Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/09D9Z2x-8IOQuzjcHfLzScnVf-g.roa
File:                     09D9Z2x-8IOQuzjcHfLzScnVf-g.roa (raw, json)
Hash identifier:          d/7+1shLrxmvS4jGYVgHCT8g/q9nlZC6zCHvFzcC5vM=
Subject key identifier:   D3:D0:FD:67:6C:7E:F0:83:90:BB:38:DC:1D:F2:F3:49:C9:D5:7F:E8
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019651943B543F0BD83FE1A17CF40F35BAD0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/09D9Z2x-8IOQuzjcHfLzScnVf-g.roa
Signing time:             Sun 20 Apr 2025 05:03:11 +0000
ROA not before:           Sun 20 Apr 2025 05:03:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199707
IP address blocks:        151.241.88.0/24 maxlen: 24
                          151.242.188.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:51:94:3b:54:3f:0b:d8:3f:e1:a1:7c:f4:0f:35:ba:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 20 05:03:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3d0fd676c7ef08390bb38dc1df2f349c9d57fe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:00:3f:2f:b7:09:d8:2b:ca:45:26:ce:a5:29:
                    2f:1f:b5:bd:6d:b7:9a:7d:25:6e:9d:94:b0:b2:b3:
                    86:80:44:20:da:98:a3:c9:35:2b:37:51:86:ec:78:
                    d0:8a:9e:d5:86:80:32:b1:d8:d3:5e:6f:32:75:3b:
                    18:47:2e:dd:ab:11:b6:1b:00:e5:f6:ba:93:68:18:
                    74:41:03:46:37:e0:4d:d8:c3:56:33:57:d7:da:12:
                    70:13:c1:2b:94:d4:71:0a:fd:c4:c9:99:7c:d5:f5:
                    44:05:f4:a2:15:88:26:29:ae:1e:4c:a8:c9:c4:86:
                    8e:e0:87:09:1b:cc:a9:05:c6:87:32:4c:b1:a5:9e:
                    ce:5f:e6:36:93:ba:f7:99:29:df:50:fa:c0:d6:ef:
                    8f:21:de:68:34:cb:01:de:d3:8a:08:c5:b3:cb:3a:
                    4b:bd:77:30:ee:88:3f:e1:ad:10:00:00:d4:aa:a4:
                    9f:c3:60:fa:c0:c1:8c:19:18:9a:77:d1:c9:bb:11:
                    ee:f4:f9:ab:19:ac:d9:d2:17:65:33:f1:3d:44:1b:
                    52:bc:8d:03:31:27:b1:be:cc:21:8d:08:d4:33:8d:
                    be:ae:2b:7b:b5:a4:f3:3d:ea:2b:23:c0:91:2e:14:
                    71:4b:65:b7:50:39:b1:19:68:72:6a:1b:59:51:6c:
                    96:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D0:FD:67:6C:7E:F0:83:90:BB:38:DC:1D:F2:F3:49:C9:D5:7F:E8
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/09D9Z2x-8IOQuzjcHfLzScnVf-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.88.0/24
                  151.242.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:8e:9f:97:66:45:3e:9c:ce:b3:21:3d:ec:ad:07:e5:28:f0:
         7d:e0:68:d3:b6:a3:4d:36:ca:2c:ec:71:e1:d5:48:df:58:37:
         bc:0d:14:9c:76:63:5a:5e:79:a6:89:52:f1:bc:22:dc:ba:48:
         aa:ae:e0:03:f4:8d:be:f5:30:ee:85:19:06:38:c4:c6:9c:07:
         fb:17:ba:d6:34:c5:93:22:10:00:c2:64:01:cc:8e:e8:80:2f:
         e9:a2:7f:b8:5e:a5:84:81:7a:0b:f1:b6:65:0e:6e:e7:22:c6:
         bd:3c:5a:7b:e0:96:61:8e:ef:df:51:53:f5:8f:bd:09:79:b9:
         ee:4e:41:42:a5:62:f6:2d:e0:38:79:a9:be:b9:37:0f:cb:7b:
         94:55:7a:f6:a4:70:4c:08:95:1d:75:74:1b:4c:e8:85:17:36:
         3c:6c:b5:39:c2:3e:eb:d5:12:b9:6a:d8:1f:fc:84:df:61:ec:
         f6:ff:92:2f:d1:33:3b:0d:6a:f7:c5:f3:d6:63:91:b5:ba:31:
         b1:ee:3d:03:52:a7:cd:07:29:e8:44:68:e7:b4:5b:de:f3:89:
         c0:ed:18:30:5d:fa:d9:d3:b6:72:ed:a0:82:9c:ff:56:bd:9e:
         75:84:b6:6a:bc:63:8d:75:51:d1:7c:02:6b:bd:2e:84:f6:27:
         35:d1:d6:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZRlDtUPwvYP+GhfPQPNbrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDIwMDUwMzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2QwZmQ2NzZjN2VmMDgzOTBiYjM4ZGMxZGYyZjM0OWM5ZDU3ZmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgA/L7cJ2CvKRSbOpSkvH7W9bbea
fSVunZSwsrOGgEQg2pijyTUrN1GG7HjQip7VhoAysdjTXm8ydTsYRy7dqxG2GwDl
9rqTaBh0QQNGN+BN2MNWM1fX2hJwE8ErlNRxCv3EyZl81fVEBfSiFYgmKa4eTKjJ
xIaO4IcJG8ypBcaHMkyxpZ7OX+Y2k7r3mSnfUPrA1u+PId5oNMsB3tOKCMWzyzpL
vXcw7og/4a0QAADUqqSfw2D6wMGMGRiad9HJuxHu9PmrGazZ0hdlM/E9RBtSvI0D
MSexvswhjQjUM42+rit7taTzPeorI8CRLhRxS2W3UDmxGWhyahtZUWyWdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNPQ/WdsfvCDkLs43B3y80nJ1X/oMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMDlEOVoyeC04SU9RdXpqY0hmTHpTY25WZi1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/FYAwQB
l/K8MA0GCSqGSIb3DQEBCwUAA4IBAQAojp+XZkU+nM6zIT3srQflKPB94GjTtqNN
Nsos7HHh1UjfWDe8DRScdmNaXnmmiVLxvCLcukiqruAD9I2+9TDuhRkGOMTGnAf7
F7rWNMWTIhAAwmQBzI7ogC/pon+4XqWEgXoL8bZlDm7nIsa9PFp74JZhju/fUVP1
j70JebnuTkFCpWL2LeA4eam+uTcPy3uUVXr2pHBMCJUddXQbTOiFFzY8bLU5wj7r
1RK5atgf/ITfYez2/5Iv0TM7DWr3xfPWY5G1ujGx7j0DUqfNBynoRGjntFve84nA
7RgwXfrZ07Zy7aCCnP9WvZ51hLZqvGONdVHRfAJrvS6E9ic10dYi
-----END CERTIFICATE-----