Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sYJtOGH3Sy_eTICsofC3hHSO-sc.roa
File:                     sYJtOGH3Sy_eTICsofC3hHSO-sc.roa (raw, json)
Hash identifier:          xBr9sDDBwRvTQHhMO5qGV+skZRXAG/fMX5pDnHAy3Ng=
Subject key identifier:   B1:82:6D:38:61:F7:4B:2F:DE:4C:80:AC:A1:F0:B7:84:74:8E:FA:C7
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019892BEB1AE31D6EBE08FBF377C4325FBA7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sYJtOGH3Sy_eTICsofC3hHSO-sc.roa
Signing time:             Sun 10 Aug 2025 06:50:27 +0000
ROA not before:           Sun 10 Aug 2025 06:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215703
IP address blocks:        151.243.93.0/24 maxlen: 24
                          151.244.233.0/24 maxlen: 24
                          151.244.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 21:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:92:be:b1:ae:31:d6:eb:e0:8f:bf:37:7c:43:25:fb:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 10 06:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1826d3861f74b2fde4c80aca1f0b784748efac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c2:72:a6:69:05:9d:4f:ec:6a:65:58:9c:d5:
                    5b:3d:e7:4e:9a:5d:96:30:b4:54:8f:63:53:ab:1d:
                    fc:7b:70:08:ad:45:e5:99:37:fb:97:98:96:58:3e:
                    7f:df:48:17:c7:b6:93:8a:c7:f9:41:44:00:74:3b:
                    0b:c8:a5:9d:12:09:79:db:60:f7:7f:07:dc:ef:b1:
                    0b:0c:2e:12:23:55:22:a2:f0:09:b3:92:2c:1f:b1:
                    15:15:ad:2f:4c:46:3a:74:8b:f2:dd:b8:81:c9:6a:
                    5c:f0:8d:30:c8:b2:e2:4f:f4:80:a9:34:59:94:6a:
                    c1:4e:72:16:a4:35:8e:b7:28:d5:5a:72:9f:4b:8a:
                    c1:29:19:fe:2f:ed:57:d1:53:42:2e:91:50:e1:61:
                    e6:5f:5f:fc:c2:5f:a4:1f:8b:33:a0:23:f7:c5:72:
                    e5:1d:44:83:bc:04:05:12:14:36:52:bf:d1:10:4a:
                    a8:c9:66:d3:9c:b6:7f:90:33:a4:18:f1:c4:55:2c:
                    a9:69:0d:be:57:e3:e6:1e:41:a9:0b:25:a1:30:25:
                    cb:c7:e6:65:37:45:a4:ed:61:12:f0:14:64:c0:67:
                    9f:13:ea:50:eb:39:26:6a:b8:a8:6b:cc:6c:a0:2c:
                    10:3b:ab:40:04:04:d2:c9:dd:6d:b0:37:a6:d2:f2:
                    17:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:82:6D:38:61:F7:4B:2F:DE:4C:80:AC:A1:F0:B7:84:74:8E:FA:C7
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sYJtOGH3Sy_eTICsofC3hHSO-sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.93.0/24
                  151.244.233.0/24
                  151.244.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:4f:f3:15:df:3b:f6:71:c9:a0:cd:b9:09:51:78:ff:45:84:
         28:5a:e9:61:db:a9:41:cd:c3:e6:a4:49:bf:49:ee:94:fc:a1:
         23:74:0b:9d:e2:83:a7:9f:63:aa:49:e8:36:d4:61:cb:c3:34:
         8b:67:ca:1a:e6:f9:c6:c9:a1:96:2d:07:8e:3d:73:ec:bc:bf:
         85:13:20:8d:32:3e:d1:34:54:27:81:c2:05:d2:c1:fb:b4:79:
         aa:f2:50:33:b5:64:d4:2a:69:95:87:11:90:25:20:bc:42:c6:
         75:74:87:8a:ae:29:84:78:57:45:68:67:a9:8f:94:23:ec:98:
         1f:3b:ad:d7:d3:34:4e:06:4d:c9:20:6d:64:4c:6a:78:e3:36:
         29:a7:ce:5d:f8:74:d6:2b:07:4a:91:2e:9d:2b:84:0f:cf:54:
         6a:b7:f8:a5:5e:1a:c0:ee:6f:8c:aa:99:a7:cb:e9:53:ec:5b:
         b5:dc:a3:d5:3d:e9:89:c1:8e:87:f5:ae:0b:4f:95:6d:3f:18:
         a7:e3:5e:51:14:cd:a1:91:65:d5:dd:3d:b4:a1:86:e6:a2:2e:
         b6:3d:e3:48:cf:e4:0a:fa:6d:63:6f:46:ce:28:fb:c9:f4:07:
         5e:e8:21:ac:01:3f:68:af:35:51:85:c8:37:00:cc:f2:a4:d6:
         fe:1c:63:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiSvrGuMdbr4I+/N3xDJfunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODEwMDY1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTgyNmQzODYxZjc0YjJmZGU0YzgwYWNhMWYwYjc4NDc0OGVmYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMJypmkFnU/samVYnNVbPedOml2W
MLRUj2NTqx38e3AIrUXlmTf7l5iWWD5/30gXx7aTisf5QUQAdDsLyKWdEgl522D3
fwfc77ELDC4SI1UiovAJs5IsH7EVFa0vTEY6dIvy3biByWpc8I0wyLLiT/SAqTRZ
lGrBTnIWpDWOtyjVWnKfS4rBKRn+L+1X0VNCLpFQ4WHmX1/8wl+kH4szoCP3xXLl
HUSDvAQFEhQ2Ur/REEqoyWbTnLZ/kDOkGPHEVSypaQ2+V+PmHkGpCyWhMCXLx+Zl
N0Wk7WES8BRkwGefE+pQ6zkmarioa8xsoCwQO6tABATSyd1tsDem0vIX7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLGCbThh90sv3kyArKHwt4R0jvrHMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvc1lKdE9HSDNTeV9lVElDc29mQzNoSFNPLXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/NdAwQA
l/TpAwQAl/TtMA0GCSqGSIb3DQEBCwUAA4IBAQA1T/MV3zv2ccmgzbkJUXj/RYQo
Wulh26lBzcPmpEm/Se6U/KEjdAud4oOnn2OqSeg21GHLwzSLZ8oa5vnGyaGWLQeO
PXPsvL+FEyCNMj7RNFQngcIF0sH7tHmq8lAztWTUKmmVhxGQJSC8QsZ1dIeKrimE
eFdFaGepj5Qj7JgfO63X0zROBk3JIG1kTGp44zYpp85d+HTWKwdKkS6dK4QPz1Rq
t/ilXhrA7m+Mqpmny+lT7Fu13KPVPemJwY6H9a4LT5VtPxin415RFM2hkWXV3T20
oYbmoi62PeNIz+QK+m1jb0bOKPvJ9Ade6CGsAT9orzVRhcg3AMzypNb+HGNc
-----END CERTIFICATE-----