Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4h-_BCv061A7a3ExhraUNIXnzjs.roa
File:                     4h-_BCv061A7a3ExhraUNIXnzjs.roa (raw, json)
Hash identifier:          eNIh+BPI5tPDC2RgxP1KjWEd+sl6tVtXTLrJFsgZQzA=
Subject key identifier:   E2:1F:BF:04:2B:F4:EB:50:3B:6B:71:31:86:B6:94:34:85:E7:CE:3B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199524B8F06473A55959281BC6FBCB5EA2E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4h-_BCv061A7a3ExhraUNIXnzjs.roa
Signing time:             Tue 16 Sep 2025 11:31:47 +0000
ROA not before:           Tue 16 Sep 2025 11:31:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212194
IP address blocks:        151.242.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:4b:8f:06:47:3a:55:95:92:81:bc:6f:bc:b5:ea:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 16 11:31:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e21fbf042bf4eb503b6b713186b6943485e7ce3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:78:16:4f:34:1a:fa:a4:de:16:cc:7b:82:32:
                    27:78:6e:5b:c4:03:9b:6d:aa:77:46:bc:33:b6:c8:
                    b1:7d:32:8a:71:73:16:14:ea:81:1f:3a:9c:76:fc:
                    a9:6a:9d:4e:d1:13:6c:f3:1f:0d:c0:c5:2c:37:42:
                    34:98:3e:fd:e4:c8:c0:ee:fa:10:78:be:b7:c8:35:
                    87:51:7e:19:db:58:af:d6:a8:e0:e2:cf:c4:a6:92:
                    29:14:b9:9e:0b:12:64:1b:d7:c8:e8:f0:50:1b:05:
                    9f:96:90:4e:65:3e:f4:2f:68:34:f8:1b:68:eb:76:
                    49:2f:73:08:1b:f3:bc:e6:33:7c:22:07:e4:2f:12:
                    af:5c:0b:a0:26:93:51:b6:b3:ef:81:de:22:ea:74:
                    16:85:91:95:ff:b1:03:be:eb:9e:58:70:70:21:ca:
                    73:9d:e6:e9:8a:97:8e:8a:81:fd:06:91:2e:f5:04:
                    42:87:94:e3:49:e5:cb:68:12:11:c6:70:50:e3:cc:
                    76:72:53:3f:bb:b4:05:e9:e8:4a:d9:e8:0c:44:e4:
                    d5:12:bb:4f:39:56:e2:b0:b9:21:14:92:21:fd:c4:
                    59:b8:82:33:4b:46:da:58:0d:d7:48:b0:22:20:45:
                    30:bc:34:6d:5d:66:3e:04:1d:a9:43:a8:85:74:6d:
                    44:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:1F:BF:04:2B:F4:EB:50:3B:6B:71:31:86:B6:94:34:85:E7:CE:3B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4h-_BCv061A7a3ExhraUNIXnzjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f7:6b:6f:e8:4b:8b:38:de:2d:fc:b9:e3:71:57:48:ef:f8:
         c3:58:2d:ee:2b:d7:8e:66:2e:b6:96:23:b7:14:af:8a:d5:cf:
         b6:b2:a2:11:60:33:99:f6:ae:0f:12:5a:b3:57:6b:29:8e:50:
         38:c1:94:de:b2:ff:7c:66:96:28:f6:07:e9:58:18:82:56:1e:
         ef:a3:f9:5f:7d:fb:5c:78:09:d2:d8:84:8e:3b:20:c1:f7:0e:
         d3:83:64:4f:52:d0:9a:a4:80:f6:f9:19:a1:7a:1b:03:e7:4d:
         4d:0e:66:2f:44:57:c2:6f:57:7d:8f:6f:14:1a:af:67:26:61:
         35:f4:54:9a:61:36:07:ae:d8:5f:60:f8:70:b1:bb:5c:7a:9a:
         2c:b3:37:7c:6a:3d:f4:27:53:6d:86:b4:12:70:a6:4e:2b:7b:
         58:a0:ba:98:a3:5e:a3:82:7a:15:46:91:2a:76:ea:b6:74:b8:
         08:71:a9:17:c1:b5:f7:25:aa:eb:b9:58:6c:30:e0:bd:47:f8:
         c7:31:7a:9c:24:41:bb:b3:50:e3:0e:f3:0d:21:e0:f6:39:61:
         d2:07:68:ca:bc:da:d2:aa:3d:e3:75:cf:bb:69:0c:c5:09:cc:
         c7:ca:dc:26:02:15:a3:d2:34:bf:0c:19:8d:60:e2:ab:59:6d:
         f0:76:39:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlSS48GRzpVlZKBvG+8teouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTE2MTEzMTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjFmYmYwNDJiZjRlYjUwM2I2YjcxMzE4NmI2OTQzNDg1ZTdjZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3gWTzQa+qTeFsx7gjIneG5bxAOb
bap3RrwztsixfTKKcXMWFOqBHzqcdvypap1O0RNs8x8NwMUsN0I0mD795MjA7voQ
eL63yDWHUX4Z21iv1qjg4s/EppIpFLmeCxJkG9fI6PBQGwWflpBOZT70L2g0+Bto
63ZJL3MIG/O85jN8IgfkLxKvXAugJpNRtrPvgd4i6nQWhZGV/7EDvuueWHBwIcpz
nebpipeOioH9BpEu9QRCh5TjSeXLaBIRxnBQ48x2clM/u7QF6ehK2egMROTVErtP
OVbisLkhFJIh/cRZuIIzS0baWA3XSLAiIEUwvDRtXWY+BB2pQ6iFdG1EHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIfvwQr9OtQO2txMYa2lDSF5847MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNGgtX0JDdjA2MUE3YTNFeGhyYVVOSVhuempzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JBMA0G
CSqGSIb3DQEBCwUAA4IBAQBv92tv6EuLON4t/LnjcVdI7/jDWC3uK9eOZi62liO3
FK+K1c+2sqIRYDOZ9q4PElqzV2spjlA4wZTesv98ZpYo9gfpWBiCVh7vo/lffftc
eAnS2ISOOyDB9w7Tg2RPUtCapID2+RmhehsD501NDmYvRFfCb1d9j28UGq9nJmE1
9FSaYTYHrthfYPhwsbtceposszd8aj30J1NthrQScKZOK3tYoLqYo16jgnoVRpEq
duq2dLgIcakXwbX3JarruVhsMOC9R/jHMXqcJEG7s1DjDvMNIeD2OWHSB2jKvNrS
qj3jdc+7aQzFCczHytwmAhWj0jS/DBmNYOKrWW3wdjnf
-----END CERTIFICATE-----