Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9IGoPUnnTiAC6-4Zao5EXwEpG8s.roa
File:                     9IGoPUnnTiAC6-4Zao5EXwEpG8s.roa (raw, json)
Hash identifier:          t6uEhCp16ejx0RbyUl5J8JFRto8SiE6ZlPs8B/+466o=
Subject key identifier:   F4:81:A8:3D:49:E7:4E:20:02:EB:EE:19:6A:8E:44:5F:01:29:1B:CB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197C47F8F23B3030A1D39A2CC658E64C41E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9IGoPUnnTiAC6-4Zao5EXwEpG8s.roa
Signing time:             Tue 01 Jul 2025 05:39:43 +0000
ROA not before:           Tue 01 Jul 2025 05:39:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207043
IP address blocks:        151.243.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:7f:8f:23:b3:03:0a:1d:39:a2:cc:65:8e:64:c4:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  1 05:39:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f481a83d49e74e2002ebee196a8e445f01291bcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c9:2a:38:90:a4:a5:97:0f:be:b0:b4:fe:d2:
                    5d:ef:77:67:9b:d8:60:c1:e3:1c:ff:b7:4a:01:9a:
                    48:ab:0d:f5:c0:81:3f:17:8e:94:30:c3:22:86:6e:
                    82:e6:cf:95:ba:d6:90:e9:89:95:21:2b:99:a5:87:
                    ff:af:2d:78:06:71:72:d2:dd:1a:25:f1:e9:16:9a:
                    04:a0:7b:e9:5c:6c:dd:2e:75:9f:f6:22:3d:d1:c6:
                    02:0d:c0:1d:05:17:74:76:af:c7:13:aa:79:b7:fe:
                    ee:15:fc:93:8d:1a:ce:1c:ec:1c:8e:29:c0:15:7e:
                    f9:66:e4:ce:3a:53:a8:4d:9d:c0:e9:80:da:e2:30:
                    7c:4a:0b:71:2e:0b:e0:27:e5:62:79:7c:50:0b:5e:
                    97:ec:84:ac:ea:78:a4:69:25:8d:a0:84:61:fd:e4:
                    8c:2d:5e:ec:2b:0e:a2:c9:0f:be:b1:fe:0a:01:c7:
                    d5:0e:07:3a:d3:56:ce:78:1e:7a:07:ea:a3:3b:b3:
                    1c:dd:b8:9b:25:34:e9:04:15:f0:69:f2:3d:68:1a:
                    e5:8e:5a:1c:ce:43:77:c3:81:8c:9d:2b:1d:5c:04:
                    61:c3:2b:39:31:8b:60:27:2a:fc:30:09:1c:76:5e:
                    d1:f2:08:ce:97:98:94:c4:9e:60:be:37:3f:22:fa:
                    99:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:81:A8:3D:49:E7:4E:20:02:EB:EE:19:6A:8E:44:5F:01:29:1B:CB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9IGoPUnnTiAC6-4Zao5EXwEpG8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:83:3c:aa:9f:97:7d:e4:6e:9c:91:e8:23:ee:37:dc:3f:90:
         f4:97:9b:79:c9:bf:52:26:b9:99:26:b3:c7:8b:e7:e0:3c:6e:
         e2:28:c9:11:d1:28:b3:4e:78:39:96:cc:47:8f:03:87:c8:cd:
         fb:f1:67:2e:46:b5:c3:e3:b5:d9:5f:70:5e:74:ad:3d:13:4e:
         1f:9c:15:9b:d3:30:11:ad:f7:d7:b1:8b:03:7a:a7:d0:c6:a8:
         12:f2:de:f1:d3:25:22:1b:12:07:45:ab:ca:fc:32:1d:7b:5e:
         5d:1e:f5:7e:0b:d6:92:63:63:8a:55:c5:d5:55:de:7e:bc:d5:
         d7:34:a6:6b:9b:9f:f6:c1:30:88:9f:0b:90:e5:c1:2e:cd:3a:
         0c:fa:b9:24:71:17:f5:36:7c:9b:ca:d1:87:25:4c:79:4c:09:
         4c:a6:81:bf:54:4b:b3:bc:2f:e8:18:14:dc:64:ac:fb:9a:06:
         e7:20:2a:0b:3b:6d:04:38:5f:4c:fd:1c:67:0b:96:8a:38:b2:
         0c:55:c0:7b:30:cd:cc:ec:21:9e:03:c2:c2:fb:2e:6d:21:be:
         76:53:9a:07:7e:33:02:9a:c2:19:5b:08:f4:00:86:4a:54:2d:
         2b:7d:44:a6:a0:9b:ec:1c:2a:a2:06:f8:39:6a:0b:84:82:7a:
         7b:56:6f:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfEf48jswMKHTmizGWOZMQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzAxMDUzOTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDgxYTgzZDQ5ZTc0ZTIwMDJlYmVlMTk2YThlNDQ1ZjAxMjkxYmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArskqOJCkpZcPvrC0/tJd73dnm9hg
weMc/7dKAZpIqw31wIE/F46UMMMihm6C5s+VutaQ6YmVISuZpYf/ry14BnFy0t0a
JfHpFpoEoHvpXGzdLnWf9iI90cYCDcAdBRd0dq/HE6p5t/7uFfyTjRrOHOwcjinA
FX75ZuTOOlOoTZ3A6YDa4jB8SgtxLgvgJ+VieXxQC16X7ISs6nikaSWNoIRh/eSM
LV7sKw6iyQ++sf4KAcfVDgc601bOeB56B+qjO7Mc3bibJTTpBBXwafI9aBrljloc
zkN3w4GMnSsdXARhwys5MYtgJyr8MAkcdl7R8gjOl5iUxJ5gvjc/IvqZIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSBqD1J504gAuvuGWqORF8BKRvLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOUlHb1BVbm5UaUFDNi00WmFvNUVYd0VwRzhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MSMA0G
CSqGSIb3DQEBCwUAA4IBAQBkgzyqn5d95G6ckegj7jfcP5D0l5t5yb9SJrmZJrPH
i+fgPG7iKMkR0SizTng5lsxHjwOHyM378WcuRrXD47XZX3BedK09E04fnBWb0zAR
rffXsYsDeqfQxqgS8t7x0yUiGxIHRavK/DIde15dHvV+C9aSY2OKVcXVVd5+vNXX
NKZrm5/2wTCInwuQ5cEuzToM+rkkcRf1NnybytGHJUx5TAlMpoG/VEuzvC/oGBTc
ZKz7mgbnICoLO20EOF9M/RxnC5aKOLIMVcB7MM3M7CGeA8LC+y5tIb52U5oHfjMC
msIZWwj0AIZKVC0rfUSmoJvsHCqiBvg5aguEgnp7Vm+V
-----END CERTIFICATE-----