Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Axe3sasShMi-PVtH_aKYsY189xs.roa
File:                     Axe3sasShMi-PVtH_aKYsY189xs.roa (raw, json)
Hash identifier:          04e6wkQUdTZzJdkzC/H/qFR/BOxwPplyRqNqxCsbbfU=
Subject key identifier:   03:17:B7:B1:AB:12:84:C8:BE:3D:5B:47:FD:A2:98:B1:8D:7C:F7:1B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01987DAB88A35115209304AA8DE3AB2A7B89
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Axe3sasShMi-PVtH_aKYsY189xs.roa
Signing time:             Wed 06 Aug 2025 04:37:30 +0000
ROA not before:           Wed 06 Aug 2025 04:37:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21840
IP address blocks:        151.241.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7d:ab:88:a3:51:15:20:93:04:aa:8d:e3:ab:2a:7b:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  6 04:37:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0317b7b1ab1284c8be3d5b47fda298b18d7cf71b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b1:b4:46:45:90:09:b3:55:92:e3:27:33:35:
                    80:fb:c8:81:7c:00:6f:4c:41:d4:ca:ca:1e:76:77:
                    16:21:ef:fb:f4:08:d3:8f:4a:ae:2e:3e:77:56:99:
                    d4:de:c2:04:15:6f:03:c2:98:61:b8:a1:a0:68:80:
                    0e:66:e4:01:b9:42:d8:b2:41:77:3f:65:98:9c:3f:
                    1a:4a:7c:86:17:e9:15:a4:6b:31:eb:eb:0c:8d:3e:
                    32:40:dc:99:16:35:c5:1f:7b:45:a7:41:ec:aa:30:
                    a2:62:43:3b:22:98:32:50:47:8e:de:50:b9:d3:2b:
                    f0:07:fe:77:58:75:5a:af:d5:1b:23:98:ed:42:d9:
                    c7:cf:e2:60:57:31:34:f7:4a:f8:51:77:81:06:3e:
                    24:87:5d:e5:f2:42:29:bf:ab:ca:97:d3:ff:e5:65:
                    af:5a:04:c7:12:80:f8:76:34:ac:06:ff:d3:0e:a9:
                    97:f9:ae:da:0f:5b:89:38:30:ee:a1:9e:54:78:8a:
                    98:6f:19:86:57:08:e8:37:13:b7:05:03:66:d9:d1:
                    11:c2:ec:bd:4d:7f:94:88:96:6a:25:95:e0:c3:c9:
                    cd:12:ff:f2:f3:72:e5:8e:34:08:7a:da:db:71:5f:
                    d0:85:49:53:dc:fa:2e:d1:8d:be:6a:3a:0d:36:38:
                    28:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:17:B7:B1:AB:12:84:C8:BE:3D:5B:47:FD:A2:98:B1:8D:7C:F7:1B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Axe3sasShMi-PVtH_aKYsY189xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:a1:89:b9:9a:e9:6b:20:c3:e9:51:0f:cc:51:c9:c2:a6:50:
         c8:90:6b:27:96:64:76:63:45:c6:32:ca:75:80:33:af:ec:ca:
         36:47:f2:2d:2a:6d:0d:6f:bd:cc:83:40:1b:a8:e6:b7:ec:61:
         83:01:82:c1:dc:32:a5:18:24:09:ae:f8:6d:b4:a9:57:b1:f3:
         bc:ea:fb:19:e6:be:31:96:38:b2:db:7d:c5:3c:d8:44:16:00:
         5c:f1:5b:cc:bb:36:59:95:8a:2b:e8:11:5c:65:41:16:ef:a8:
         1e:d1:41:99:1b:1b:a5:78:16:43:d2:19:9f:48:2d:17:21:32:
         21:cd:b7:90:e1:6c:8e:2f:36:2f:4c:40:6e:24:8a:d2:a2:72:
         03:76:ef:a7:1f:bd:75:3e:df:59:9d:d7:97:5f:d6:04:ee:d6:
         e0:1b:ef:44:7d:46:92:fe:7a:d8:fd:86:77:d7:12:c9:18:98:
         fc:12:27:bc:11:f2:43:5a:49:7f:16:1f:f2:63:bd:48:f6:03:
         e4:84:dd:cf:80:86:c5:ca:41:4a:37:7c:90:bc:d5:ed:14:59:
         99:df:a8:cc:f4:89:9b:4a:fb:fb:76:a7:66:ec:16:e4:67:39:
         10:c8:0d:07:25:6f:83:25:df:85:a1:81:32:ba:e8:5b:4c:05:
         1c:ac:05:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh9q4ijURUgkwSqjeOrKnuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODA2MDQzNzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzE3YjdiMWFiMTI4NGM4YmUzZDViNDdmZGEyOThiMThkN2NmNzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbG0RkWQCbNVkuMnMzWA+8iBfABv
TEHUysoedncWIe/79AjTj0quLj53VpnU3sIEFW8DwphhuKGgaIAOZuQBuULYskF3
P2WYnD8aSnyGF+kVpGsx6+sMjT4yQNyZFjXFH3tFp0HsqjCiYkM7IpgyUEeO3lC5
0yvwB/53WHVar9UbI5jtQtnHz+JgVzE090r4UXeBBj4kh13l8kIpv6vKl9P/5WWv
WgTHEoD4djSsBv/TDqmX+a7aD1uJODDuoZ5UeIqYbxmGVwjoNxO3BQNm2dERwuy9
TX+UiJZqJZXgw8nNEv/y83LljjQIetrbcV/QhUlT3Pou0Y2+ajoNNjgoEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMXt7GrEoTIvj1bR/2imLGNfPcbMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQXhlM3Nhc1NoTWktUFZ0SF9hS1lzWTE4OXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/FeMA0G
CSqGSIb3DQEBCwUAA4IBAQBxoYm5mulrIMPpUQ/MUcnCplDIkGsnlmR2Y0XGMsp1
gDOv7Mo2R/ItKm0Nb73Mg0AbqOa37GGDAYLB3DKlGCQJrvhttKlXsfO86vsZ5r4x
ljiy233FPNhEFgBc8VvMuzZZlYor6BFcZUEW76ge0UGZGxuleBZD0hmfSC0XITIh
zbeQ4WyOLzYvTEBuJIrSonIDdu+nH711Pt9ZndeXX9YE7tbgG+9EfUaS/nrY/YZ3
1xLJGJj8Eie8EfJDWkl/Fh/yY71I9gPkhN3PgIbFykFKN3yQvNXtFFmZ36jM9Imb
Svv7dqdm7BbkZzkQyA0HJW+DJd+FoYEyuuhbTAUcrAX6
-----END CERTIFICATE-----