Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/BUoznOq285k985myy549OC3icWQ.roa
File:                     BUoznOq285k985myy549OC3icWQ.roa (raw, json)
Hash identifier:          UVEejAEaRysj/ObMC3K6rxLk8+lcKmoDYftuyJDF9aY=
Subject key identifier:   05:4A:33:9C:EA:B6:F3:99:3D:F3:99:B2:CB:9E:3D:38:2D:E2:71:64
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196CD3F2A7D5835259694FF89970677FFB0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/BUoznOq285k985myy549OC3icWQ.roa
Signing time:             Wed 14 May 2025 05:23:11 +0000
ROA not before:           Wed 14 May 2025 05:23:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214055
IP address blocks:        151.242.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:3f:2a:7d:58:35:25:96:94:ff:89:97:06:77:ff:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 14 05:23:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=054a339ceab6f3993df399b2cb9e3d382de27164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c2:b5:68:0f:35:91:0e:ce:7d:cd:6b:dd:3f:
                    05:5b:8b:7f:b9:bb:8b:dc:2f:a8:6a:ed:a0:0c:81:
                    39:28:7f:78:87:3c:83:d1:f5:8c:ce:7d:3a:1e:09:
                    d1:03:3a:90:da:07:22:5c:96:17:61:5f:19:80:1c:
                    24:cf:13:f3:19:63:75:ec:b5:d7:ec:78:a3:5f:e8:
                    d5:94:46:80:65:5c:ca:63:07:01:c2:0c:9b:a4:1a:
                    aa:03:90:a2:07:c2:2b:a8:65:32:24:db:b4:5b:84:
                    17:04:f5:bf:4e:4e:f4:8d:91:a8:f9:be:84:0a:02:
                    16:71:33:8a:7b:3a:e6:f7:7a:a5:09:72:0b:ba:41:
                    43:15:a3:13:17:cc:68:cc:71:92:27:3f:a2:7b:eb:
                    33:4b:a2:7d:22:ad:24:1f:9c:2f:7f:41:d8:f1:35:
                    4a:53:56:50:b3:5b:6a:f0:46:f1:76:c3:28:94:44:
                    ca:84:39:21:0d:3c:8e:59:22:37:a9:dd:57:6c:85:
                    4e:16:9f:2d:da:a7:24:c1:7f:24:69:7e:33:0a:b1:
                    16:7b:20:b3:07:0a:7d:c2:c8:65:03:1e:c3:8d:14:
                    d1:7c:19:92:54:2f:01:59:a5:12:2b:b0:60:76:6d:
                    cf:70:b2:a8:5b:e1:7d:37:65:fd:69:ff:58:c3:33:
                    b6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:4A:33:9C:EA:B6:F3:99:3D:F3:99:B2:CB:9E:3D:38:2D:E2:71:64
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/BUoznOq285k985myy549OC3icWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:1e:9c:87:0e:7f:49:9c:7d:32:9d:58:16:f3:5d:8f:8e:8c:
         20:30:25:e4:07:d1:ed:34:f1:d2:a1:6c:d9:b0:fa:fa:e3:45:
         bd:dc:52:45:b5:17:87:6a:5a:b6:c0:d1:23:16:9d:10:f9:08:
         90:5f:8a:a8:d3:84:ac:c6:f1:ae:e5:99:26:3e:42:46:cc:a9:
         a7:49:8c:63:ec:2e:29:2f:cc:57:a1:5d:42:17:2e:e9:0e:55:
         85:be:70:8a:ff:4b:cb:91:4d:4c:60:86:47:ec:ee:7b:a8:3e:
         68:dd:89:da:e3:c5:8a:60:b9:46:93:98:26:a5:3c:59:0d:42:
         f7:e5:b1:f3:d0:0f:b7:38:6a:4a:9a:fe:30:7a:bb:3b:1b:c2:
         f2:08:48:d3:b0:a7:20:a7:27:7c:e5:2d:12:f0:a6:94:cd:98:
         ae:c3:c5:a2:96:6e:22:6b:84:d3:31:41:f2:b2:4c:bc:25:a2:
         0b:68:d9:4e:c9:9c:17:25:fa:99:5a:a7:f5:25:55:11:52:86:
         92:07:e9:26:1a:b6:0a:4d:ec:25:38:b0:60:57:69:c4:3a:b8:
         ba:a6:08:e4:a0:d2:4c:0f:69:77:7c:0d:0a:cb:6d:b8:de:c4:
         21:68:2f:90:7d:34:2e:f0:ff:93:b2:cc:3d:f9:00:2d:24:e6:
         9a:41:04:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbNPyp9WDUllpT/iZcGd/+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE0MDUyMzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTRhMzM5Y2VhYjZmMzk5M2RmMzk5YjJjYjllM2QzODJkZTI3MTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28K1aA81kQ7Ofc1r3T8FW4t/ubuL
3C+oau2gDIE5KH94hzyD0fWMzn06HgnRAzqQ2gciXJYXYV8ZgBwkzxPzGWN17LXX
7HijX+jVlEaAZVzKYwcBwgybpBqqA5CiB8IrqGUyJNu0W4QXBPW/Tk70jZGo+b6E
CgIWcTOKezrm93qlCXILukFDFaMTF8xozHGSJz+ie+szS6J9Iq0kH5wvf0HY8TVK
U1ZQs1tq8EbxdsMolETKhDkhDTyOWSI3qd1XbIVOFp8t2qckwX8kaX4zCrEWeyCz
Bwp9wshlAx7DjRTRfBmSVC8BWaUSK7Bgdm3PcLKoW+F9N2X9af9YwzO2PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVKM5zqtvOZPfOZssuePTgt4nFkMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQlVvem5PcTI4NWs5ODVteXk1NDlPQzNpY1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JUMA0G
CSqGSIb3DQEBCwUAA4IBAQB6HpyHDn9JnH0ynVgW812PjowgMCXkB9HtNPHSoWzZ
sPr640W93FJFtReHalq2wNEjFp0Q+QiQX4qo04SsxvGu5ZkmPkJGzKmnSYxj7C4p
L8xXoV1CFy7pDlWFvnCK/0vLkU1MYIZH7O57qD5o3Yna48WKYLlGk5gmpTxZDUL3
5bHz0A+3OGpKmv4wers7G8LyCEjTsKcgpyd85S0S8KaUzZiuw8Wilm4ia4TTMUHy
sky8JaILaNlOyZwXJfqZWqf1JVURUoaSB+kmGrYKTewlOLBgV2nEOri6pgjkoNJM
D2l3fA0Ky2243sQhaC+QfTQu8P+Tssw9+QAtJOaaQQRF
-----END CERTIFICATE-----