ+1njD1g08pPCTxFKp+7eRcJokCi/a0VryjtuZeaT71uZ+0kl+ErhtFA9Z4X
bf72wz4cX3k8MKe5V7nI7yqezApRIOpN5OGkBpBjrjIVwYDCBR7b6KVCbnycwoQ2
/Qm9oZnWmQE65tCncA8fLeHz2EIFUnd6zfiNV4tL0qqWCtdCWqQbMvOXwVMT98VA
Rz9wR5VOmneQufzsc2g6rcoh+e9b4gXERJGlntvtbnG20HwyXtyXbOe4owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAaQH9Ro/A5kvOE4XKJUxkTfkO7MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvc0JwQWYxR2o4RG1TODRUaGNvbFRHUk4tUTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/H8MA0G
CSqGSIb3DQEBCwUAA4IBAQB5yihmPpQ+XvcB4dCrOQK+bWP693q56AAeI+9UAxK3
5JveODJ19acPdAFkSKupNoGw9oMKuElrYQdw1JsbMBVcdsqDFy4sNRDG0tUfX7ui
O6MEgeHiqiliYouuZs/ujSzztig1thPGEq55ssmkP/t6VCfxvQ8dRvujSe3Jqgrh
bRGgivq6dJihdiRg+RrnCMJZRzBO6UBlG5E/I4xw2VPgSJ0kVSVXqYjR7vw4GrD/
bnImtQjqC3RRK0XwYhvSpqbLP5rZahzGYSGLOHAY+lV6ah5zb2snVwC9TV7i3DKf
kSp0/To8aGKdC7lc8niF9/joAzGnxV68drtMVfE3u2Jq
-----END CERTIFICATE-----