Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3SWsYfXDWcsu6sUuvebokjzhzds.roa
File:                     3SWsYfXDWcsu6sUuvebokjzhzds.roa (raw, json)
Hash identifier:          8xGWnQd4LyfAq9tVA55RlvFAQNa4NFu8YYFajh752cs=
Subject key identifier:   DD:25:AC:61:F5:C3:59:CB:2E:EA:C5:2E:BD:E6:E8:92:3C:E1:CD:DB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019892BEB13D642E7D89FCB72C753DF8B64F
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3SWsYfXDWcsu6sUuvebokjzhzds.roa
Signing time:             Sun 10 Aug 2025 06:50:27 +0000
ROA not before:           Sun 10 Aug 2025 06:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198831
IP address blocks:        151.242.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:92:be:b1:3d:64:2e:7d:89:fc:b7:2c:75:3d:f8:b6:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 10 06:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd25ac61f5c359cb2eeac52ebde6e8923ce1cddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:68:d8:22:78:f2:33:1f:09:fb:3a:aa:40:dd:
                    4c:4e:63:97:97:d9:7f:b0:a9:55:1b:93:8a:0e:4f:
                    4d:a0:b3:0f:f5:82:cb:d6:48:f8:63:59:3b:e3:da:
                    b8:73:9d:be:d2:a6:96:39:0d:a7:ba:ac:5e:51:e5:
                    4a:ce:f7:83:54:c4:13:c4:5f:9e:4b:61:64:92:50:
                    2c:98:b1:3f:f9:09:f6:db:52:63:f8:f8:b4:6a:3f:
                    5b:5c:f1:f9:90:f1:72:4c:71:c5:3a:ac:b0:d5:0b:
                    9e:8e:e6:52:61:e3:05:65:51:db:7d:ed:be:3f:58:
                    52:8f:3a:a4:b6:a7:e1:45:35:1b:02:53:8e:c6:17:
                    33:04:a5:6f:7f:34:07:ec:ae:e8:2f:5e:ee:ea:65:
                    93:00:d2:36:81:7c:27:e0:c0:0e:28:02:e5:f5:16:
                    d7:e9:a5:92:9f:1b:c3:d7:e9:57:2b:40:39:75:7e:
                    cf:de:c6:5d:07:66:5f:b3:b3:70:75:d3:85:0b:0b:
                    f1:ff:60:02:4f:60:c5:b6:51:f3:35:12:30:b5:6a:
                    b3:1c:d1:80:f4:df:dc:8e:77:a2:4e:dc:a6:6e:2a:
                    de:a0:ac:9b:59:91:c3:a6:24:6a:85:03:3f:8e:0f:
                    4e:39:76:97:14:01:e4:fd:b1:7d:c0:cc:dc:39:0f:
                    43:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:25:AC:61:F5:C3:59:CB:2E:EA:C5:2E:BD:E6:E8:92:3C:E1:CD:DB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3SWsYfXDWcsu6sUuvebokjzhzds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:16:12:af:e4:88:a0:13:1c:e0:fd:82:36:77:d3:a8:51:24:
         21:96:38:c3:3c:2e:55:3b:26:14:db:3b:96:0f:9a:4c:75:32:
         dc:05:1f:90:83:c8:bd:b0:2e:8f:14:0b:c9:c3:5b:de:e5:3b:
         4e:bc:2a:a0:67:d8:b7:a0:b6:d2:02:f0:7e:55:e8:1c:01:33:
         53:75:14:f2:c0:aa:e9:0c:cb:a9:04:bc:57:e8:ac:22:32:e4:
         6c:a1:a2:8a:19:5e:cf:5d:70:c9:2f:b1:0a:9a:e9:c4:3e:d5:
         5c:6a:99:1a:09:5a:7f:31:10:df:f9:f6:bc:45:12:ce:c5:a3:
         c9:88:13:ab:1c:25:bd:ed:1f:1b:79:37:72:63:b0:2b:33:68:
         56:58:77:a5:04:ba:12:e8:cd:ac:dc:f1:1d:b9:0e:97:97:4a:
         cb:ef:af:82:81:8c:b8:a3:fe:60:e8:b8:ea:81:46:a5:e7:71:
         97:fb:77:ee:e6:84:da:10:81:8d:73:ef:11:22:1b:7f:72:96:
         d2:a9:62:c6:ec:c2:d0:de:86:d2:04:1b:17:04:9a:0a:db:09:
         f5:fb:f2:7d:5a:57:dc:bd:fe:2c:57:0d:76:72:eb:e4:0f:79:
         a1:35:3a:0c:a2:00:56:a6:91:86:fe:26:9b:8f:e1:2c:f1:bc:
         e8:a0:59:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiSvrE9ZC59ify3LHU9+LZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODEwMDY1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDI1YWM2MWY1YzM1OWNiMmVlYWM1MmViZGU2ZTg5MjNjZTFjZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGjYInjyMx8J+zqqQN1MTmOXl9l/
sKlVG5OKDk9NoLMP9YLL1kj4Y1k749q4c52+0qaWOQ2nuqxeUeVKzveDVMQTxF+e
S2FkklAsmLE/+Qn221Jj+Pi0aj9bXPH5kPFyTHHFOqyw1QuejuZSYeMFZVHbfe2+
P1hSjzqktqfhRTUbAlOOxhczBKVvfzQH7K7oL17u6mWTANI2gXwn4MAOKALl9RbX
6aWSnxvD1+lXK0A5dX7P3sZdB2Zfs7NwddOFCwvx/2ACT2DFtlHzNRIwtWqzHNGA
9N/cjneiTtymbireoKybWZHDpiRqhQM/jg9OOXaXFAHk/bF9wMzcOQ9DywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0lrGH1w1nLLurFLr3m6JI84c3bMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvM1NXc1lmWERXY3N1NnNVdXZlYm9ranpoemRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/L/MA0G
CSqGSIb3DQEBCwUAA4IBAQC1FhKv5IigExzg/YI2d9OoUSQhljjDPC5VOyYU2zuW
D5pMdTLcBR+Qg8i9sC6PFAvJw1ve5TtOvCqgZ9i3oLbSAvB+VegcATNTdRTywKrp
DMupBLxX6KwiMuRsoaKKGV7PXXDJL7EKmunEPtVcapkaCVp/MRDf+fa8RRLOxaPJ
iBOrHCW97R8beTdyY7ArM2hWWHelBLoS6M2s3PEduQ6Xl0rL76+CgYy4o/5g6Ljq
gUal53GX+3fu5oTaEIGNc+8RIht/cpbSqWLG7MLQ3obSBBsXBJoK2wn1+/J9Wlfc
vf4sVw12cuvkD3mhNToMogBWppGG/iabj+Es8bzooFl2
-----END CERTIFICATE-----