Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-e9jXnWzwq2H7c4CZo_GMma3lBo.roa
File:                     1-e9jXnWzwq2H7c4CZo_GMma3lBo.roa (raw, json)
Hash identifier:          NQb2ezD+6GMidB/EPoN8frh6I8E5xLVKf7bTKM9kz58=
Subject key identifier:   F9:EF:63:5E:75:B3:C2:AD:87:ED:CE:02:66:8F:C6:32:66:B7:94:1A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199A977C9296D2B94A0D07954F8280170F2
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-e9jXnWzwq2H7c4CZo_GMma3lBo.roa
Signing time:             Fri 03 Oct 2025 09:47:03 +0000
ROA not before:           Fri 03 Oct 2025 09:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215638
IP address blocks:        151.243.216.0/24 maxlen: 24
                          151.247.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:77:c9:29:6d:2b:94:a0:d0:79:54:f8:28:01:70:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct  3 09:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9ef635e75b3c2ad87edce02668fc63266b7941a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3f:d6:bb:a3:ec:19:15:4e:e3:99:9f:af:5e:
                    d0:bc:51:59:61:87:1b:d1:03:db:ae:2d:b5:38:23:
                    61:27:6d:d1:cf:a2:f5:09:a9:8a:76:38:4e:8b:c0:
                    94:50:5f:d5:ae:9c:fc:25:2c:38:cf:75:27:01:37:
                    46:e5:6c:9c:89:b0:1f:02:ca:96:b8:34:d5:e0:c4:
                    b4:35:35:af:a0:21:52:d5:85:3c:58:0c:00:15:21:
                    aa:0c:3f:c4:f5:38:35:d6:37:43:ae:84:e5:cc:d4:
                    38:1b:a1:a6:39:1e:df:3e:88:3d:52:75:a7:8f:0a:
                    1e:3d:ad:7a:d3:73:22:bc:97:68:5a:4a:a5:1b:99:
                    aa:bd:54:76:22:37:c5:9c:b7:a5:c9:5c:d2:aa:f1:
                    ef:9a:1a:03:bb:cb:18:76:18:a1:29:97:f7:bc:fb:
                    14:cf:3d:51:4f:b7:0c:6a:4c:28:77:f0:ea:fc:40:
                    7b:51:7d:51:91:b3:a9:50:2b:01:23:3c:25:56:d7:
                    69:21:6c:18:9f:a2:d3:bf:21:8f:c6:3e:cf:3b:65:
                    e1:f7:92:44:e6:2e:05:2a:06:46:af:b1:53:72:9f:
                    85:d6:15:1a:0f:11:d8:f5:90:3b:1e:b4:1f:74:e0:
                    2a:17:fa:58:09:d6:ed:fd:7c:d6:25:71:dc:b1:ed:
                    58:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EF:63:5E:75:B3:C2:AD:87:ED:CE:02:66:8F:C6:32:66:B7:94:1A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-e9jXnWzwq2H7c4CZo_GMma3lBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.216.0/24
                  151.247.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:5c:d7:ea:d4:a1:e3:2a:d2:12:db:bd:dc:80:c7:e2:32:cc:
         44:a9:20:a3:31:eb:4f:c5:3e:9d:db:ac:29:ee:39:c1:ca:dd:
         60:b9:a0:36:33:db:3a:46:30:11:61:78:bd:11:96:5c:45:85:
         af:94:83:40:1d:03:fb:0a:ec:a9:68:95:cb:59:a4:cf:4d:92:
         6d:7b:75:2f:0d:8e:89:7a:68:4f:aa:41:e8:16:5e:5e:db:74:
         7a:04:c0:2b:0d:2d:a8:41:20:15:d6:79:ff:46:7b:f4:5a:85:
         12:37:48:63:fb:60:4c:eb:6f:bf:e3:96:e0:14:1c:51:ae:c9:
         3d:9a:15:44:fe:c2:04:4a:01:2b:40:78:28:47:de:9e:32:45:
         9b:9f:94:18:96:d1:a7:a5:3f:94:6e:d0:31:a0:f0:76:74:be:
         30:f6:a8:17:5c:12:5a:54:5d:1e:dd:0e:ef:db:cb:62:b9:b0:
         d0:f4:3e:08:0f:c3:b4:e4:c7:d6:42:a8:72:33:9f:c2:b2:7f:
         d1:0a:d6:1a:12:46:51:95:3e:e3:92:ca:81:87:8e:53:a5:bb:
         8c:cd:34:45:a5:be:10:4b:1b:74:53:8f:e0:91:97:97:46:9c:
         20:e0:b8:6f:0e:ec:71:d2:f4:fc:03:6b:a9:6c:aa:ca:d2:61:
         98:31:0e:b8
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZmpd8kpbSuUoNB5VPgoAXDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDAzMDk0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWVmNjM1ZTc1YjNjMmFkODdlZGNlMDI2NjhmYzYzMjY2Yjc5NDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/Wu6PsGRVO45mfr17QvFFZYYcb
0QPbri21OCNhJ23Rz6L1CamKdjhOi8CUUF/Vrpz8JSw4z3UnATdG5WycibAfAsqW
uDTV4MS0NTWvoCFS1YU8WAwAFSGqDD/E9Tg11jdDroTlzNQ4G6GmOR7fPog9UnWn
jwoePa1603MivJdoWkqlG5mqvVR2IjfFnLelyVzSqvHvmhoDu8sYdhihKZf3vPsU
zz1RT7cMakwod/Dq/EB7UX1RkbOpUCsBIzwlVtdpIWwYn6LTvyGPxj7PO2Xh95JE
5i4FKgZGr7FTcp+F1hUaDxHY9ZA7HrQfdOAqF/pYCdbt/XzWJXHcse1YKwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPnvY151s8Kth+3OAmaPxjJmt5QaMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMS1lOWpYbld6d3EySDdjNENab19HTW1hM2xCby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGUvZjQzYjFkLTllNTAtNDU1MS1hZTZhLTE3YjlkZTE0MTI1
Mi8xL3htSm05R2I3SkppamxGbXpOUzJpVVZHbHBNQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAJfz2AME
AJf30zANBgkqhkiG9w0BAQsFAAOCAQEAiFzX6tSh4yrSEtu93IDH4jLMRKkgozHr
T8U+ndusKe45wcrdYLmgNjPbOkYwEWF4vRGWXEWFr5SDQB0D+wrsqWiVy1mkz02S
bXt1Lw2OiXpoT6pB6BZeXtt0egTAKw0tqEEgFdZ5/0Z79FqFEjdIY/tgTOtvv+OW
4BQcUa7JPZoVRP7CBEoBK0B4KEfenjJFm5+UGJbRp6U/lG7QMaDwdnS+MPaoF1wS
WlRdHt0O79vLYrmw0PQ+CA/DtOTH1kKocjOfwrJ/0QrWGhJGUZU+45LKgYeOU6W7
jM00RaW+EEsbdFOP4JGXl0acIOC4bw7scdL0/ANrqWyqytJhmDEOuA==
-----END CERTIFICATE-----