Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/C-E0yb3YDqm0anyoFyzTZM47HIM.roa
File:                     C-E0yb3YDqm0anyoFyzTZM47HIM.roa (raw, json)
Hash identifier:          +WE0U35qBPhhSg6r4LRuVZvwbmZS4Ue0tP6KBDfVPug=
Subject key identifier:   0B:E1:34:C9:BD:D8:0E:A9:B4:6A:7C:A8:17:2C:D3:64:CE:3B:1C:83
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D13E1D54A06D8406E3111E8661C4F364
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/C-E0yb3YDqm0anyoFyzTZM47HIM.roa
Signing time:             Fri 22 Aug 2025 10:06:05 +0000
ROA not before:           Fri 22 Aug 2025 10:06:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205548
IP address blocks:        151.243.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:3e:1d:54:a0:6d:84:06:e3:11:1e:86:61:c4:f3:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 22 10:06:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0be134c9bdd80ea9b46a7ca8172cd364ce3b1c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:54:03:ad:53:90:cf:8f:0f:cd:e2:6c:72:2c:
                    d6:65:48:15:a0:c7:64:14:03:9a:0b:76:65:fa:98:
                    99:ad:06:a0:77:3e:8c:d3:1c:2c:f8:33:56:47:1e:
                    3e:c5:8c:5d:58:1e:d7:d3:c0:f7:27:47:64:9b:93:
                    76:9d:01:a0:66:68:2c:d4:68:57:7c:be:a3:9a:4e:
                    0f:ae:08:59:9b:de:40:a1:cc:fa:24:45:12:72:4e:
                    92:06:e5:c4:9e:5c:94:38:cd:ee:ab:0b:21:2f:10:
                    24:c7:d0:4a:0e:68:15:d7:d9:6d:4a:ba:c3:c3:59:
                    ad:aa:92:39:26:4a:71:ce:2d:5d:b0:fa:9f:85:2f:
                    5f:f6:e9:5b:e9:6b:e3:a1:45:25:76:9e:2c:04:59:
                    2a:ec:43:12:3f:73:d8:93:34:14:ef:e6:43:09:19:
                    9b:c1:de:2e:78:3f:a5:a8:7c:5b:fa:45:64:9a:61:
                    8b:3d:64:e2:c9:d8:30:6e:1b:be:03:55:06:c2:40:
                    86:16:e5:fb:be:2c:85:ae:ec:5d:97:55:6c:3c:f2:
                    b2:ed:25:bd:a9:9c:b1:bd:7b:28:4d:3d:92:43:fc:
                    92:15:a5:3c:49:2d:cc:fb:f4:c5:61:a9:b4:88:2a:
                    81:2c:d3:02:86:b9:b0:23:d0:68:b7:6b:c3:2b:17:
                    a4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E1:34:C9:BD:D8:0E:A9:B4:6A:7C:A8:17:2C:D3:64:CE:3B:1C:83
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/C-E0yb3YDqm0anyoFyzTZM47HIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:d3:16:55:b9:04:9a:fc:4a:e4:80:0f:f7:1e:0e:f5:37:bb:
         b3:19:18:be:ce:0f:95:92:6f:a3:f1:27:60:f3:f4:29:59:31:
         fb:25:1a:68:0c:61:03:d5:5b:5e:b4:8a:df:c4:a6:3c:a1:21:
         5b:d5:9a:26:ea:06:f6:33:9e:25:be:2a:28:87:9a:3a:94:34:
         5f:d0:aa:8a:96:72:55:c6:bd:6b:ae:5e:ca:c9:c7:04:88:f1:
         57:06:7b:dc:19:b8:d6:c4:98:73:01:f8:b3:92:e5:a7:df:36:
         12:94:09:c4:6d:52:02:4a:fd:00:dc:65:d5:5b:31:8b:36:1f:
         64:d2:39:72:24:74:76:ad:31:c5:45:5e:97:43:69:aa:84:f0:
         a1:dd:e0:13:71:be:65:d3:bf:44:4c:b4:52:da:89:b1:8e:77:
         3f:fe:43:a1:12:bb:c8:66:5c:07:aa:2a:7b:86:f6:35:77:45:
         e4:47:a9:f8:d2:31:86:e3:80:80:41:ea:c6:17:bd:64:c3:13:
         ab:d2:6e:c6:b2:68:43:fc:60:ee:b2:15:f3:3a:d8:52:c4:41:
         64:93:2c:b7:14:29:9c:d2:ff:90:5e:f1:b2:bc:44:16:92:c2:
         8e:49:2a:53:89:b8:60:f4:ce:94:e6:74:39:8d:95:2a:ab:37:
         34:5b:6b:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRPh1UoG2EBuMRHoZhxPNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTAwNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmUxMzRjOWJkZDgwZWE5YjQ2YTdjYTgxNzJjZDM2NGNlM2IxYzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFQDrVOQz48PzeJscizWZUgVoMdk
FAOaC3Zl+piZrQagdz6M0xws+DNWRx4+xYxdWB7X08D3J0dkm5N2nQGgZmgs1GhX
fL6jmk4PrghZm95Aocz6JEUSck6SBuXEnlyUOM3uqwshLxAkx9BKDmgV19ltSrrD
w1mtqpI5Jkpxzi1dsPqfhS9f9ulb6WvjoUUldp4sBFkq7EMSP3PYkzQU7+ZDCRmb
wd4ueD+lqHxb+kVkmmGLPWTiydgwbhu+A1UGwkCGFuX7viyFruxdl1VsPPKy7SW9
qZyxvXsoTT2SQ/ySFaU8SS3M+/TFYam0iCqBLNMChrmwI9Bot2vDKxekJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvhNMm92A6ptGp8qBcs02TOOxyDMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQy1FMHliM1lEcW0wYW55b0Z5elRaTTQ3SElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/PlMA0G
CSqGSIb3DQEBCwUAA4IBAQC00xZVuQSa/ErkgA/3Hg71N7uzGRi+zg+Vkm+j8Sdg
8/QpWTH7JRpoDGED1VtetIrfxKY8oSFb1Zom6gb2M54lviooh5o6lDRf0KqKlnJV
xr1rrl7KyccEiPFXBnvcGbjWxJhzAfizkuWn3zYSlAnEbVICSv0A3GXVWzGLNh9k
0jlyJHR2rTHFRV6XQ2mqhPCh3eATcb5l079ETLRS2omxjnc//kOhErvIZlwHqip7
hvY1d0XkR6n40jGG44CAQerGF71kwxOr0m7GsmhD/GDushXzOthSxEFkkyy3FCmc
0v+QXvGyvEQWksKOSSpTibhg9M6U5nQ5jZUqqzc0W2uA
-----END CERTIFICATE-----