Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/BRLrr1i36PywFKqSDuzjtwrxjFI.roa
File:                     BRLrr1i36PywFKqSDuzjtwrxjFI.roa (raw, json)
Hash identifier:          qLIUYHFXBZByY8sfR/H+kWTVa9zBlFbwNxa4GGOK/Sw=
Subject key identifier:   05:12:EB:AF:58:B7:E8:FC:B0:14:AA:92:0E:EC:E3:B7:0A:F1:8C:52
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198BBB6A311B13E5D5FCA30830340368CCD
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/BRLrr1i36PywFKqSDuzjtwrxjFI.roa
Signing time:             Mon 18 Aug 2025 05:46:05 +0000
ROA not before:           Mon 18 Aug 2025 05:46:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        151.243.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bb:b6:a3:11:b1:3e:5d:5f:ca:30:83:03:40:36:8c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 18 05:46:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0512ebaf58b7e8fcb014aa920eece3b70af18c52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a4:d2:c6:0d:a9:98:c4:22:b7:7e:1d:b8:21:
                    83:ae:3f:34:b0:17:5f:3b:28:ec:d3:11:8e:60:27:
                    db:a1:e9:79:17:53:3f:5e:b2:b0:7f:3e:a8:bc:32:
                    e9:70:29:26:fd:f7:69:f7:60:b4:c4:13:50:6c:65:
                    80:38:31:f7:79:b4:3a:2b:0d:f2:5b:a7:9f:4c:8c:
                    d9:b5:fe:b8:f4:c2:81:cd:29:75:9a:0e:0f:42:14:
                    2a:f0:f5:82:62:ea:2a:51:d8:76:6f:5e:b9:e5:8f:
                    82:e3:98:1c:f4:55:69:0b:03:9f:2c:39:8d:92:1b:
                    27:de:0c:f7:f8:4a:46:06:76:e8:01:92:4c:1a:5f:
                    8b:04:a4:71:aa:fe:c4:48:d1:60:92:56:99:82:d7:
                    45:c4:5e:53:15:cf:5f:f6:9d:e3:66:27:9a:39:ca:
                    62:f0:ff:4d:d8:af:cf:a3:f4:5b:6c:b7:61:50:c3:
                    7c:26:26:31:ff:23:7a:ac:f1:33:b6:5a:f5:e7:2e:
                    b6:41:51:ea:9e:74:b2:df:be:44:d5:ea:c8:8e:89:
                    11:02:fa:07:30:07:0f:1a:e9:81:a4:7c:8b:b4:ac:
                    e4:bd:f7:94:cb:c4:be:40:4f:a6:e3:9d:8c:e2:ad:
                    ee:63:bf:92:e3:7c:19:58:4a:9b:d9:9b:e1:75:82:
                    e8:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:12:EB:AF:58:B7:E8:FC:B0:14:AA:92:0E:EC:E3:B7:0A:F1:8C:52
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/BRLrr1i36PywFKqSDuzjtwrxjFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:71:e7:eb:f2:59:90:a4:17:37:5d:7a:b0:62:47:fd:06:8a:
         95:fd:54:6a:f8:9f:3b:a4:a4:f1:ab:c6:51:40:d5:bf:9b:4b:
         2c:a2:c5:ce:bf:3a:bd:5e:71:1d:c6:64:32:7c:cc:ac:e6:7e:
         bc:11:bd:b0:d3:25:72:96:11:60:2d:de:19:bb:a1:c4:2a:ee:
         aa:54:10:8c:cb:08:f7:cc:16:ea:58:cb:d2:a9:6b:27:28:0f:
         0c:2d:6c:73:e5:98:02:04:d6:5c:d3:2e:38:ca:59:b9:e7:46:
         19:76:e9:14:e2:e4:44:e6:35:ac:ca:f4:46:b4:88:85:10:3c:
         1d:40:ff:92:a0:4b:8a:9e:7b:2a:51:4f:31:a8:b3:d0:2e:68:
         f6:59:48:82:82:02:a9:52:59:93:eb:72:c0:2f:9e:ef:34:aa:
         98:58:a8:96:63:bf:1f:2f:82:24:b0:e4:ab:d2:88:9a:a5:fc:
         15:54:7c:f2:2a:ae:a9:e0:d2:d4:fa:6d:de:3c:90:56:fc:1c:
         b3:96:76:e4:b3:4f:4d:66:7f:34:c1:2a:26:d8:50:1a:2b:9d:
         da:95:92:4a:01:03:86:9c:49:b6:8e:5a:c5:af:74:e0:1a:c9:
         ae:c4:5b:7f:70:0f:15:b3:5f:66:0b:b3:ab:b6:33:26:13:af:
         94:41:ac:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi7tqMRsT5dX8owgwNANozNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODE4MDU0NjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTEyZWJhZjU4YjdlOGZjYjAxNGFhOTIwZWVjZTNiNzBhZjE4YzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqTSxg2pmMQit34duCGDrj80sBdf
Oyjs0xGOYCfboel5F1M/XrKwfz6ovDLpcCkm/fdp92C0xBNQbGWAODH3ebQ6Kw3y
W6efTIzZtf649MKBzSl1mg4PQhQq8PWCYuoqUdh2b1655Y+C45gc9FVpCwOfLDmN
khsn3gz3+EpGBnboAZJMGl+LBKRxqv7ESNFgklaZgtdFxF5TFc9f9p3jZieaOcpi
8P9N2K/Po/RbbLdhUMN8JiYx/yN6rPEztlr15y62QVHqnnSy375E1erIjokRAvoH
MAcPGumBpHyLtKzkvfeUy8S+QE+m452M4q3uY7+S43wZWEqb2ZvhdYLogwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUS669Yt+j8sBSqkg7s47cK8YxSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQlJMcnIxaTM2UHl3RktxU0R1emp0d3J4akZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/OAMA0G
CSqGSIb3DQEBCwUAA4IBAQBzcefr8lmQpBc3XXqwYkf9BoqV/VRq+J87pKTxq8ZR
QNW/m0ssosXOvzq9XnEdxmQyfMys5n68Eb2w0yVylhFgLd4Zu6HEKu6qVBCMywj3
zBbqWMvSqWsnKA8MLWxz5ZgCBNZc0y44ylm550YZdukU4uRE5jWsyvRGtIiFEDwd
QP+SoEuKnnsqUU8xqLPQLmj2WUiCggKpUlmT63LAL57vNKqYWKiWY78fL4IksOSr
0oiapfwVVHzyKq6p4NLU+m3ePJBW/Byzlnbks09NZn80wSom2FAaK53alZJKAQOG
nEm2jlrFr3TgGsmuxFt/cA8Vs19mC7OrtjMmE6+UQawJ
-----END CERTIFICATE-----