Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tANHt4ECN4uNawdTGn50DP52IRA.roa
File:                     tANHt4ECN4uNawdTGn50DP52IRA.roa (raw, json)
Hash identifier:          5uEyyXxPfZ9VgOasWyoHJbTvZypo1m2RsMXfWKsAm+8=
Subject key identifier:   B4:03:47:B7:81:02:37:8B:8D:6B:07:53:1A:7E:74:0C:FE:76:21:10
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019504A8C10E3422F5DFFD2174B52BB625DD
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tANHt4ECN4uNawdTGn50DP52IRA.roa
Signing time:             Fri 14 Feb 2025 13:32:03 +0000
ROA not before:           Fri 14 Feb 2025 13:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400529
IP address blocks:        151.243.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:04:a8:c1:0e:34:22:f5:df:fd:21:74:b5:2b:b6:25:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 14 13:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b40347b78102378b8d6b07531a7e740cfe762110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f0:d9:a2:55:fe:57:6e:fe:36:36:fc:44:01:
                    de:9f:99:fc:12:99:01:aa:34:34:11:da:b9:1b:4c:
                    a8:2d:89:3d:e1:f9:06:a0:79:ed:d5:7e:cd:02:0f:
                    65:37:6b:86:45:de:2c:b1:cf:f3:29:5b:c1:70:49:
                    2a:ce:eb:c0:ec:13:6e:65:db:6f:4c:57:1f:17:96:
                    85:b3:84:23:64:65:66:f4:4a:0c:02:6f:86:c1:67:
                    5c:24:03:fe:c5:ef:24:13:81:e5:47:25:0a:d0:48:
                    52:bf:f0:77:51:4a:80:b7:ec:40:af:d8:36:77:97:
                    10:35:93:49:32:da:38:28:14:8a:a7:67:21:a3:c1:
                    1c:32:28:2f:f4:59:cb:ea:34:1a:ec:03:7e:b9:55:
                    98:66:df:54:b9:1d:fa:ca:64:14:c9:47:df:6f:1e:
                    80:4a:a5:96:9e:4c:27:9b:59:21:63:5f:bc:43:00:
                    d7:4e:fd:2d:6a:b4:8a:06:a3:e6:15:6a:4e:5d:13:
                    40:31:0d:c8:4a:d0:2f:35:9f:ea:71:79:8c:b2:f3:
                    89:c7:b0:f2:f6:59:54:ed:55:73:78:9a:fd:a2:7f:
                    a4:bc:69:8c:11:df:2e:83:89:b4:3e:eb:f0:58:1c:
                    20:f9:c2:81:db:91:51:74:01:9e:a4:f5:b4:0e:c7:
                    87:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:03:47:B7:81:02:37:8B:8D:6B:07:53:1A:7E:74:0C:FE:76:21:10
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tANHt4ECN4uNawdTGn50DP52IRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:dc:e9:94:b3:53:18:99:4b:12:e5:8a:01:d7:72:f1:00:ab:
         c0:d3:0b:05:8c:2b:85:d8:6d:9e:35:35:18:17:8c:be:55:87:
         19:a5:a2:be:10:d4:32:61:59:24:a5:ec:8d:89:b5:18:1b:01:
         8a:a2:e0:4a:ba:35:88:a4:46:87:97:96:bf:25:1b:61:d8:08:
         5f:ba:1b:52:48:ee:5c:01:87:16:6f:31:c1:b6:10:8c:b6:cb:
         cf:66:aa:1b:82:f6:66:52:d8:8b:9a:3b:f8:8f:0b:4e:79:3e:
         12:12:6a:0d:92:7b:69:f5:b9:05:13:33:96:18:42:87:56:19:
         5a:c3:0a:83:04:1f:6b:67:95:2d:83:c9:ee:01:c5:94:a0:e9:
         97:45:62:13:a0:55:37:52:5b:59:05:8c:af:30:e6:10:82:0e:
         68:51:3f:b4:a5:95:03:53:b6:cf:7b:93:9d:93:fc:75:bf:ea:
         ec:82:0a:55:f1:aa:be:e9:f4:ed:73:da:41:c0:88:cd:20:1c:
         cb:0b:2a:db:0a:95:e5:fa:39:31:47:6a:2c:82:46:0f:53:76:
         3a:f7:d5:3a:4c:d7:c0:b7:20:6f:6c:83:1b:22:01:96:1a:68:
         39:ba:91:b1:c1:f8:d6:de:d6:3f:64:7d:e9:c9:16:b2:9e:b2:
         8a:5d:d8:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUEqMEONCL13/0hdLUrtiXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjE0MTMzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDAzNDdiNzgxMDIzNzhiOGQ2YjA3NTMxYTdlNzQwY2ZlNzYyMTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvDZolX+V27+Njb8RAHen5n8EpkB
qjQ0Edq5G0yoLYk94fkGoHnt1X7NAg9lN2uGRd4ssc/zKVvBcEkqzuvA7BNuZdtv
TFcfF5aFs4QjZGVm9EoMAm+GwWdcJAP+xe8kE4HlRyUK0EhSv/B3UUqAt+xAr9g2
d5cQNZNJMto4KBSKp2cho8EcMigv9FnL6jQa7AN+uVWYZt9UuR36ymQUyUffbx6A
SqWWnkwnm1khY1+8QwDXTv0tarSKBqPmFWpOXRNAMQ3IStAvNZ/qcXmMsvOJx7Dy
9llU7VVzeJr9on+kvGmMEd8ug4m0PuvwWBwg+cKB25FRdAGepPW0DseHTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQDR7eBAjeLjWsHUxp+dAz+diEQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdEFOSHQ0RUNONHVOYXdkVEduNTBEUDUySVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NoMA0G
CSqGSIb3DQEBCwUAA4IBAQAf3OmUs1MYmUsS5YoB13LxAKvA0wsFjCuF2G2eNTUY
F4y+VYcZpaK+ENQyYVkkpeyNibUYGwGKouBKujWIpEaHl5a/JRth2AhfuhtSSO5c
AYcWbzHBthCMtsvPZqobgvZmUtiLmjv4jwtOeT4SEmoNkntp9bkFEzOWGEKHVhla
wwqDBB9rZ5Utg8nuAcWUoOmXRWIToFU3UltZBYyvMOYQgg5oUT+0pZUDU7bPe5Od
k/x1v+rsggpV8aq+6fTtc9pBwIjNIBzLCyrbCpXl+jkxR2osgkYPU3Y699U6TNfA
tyBvbIMbIgGWGmg5upGxwfjW3tY/ZH3pyRaynrKKXdjM
-----END CERTIFICATE-----