Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4M6jOL-HyEnBaiVtVPrdJGIDeeI.roa
File:                     4M6jOL-HyEnBaiVtVPrdJGIDeeI.roa (raw, json)
Hash identifier:          gH/D/CrjKK8xteQ3Fd+znrt3LlKXOevnEcCZoZFogc4=
Subject key identifier:   E0:CE:A3:38:BF:87:C8:49:C1:6A:25:6D:54:FA:DD:24:62:03:79:E2
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198AE32DCC3CD3A5A449EE05FFE0505C2BC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4M6jOL-HyEnBaiVtVPrdJGIDeeI.roa
Signing time:             Fri 15 Aug 2025 14:47:05 +0000
ROA not before:           Fri 15 Aug 2025 14:47:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200950
IP address blocks:        151.240.122.0/23 maxlen: 23
                          151.244.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ae:32:dc:c3:cd:3a:5a:44:9e:e0:5f:fe:05:05:c2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 15 14:47:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0cea338bf87c849c16a256d54fadd24620379e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2a:0b:dc:50:d0:7b:b9:ee:7a:f4:40:40:92:
                    ac:d3:a7:7e:2a:3b:0b:de:e5:9e:f8:ac:f9:87:03:
                    4c:4f:38:e8:98:70:00:73:bc:7b:6f:24:4c:81:60:
                    b2:68:f1:52:63:55:ae:0c:b1:37:9b:51:c6:1f:e9:
                    bb:fd:e4:5a:93:03:7f:31:6e:1f:67:e2:e1:3b:b8:
                    57:e5:71:37:36:37:b7:4b:cd:65:1c:a6:fa:41:a2:
                    aa:12:1a:dc:48:04:30:e0:fb:73:94:cc:32:38:e9:
                    42:fc:5a:5a:f8:d2:fc:20:bd:b6:8c:41:f9:f6:57:
                    36:b3:3c:52:8c:f8:18:90:5e:4d:51:19:bd:a1:cd:
                    51:e4:4f:60:72:52:1f:c3:27:d1:78:8a:06:a1:93:
                    0d:ef:87:a8:11:22:4c:0f:db:eb:23:7d:a6:32:9c:
                    29:da:a3:78:6e:3a:4c:3e:34:38:4c:bc:8f:12:16:
                    16:3b:fa:28:0c:9a:f5:51:69:96:83:49:df:ee:5a:
                    9e:38:70:10:ef:1c:26:c9:75:0a:3d:92:5b:4b:13:
                    0b:c8:3c:c6:17:fd:be:5a:41:66:6e:25:92:11:ee:
                    74:79:ce:3e:fa:66:bd:d0:89:03:5a:ae:0d:db:f9:
                    2b:0d:bc:91:a8:5f:f9:88:34:b1:2e:0e:d2:19:48:
                    e7:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CE:A3:38:BF:87:C8:49:C1:6A:25:6D:54:FA:DD:24:62:03:79:E2
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4M6jOL-HyEnBaiVtVPrdJGIDeeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.122.0/23
                  151.244.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:8f:e5:fc:7b:86:69:1b:42:fd:90:0e:c5:8e:60:66:0b:9a:
         0e:81:a1:20:fc:ca:36:3b:4d:77:c6:3a:af:d2:92:43:6a:29:
         c6:de:31:e9:b0:9c:3f:5d:9f:45:5a:20:fa:1c:e0:55:69:21:
         ff:6d:18:44:84:1d:a2:c5:fa:31:be:d7:9e:64:44:87:b6:05:
         9b:6a:b0:ef:2c:1a:88:9a:9f:f4:65:69:ff:26:3b:f9:13:7e:
         ab:87:af:ff:20:0c:a8:c1:6e:99:ab:ff:d0:04:03:da:7c:bf:
         29:ae:99:84:b9:24:c7:27:35:3b:c1:4c:c4:b5:20:63:e3:41:
         a4:55:0f:d2:6d:34:86:1e:6a:68:ee:18:1f:e8:f2:84:21:7d:
         95:c9:e3:86:4a:a4:f6:4c:cf:f2:06:84:69:2c:4b:1e:95:cd:
         8e:a9:13:a2:3d:da:58:90:65:80:0b:f4:59:8f:03:9e:83:5b:
         8a:52:0f:86:8b:98:93:82:6e:56:5b:2b:2d:69:a8:ca:05:48:
         eb:c2:d1:68:ed:b0:47:05:6e:ff:07:37:6d:02:5f:4b:8d:d9:
         bb:ea:6f:79:50:1e:93:41:eb:72:5f:c6:86:12:d6:4c:14:5e:
         84:50:6a:c3:f5:e1:33:ad:29:fb:17:65:19:c1:7b:2f:3f:bf:
         4d:7d:4b:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiuMtzDzTpaRJ7gX/4FBcK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODE1MTQ0NzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGNlYTMzOGJmODdjODQ5YzE2YTI1NmQ1NGZhZGQyNDYyMDM3OWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqioL3FDQe7nuevRAQJKs06d+KjsL
3uWe+Kz5hwNMTzjomHAAc7x7byRMgWCyaPFSY1WuDLE3m1HGH+m7/eRakwN/MW4f
Z+LhO7hX5XE3Nje3S81lHKb6QaKqEhrcSAQw4PtzlMwyOOlC/Fpa+NL8IL22jEH5
9lc2szxSjPgYkF5NURm9oc1R5E9gclIfwyfReIoGoZMN74eoESJMD9vrI32mMpwp
2qN4bjpMPjQ4TLyPEhYWO/ooDJr1UWmWg0nf7lqeOHAQ7xwmyXUKPZJbSxMLyDzG
F/2+WkFmbiWSEe50ec4++ma90IkDWq4N2/krDbyRqF/5iDSxLg7SGUjnjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFODOozi/h8hJwWolbVT63SRiA3niMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNE02ak9MLUh5RW5CYWlWdFZQcmRKR0lEZWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBl/B6AwQB
l/SOMA0GCSqGSIb3DQEBCwUAA4IBAQAxj+X8e4ZpG0L9kA7FjmBmC5oOgaEg/Mo2
O013xjqv0pJDainG3jHpsJw/XZ9FWiD6HOBVaSH/bRhEhB2ixfoxvteeZESHtgWb
arDvLBqImp/0ZWn/Jjv5E36rh6//IAyowW6Zq//QBAPafL8prpmEuSTHJzU7wUzE
tSBj40GkVQ/SbTSGHmpo7hgf6PKEIX2VyeOGSqT2TM/yBoRpLEselc2OqROiPdpY
kGWAC/RZjwOeg1uKUg+Gi5iTgm5WWystaajKBUjrwtFo7bBHBW7/BzdtAl9Ljdm7
6m95UB6TQetyX8aGEtZMFF6EUGrD9eEzrSn7F2UZwXsvP79NfUt2
-----END CERTIFICATE-----