Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0dsEtkEjC71M3HXMzK4Z6iLccY4.roa
File:                     0dsEtkEjC71M3HXMzK4Z6iLccY4.roa (raw, json)
Hash identifier:          GBEjIFZyI5Ol8tA/emHZW6K8maD8BVJzqe5Orc2PNks=
Subject key identifier:   D1:DB:04:B6:41:23:0B:BD:4C:DC:75:CC:CC:AE:19:EA:22:DC:71:8E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01967AF3F7CA32CC83DE794307AD334841BA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0dsEtkEjC71M3HXMzK4Z6iLccY4.roa
Signing time:             Mon 28 Apr 2025 05:52:10 +0000
ROA not before:           Mon 28 Apr 2025 05:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        151.243.162.0/24 maxlen: 24
                          151.243.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7a:f3:f7:ca:32:cc:83:de:79:43:07:ad:33:48:41:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 28 05:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1db04b641230bbd4cdc75ccccae19ea22dc718e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ab:0d:03:64:07:4f:cb:ee:09:15:41:27:57:
                    ab:dc:23:64:cb:91:03:04:11:1f:00:45:d7:5c:28:
                    ad:29:d7:bc:7f:d6:f9:4f:38:01:63:2c:83:d9:ca:
                    7d:cf:99:30:ba:94:69:62:e8:da:3b:35:53:f5:8d:
                    4e:93:39:f9:7d:b5:4f:24:2d:91:35:8c:7b:d8:2d:
                    db:a9:a8:dc:c2:4e:98:53:ec:84:33:86:68:49:92:
                    da:79:78:83:d6:ee:f6:1d:e4:70:a1:5d:40:4b:33:
                    ba:b4:8f:cb:b2:39:be:c1:e9:c2:1a:43:0f:f5:b3:
                    ca:8b:c2:5f:f6:24:63:5f:6b:27:8b:bb:5e:8f:aa:
                    17:01:c2:f7:0d:9f:39:0d:ec:9c:d5:3f:ab:fa:29:
                    d8:7d:2e:ac:36:2f:92:13:56:c3:98:7d:33:d8:bd:
                    4c:a1:b5:92:aa:21:8b:0c:65:fa:07:15:22:d8:b7:
                    43:28:a6:5d:71:ff:6c:b9:31:c2:93:f7:a0:ad:ac:
                    77:d9:3a:3d:b8:bb:92:77:e4:ac:b1:25:64:dc:e8:
                    0e:70:72:7b:47:ff:3b:01:93:60:b5:91:20:59:e0:
                    2e:92:31:b2:84:f5:18:3a:c9:8c:9d:3f:47:e3:9e:
                    86:95:a3:8b:34:49:53:a8:bf:75:46:e2:ad:d1:a9:
                    82:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:DB:04:B6:41:23:0B:BD:4C:DC:75:CC:CC:AE:19:EA:22:DC:71:8E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0dsEtkEjC71M3HXMzK4Z6iLccY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.162.0/24
                  151.243.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:83:de:e3:a1:36:5e:42:2d:eb:80:7f:3e:40:ab:6a:ea:dd:
         f7:0c:b8:31:62:6c:8d:85:04:a9:d9:1f:60:5f:80:7e:2d:19:
         19:a9:da:06:89:42:18:93:92:74:3f:c0:45:7e:9c:44:05:10:
         97:4e:ff:94:88:66:4d:df:12:c2:a9:df:d5:85:c7:c2:5c:92:
         41:93:20:96:51:d2:58:6e:04:54:5c:8e:71:2b:14:1c:94:f8:
         30:af:fb:ad:3a:fc:b0:f8:2b:6d:47:9c:32:8d:0d:7a:50:73:
         0c:b7:fd:33:b4:ef:bb:2f:25:29:e3:61:8c:d7:c1:19:ff:e3:
         b7:86:be:3e:ca:76:f1:86:9d:30:45:57:47:b4:0e:27:44:3b:
         0d:22:54:5e:3e:44:24:80:6c:cb:cc:9b:54:35:e9:45:dc:6d:
         52:8e:7f:7d:01:e2:6a:4c:1a:58:45:a4:47:eb:44:51:e8:c5:
         02:65:7a:33:07:cc:ce:a0:8e:31:8e:a6:93:f8:90:e9:a1:70:
         66:58:da:7b:05:77:5d:42:d3:82:a9:56:56:85:d3:ed:8a:33:
         26:6e:75:e1:20:89:6e:4d:bf:ef:f1:b3:ee:34:c8:a1:2a:9d:
         c3:05:33:c6:d0:23:a2:0c:cd:4e:79:4f:e4:5d:05:e8:df:09:
         8d:12:52:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ68/fKMsyD3nlDB60zSEG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI4MDU1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWRiMDRiNjQxMjMwYmJkNGNkYzc1Y2NjY2FlMTllYTIyZGM3MThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqsNA2QHT8vuCRVBJ1er3CNky5ED
BBEfAEXXXCitKde8f9b5TzgBYyyD2cp9z5kwupRpYujaOzVT9Y1Okzn5fbVPJC2R
NYx72C3bqajcwk6YU+yEM4ZoSZLaeXiD1u72HeRwoV1ASzO6tI/Lsjm+wenCGkMP
9bPKi8Jf9iRjX2sni7tej6oXAcL3DZ85Deyc1T+r+inYfS6sNi+SE1bDmH0z2L1M
obWSqiGLDGX6BxUi2LdDKKZdcf9suTHCk/egrax32To9uLuSd+SssSVk3OgOcHJ7
R/87AZNgtZEgWeAukjGyhPUYOsmMnT9H456GlaOLNElTqL91RuKt0amCsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNHbBLZBIwu9TNx1zMyuGeoi3HGOMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMGRzRXRrRWpDNzFNM0hYTXpLNFo2aUxjY1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/OiAwQA
l/P0MA0GCSqGSIb3DQEBCwUAA4IBAQBCg97joTZeQi3rgH8+QKtq6t33DLgxYmyN
hQSp2R9gX4B+LRkZqdoGiUIYk5J0P8BFfpxEBRCXTv+UiGZN3xLCqd/VhcfCXJJB
kyCWUdJYbgRUXI5xKxQclPgwr/utOvyw+CttR5wyjQ16UHMMt/0ztO+7LyUp42GM
18EZ/+O3hr4+ynbxhp0wRVdHtA4nRDsNIlRePkQkgGzLzJtUNelF3G1Sjn99AeJq
TBpYRaRH60RR6MUCZXozB8zOoI4xjqaT+JDpoXBmWNp7BXddQtOCqVZWhdPtijMm
bnXhIIluTb/v8bPuNMihKp3DBTPG0COiDM1OeU/kXQXo3wmNElIg
-----END CERTIFICATE-----