Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7g6L_iEIvLCRfkDNktw1tuaix5s.roa
File:                     7g6L_iEIvLCRfkDNktw1tuaix5s.roa (raw, json)
Hash identifier:          HeODcKvG6DeoCD4n5Qp//lj4Vbj+wVrfdmfn2a/mDz4=
Subject key identifier:   EE:0E:8B:FE:21:08:BC:B0:91:7E:40:CD:92:DC:35:B6:E6:A2:C7:9B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198AE2C741CD7197B2EA89F7ED7529ED1BA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7g6L_iEIvLCRfkDNktw1tuaix5s.roa
Signing time:             Fri 15 Aug 2025 14:40:05 +0000
ROA not before:           Fri 15 Aug 2025 14:40:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205601
IP address blocks:        151.243.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ae:2c:74:1c:d7:19:7b:2e:a8:9f:7e:d7:52:9e:d1:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 15 14:40:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee0e8bfe2108bcb0917e40cd92dc35b6e6a2c79b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:4f:34:73:c2:cb:c0:73:9c:a0:94:a1:32:1b:
                    26:b9:6d:6f:37:81:95:aa:8b:d3:cd:84:a4:27:b6:
                    c7:4e:ba:4c:02:86:f3:81:e6:a2:e8:30:47:d0:9a:
                    55:73:7b:4a:df:e4:25:ac:f8:a8:ce:3c:bb:f1:12:
                    63:f5:bf:f3:e7:e4:0e:87:72:a5:f8:d0:e3:f7:b0:
                    03:e6:07:8b:ce:69:b1:cd:2f:31:e9:14:26:75:40:
                    45:1d:65:23:22:e9:4b:fb:d2:7d:57:97:0f:ae:9a:
                    19:41:96:c5:73:7f:51:23:82:eb:c4:e8:63:e7:91:
                    8c:30:eb:16:3b:96:c7:c0:b8:d4:c7:5d:e2:47:b8:
                    df:5d:94:71:3f:68:56:83:b3:d3:df:94:b5:c2:cf:
                    54:77:fd:0d:c1:46:aa:49:e9:41:7e:ad:79:67:88:
                    fa:25:fb:33:f8:77:04:12:3c:b9:7e:bc:ac:1c:ec:
                    39:ff:b4:c6:be:35:b4:25:45:c4:61:09:b4:b6:66:
                    c9:6c:93:f2:74:e0:1a:b4:54:b5:f0:df:82:8b:eb:
                    ee:4c:d3:54:8b:d9:cd:aa:48:6a:b5:cc:d8:2a:1a:
                    2d:1d:3e:01:71:c1:48:1c:9e:ba:3e:ed:3d:7d:26:
                    ed:f7:2c:5f:fd:74:e3:ed:73:80:bc:75:50:15:ee:
                    af:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:0E:8B:FE:21:08:BC:B0:91:7E:40:CD:92:DC:35:B6:E6:A2:C7:9B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7g6L_iEIvLCRfkDNktw1tuaix5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:67:c6:dd:8c:ca:bf:da:e7:d8:19:4e:93:58:a2:14:77:56:
         22:9a:73:f9:71:02:79:e6:54:0a:af:25:c2:96:32:64:e5:41:
         a0:56:5f:a1:de:cd:dd:0c:04:29:39:fc:c1:4e:a4:f5:82:43:
         9f:bc:72:95:53:49:37:e1:ed:ae:3c:ea:66:ee:04:7c:c5:ec:
         f3:aa:b3:b6:87:b7:3b:c1:d9:36:8d:a6:a7:01:20:73:00:f2:
         96:f7:89:e6:6f:67:6a:c3:67:94:18:79:1f:52:90:af:f4:48:
         ad:db:76:37:04:07:e3:06:62:20:b9:af:b3:b1:3b:97:65:27:
         0a:82:81:56:9d:e2:65:ab:2d:79:9d:c4:f8:63:13:04:39:1f:
         2c:df:56:5c:dc:7a:6e:85:d5:49:59:66:ad:a9:d8:58:8d:be:
         da:2f:ce:34:15:04:4d:0e:b8:03:a9:fc:81:1b:b8:49:f2:12:
         46:75:00:b7:a4:37:e6:85:63:e7:8a:60:02:d5:c4:1e:d7:c8:
         28:16:4a:0e:c5:04:be:df:59:17:a8:e6:e4:73:0d:e5:ea:0d:
         0b:c9:63:56:6d:8e:28:68:0f:03:6f:e8:e8:a2:1f:19:b5:8b:
         6d:71:4b:c5:b4:3e:23:b8:65:af:df:ca:84:24:05:d8:db:5f:
         1c:29:bc:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiuLHQc1xl7LqifftdSntG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODE1MTQ0MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTBlOGJmZTIxMDhiY2IwOTE3ZTQwY2Q5MmRjMzViNmU2YTJjNzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7U80c8LLwHOcoJShMhsmuW1vN4GV
qovTzYSkJ7bHTrpMAobzgeai6DBH0JpVc3tK3+QlrPiozjy78RJj9b/z5+QOh3Kl
+NDj97AD5geLzmmxzS8x6RQmdUBFHWUjIulL+9J9V5cPrpoZQZbFc39RI4LrxOhj
55GMMOsWO5bHwLjUx13iR7jfXZRxP2hWg7PT35S1ws9Ud/0NwUaqSelBfq15Z4j6
Jfsz+HcEEjy5frysHOw5/7TGvjW0JUXEYQm0tmbJbJPydOAatFS18N+Ci+vuTNNU
i9nNqkhqtczYKhotHT4BccFIHJ66Pu09fSbt9yxf/XTj7XOAvHVQFe6vuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4Oi/4hCLywkX5AzZLcNbbmosebMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvN2c2TF9pRUl2TENSZmtETmt0dzF0dWFpeDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/P8MA0G
CSqGSIb3DQEBCwUAA4IBAQAfZ8bdjMq/2ufYGU6TWKIUd1YimnP5cQJ55lQKryXC
ljJk5UGgVl+h3s3dDAQpOfzBTqT1gkOfvHKVU0k34e2uPOpm7gR8xezzqrO2h7c7
wdk2jaanASBzAPKW94nmb2dqw2eUGHkfUpCv9Eit23Y3BAfjBmIgua+zsTuXZScK
goFWneJlqy15ncT4YxMEOR8s31Zc3HpuhdVJWWatqdhYjb7aL840FQRNDrgDqfyB
G7hJ8hJGdQC3pDfmhWPnimAC1cQe18goFkoOxQS+31kXqObkcw3l6g0LyWNWbY4o
aA8Db+jooh8ZtYttcUvFtD4juGWv38qEJAXY218cKbwC
-----END CERTIFICATE-----