Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5hfOU8cchIfU-YjD1-1EJOkhsv4.roa
File:                     5hfOU8cchIfU-YjD1-1EJOkhsv4.roa (raw, json)
Hash identifier:          d4QZNW61a30s6VQJsvmCpF5vnWlj8rRgqXDpb01/++4=
Subject key identifier:   E6:17:CE:53:C7:1C:84:87:D4:F9:88:C3:D7:ED:44:24:E9:21:B2:FE
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196D577F4ADA35DFA09BA781FF4E93A8B8B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5hfOU8cchIfU-YjD1-1EJOkhsv4.roa
Signing time:             Thu 15 May 2025 19:42:10 +0000
ROA not before:           Thu 15 May 2025 19:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152611
IP address blocks:        151.242.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d5:77:f4:ad:a3:5d:fa:09:ba:78:1f:f4:e9:3a:8b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 15 19:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e617ce53c71c8487d4f988c3d7ed4424e921b2fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:b0:73:a3:9e:65:46:40:e4:4a:75:59:39:
                    15:93:42:60:83:9e:38:d3:34:61:13:35:83:58:8c:
                    c4:e3:a0:ea:93:58:27:67:44:ad:9f:c7:5c:0b:34:
                    e6:71:1b:bd:28:ae:71:03:7b:12:0f:af:d6:d7:9d:
                    ec:b4:8e:9d:da:51:c9:0f:5c:9a:0b:1a:b1:85:66:
                    14:bb:40:cd:ee:76:25:74:4c:07:19:d2:85:19:1f:
                    7e:e6:a2:41:ba:51:7a:59:b7:cb:a8:2e:37:f2:9c:
                    7f:d1:39:50:e7:25:2a:21:c6:8a:ae:3d:55:ef:80:
                    8c:35:0e:6f:d4:20:04:9c:12:09:fa:13:0a:cc:cd:
                    ef:0e:0e:1d:f4:6e:57:ee:2c:b1:01:15:f8:9b:ce:
                    55:56:b8:e3:35:04:52:10:e7:f4:5e:fb:ec:f2:28:
                    4c:70:19:96:c9:36:47:0b:f7:2f:98:87:60:67:f8:
                    d4:58:ed:2b:ef:3b:20:28:d2:e3:1b:2a:d1:aa:a4:
                    44:4f:bb:30:7c:19:81:11:63:57:92:a7:91:1b:99:
                    59:38:76:42:cc:a8:3d:99:d3:d6:4b:66:89:0e:95:
                    ed:68:5a:ac:0d:1e:9b:73:a7:5b:d8:1f:41:cc:34:
                    4e:fe:e8:36:14:25:cb:16:28:ce:bf:3b:6d:01:76:
                    e9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:17:CE:53:C7:1C:84:87:D4:F9:88:C3:D7:ED:44:24:E9:21:B2:FE
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5hfOU8cchIfU-YjD1-1EJOkhsv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:ad:7e:17:c1:1d:ae:1e:68:fa:fa:ac:e8:67:18:25:4a:b0:
         85:7c:02:4a:36:88:9f:83:05:47:45:43:a1:78:4d:70:bb:9b:
         02:63:76:7e:2b:5d:1c:29:b0:e4:af:75:b1:31:bc:c3:86:09:
         5e:d8:d0:0e:3a:77:c2:38:98:6a:09:9e:f1:0b:a5:8c:84:7d:
         9a:29:22:31:6a:42:b0:2f:71:55:a8:b9:5b:55:3a:60:c9:cb:
         69:63:4b:f5:01:ee:d2:f2:66:23:02:89:e7:cf:fe:64:76:a4:
         4c:bd:a4:60:29:e7:78:37:44:21:bf:0b:59:97:b4:30:3a:d4:
         44:a2:ec:06:9b:d8:00:a1:89:dd:13:b6:cc:c1:69:99:e6:8a:
         b9:fc:17:bb:70:ad:5f:59:a8:2f:fc:92:e1:72:0f:af:b7:0e:
         df:a1:f8:5a:33:3c:e9:03:89:72:21:ca:06:64:a4:97:13:c2:
         b2:51:93:5e:fe:6d:3d:80:83:36:82:26:51:23:45:29:ed:41:
         11:f9:98:be:5f:20:d0:3a:5c:87:5a:a3:c5:3f:6e:54:36:dd:
         a9:fd:40:84:b2:ba:ec:a3:4d:ba:c3:be:72:4a:a0:58:d7:1d:
         80:06:bf:50:5f:0d:25:20:5f:b6:2c:21:f1:10:dc:bd:c6:56:
         24:4d:67:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbVd/Sto136Cbp4H/TpOouLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE1MTk0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE3Y2U1M2M3MWM4NDg3ZDRmOTg4YzNkN2VkNDQyNGU5MjFiMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCmwc6OeZUZA5Ep1WTkVk0Jgg544
0zRhEzWDWIzE46Dqk1gnZ0Stn8dcCzTmcRu9KK5xA3sSD6/W153stI6d2lHJD1ya
CxqxhWYUu0DN7nYldEwHGdKFGR9+5qJBulF6WbfLqC438px/0TlQ5yUqIcaKrj1V
74CMNQ5v1CAEnBIJ+hMKzM3vDg4d9G5X7iyxARX4m85VVrjjNQRSEOf0Xvvs8ihM
cBmWyTZHC/cvmIdgZ/jUWO0r7zsgKNLjGyrRqqRET7swfBmBEWNXkqeRG5lZOHZC
zKg9mdPWS2aJDpXtaFqsDR6bc6db2B9BzDRO/ug2FCXLFijOvzttAXbp3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYXzlPHHISH1PmIw9ftRCTpIbL+MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNWhmT1U4Y2NoSWZVLVlqRDEtMUVKT2toc3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/I1MA0G
CSqGSIb3DQEBCwUAA4IBAQC4rX4XwR2uHmj6+qzoZxglSrCFfAJKNoifgwVHRUOh
eE1wu5sCY3Z+K10cKbDkr3WxMbzDhgle2NAOOnfCOJhqCZ7xC6WMhH2aKSIxakKw
L3FVqLlbVTpgyctpY0v1Ae7S8mYjAonnz/5kdqRMvaRgKed4N0QhvwtZl7QwOtRE
ouwGm9gAoYndE7bMwWmZ5oq5/Be7cK1fWagv/JLhcg+vtw7fofhaMzzpA4lyIcoG
ZKSXE8KyUZNe/m09gIM2giZRI0Up7UER+Zi+XyDQOlyHWqPFP25UNt2p/UCEsrrs
o026w75ySqBY1x2ABr9QXw0lIF+2LCHxENy9xlYkTWdL
-----END CERTIFICATE-----