Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DWtQe0wlj18yvGy9YniRLOpyszQ.roa
File:                     DWtQe0wlj18yvGy9YniRLOpyszQ.roa (raw, json)
Hash identifier:          k0Y53SLVGtBnXduYCc4N8pB3gASIcPnjsEw1IEtKxt0=
Subject key identifier:   0D:6B:50:7B:4C:25:8F:5F:32:BC:6C:BD:62:78:91:2C:EA:72:B3:34
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197737AD1C8D99E0D23ED58F599B1787773
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DWtQe0wlj18yvGy9YniRLOpyszQ.roa
Signing time:             Sun 15 Jun 2025 12:05:18 +0000
ROA not before:           Sun 15 Jun 2025 12:05:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214481
IP address blocks:        151.242.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:73:7a:d1:c8:d9:9e:0d:23:ed:58:f5:99:b1:78:77:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 15 12:05:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d6b507b4c258f5f32bc6cbd6278912cea72b334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d2:eb:0d:34:0e:d1:52:20:f5:d7:45:38:0e:
                    f8:73:60:19:16:3c:5b:89:5b:09:3a:ae:d2:6b:bd:
                    3e:63:47:29:1a:39:e0:68:74:4a:b5:6c:1d:12:0f:
                    36:8f:64:42:bc:ab:c4:19:4c:22:b8:4f:f0:d6:d1:
                    14:db:e0:85:b9:b1:3a:e4:72:84:6b:9b:18:cd:f0:
                    c1:71:90:ab:37:22:db:d5:0b:37:89:a0:23:7b:62:
                    01:6d:89:11:00:eb:cd:08:02:d6:02:6a:6f:d3:38:
                    8a:e1:61:fa:9b:c2:19:ed:14:6c:54:0b:ae:f6:8a:
                    9a:fa:dd:9c:4f:e8:71:48:e2:24:f4:b4:56:da:fc:
                    5d:c3:45:06:72:67:1e:68:b8:d5:fb:f1:8a:22:e5:
                    a3:b3:05:d0:d8:ba:12:8b:0b:1e:ed:5b:a7:6a:80:
                    f5:1d:f0:df:05:0e:f9:a7:7e:6d:6e:60:62:9f:0c:
                    29:ae:d6:ff:b5:93:84:0a:bf:92:05:c9:b2:d3:d2:
                    09:4a:9a:f2:0b:db:2a:2e:9a:b4:28:77:bf:06:e3:
                    89:34:b0:c5:b5:44:f3:dd:f3:23:f0:50:fb:34:dc:
                    90:de:33:a1:c5:e2:05:48:1c:17:1e:c5:37:2e:e2:
                    07:08:a6:e8:a3:09:24:c7:ca:c1:4e:b1:36:a9:02:
                    9c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:6B:50:7B:4C:25:8F:5F:32:BC:6C:BD:62:78:91:2C:EA:72:B3:34
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DWtQe0wlj18yvGy9YniRLOpyszQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b8:ea:6a:c7:f8:12:b0:4a:a5:84:5e:b3:88:03:0a:89:84:
         71:e8:4b:68:e4:a0:fb:af:18:f2:a1:79:23:a6:1b:02:d6:49:
         49:19:03:60:bd:47:11:60:c2:31:35:ee:d6:b9:d5:66:7b:5a:
         dc:fe:a5:41:31:85:1d:6f:b0:3c:ff:5f:0f:85:b4:6a:bb:e0:
         a2:1c:b4:9f:fa:95:b2:ca:2f:33:6a:e6:6c:44:e4:1d:22:95:
         dd:dd:e0:60:92:cd:01:27:59:7e:cf:13:cd:1a:0e:da:53:29:
         0c:d2:51:56:7b:aa:12:5b:63:90:2d:d2:71:30:3c:06:3b:19:
         10:58:27:50:5d:3f:d8:26:79:8d:77:4b:68:7b:ea:af:c8:23:
         37:8b:19:58:44:fe:03:65:f2:0e:09:1e:2d:b0:cd:d6:f0:b9:
         87:33:c5:17:b5:91:8e:a8:aa:94:60:5b:0a:e6:d4:5a:37:93:
         16:e6:1f:ff:af:bb:74:3e:c0:5d:47:b2:d0:b6:69:75:3c:56:
         d0:93:1c:48:33:a9:69:b3:32:cb:1a:63:f6:dd:dd:f7:17:a0:
         85:4d:ba:2a:80:20:f3:02:1a:2e:03:57:87:c7:3e:84:6b:d3:
         a8:9a:e5:ef:26:17:48:38:21:45:87:4a:e9:30:73:f3:54:61:
         6f:58:87:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdzetHI2Z4NI+1Y9ZmxeHdzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjE1MTIwNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDZiNTA3YjRjMjU4ZjVmMzJiYzZjYmQ2Mjc4OTEyY2VhNzJiMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNLrDTQO0VIg9ddFOA74c2AZFjxb
iVsJOq7Sa70+Y0cpGjngaHRKtWwdEg82j2RCvKvEGUwiuE/w1tEU2+CFubE65HKE
a5sYzfDBcZCrNyLb1Qs3iaAje2IBbYkRAOvNCALWAmpv0ziK4WH6m8IZ7RRsVAuu
9oqa+t2cT+hxSOIk9LRW2vxdw0UGcmceaLjV+/GKIuWjswXQ2LoSiwse7VunaoD1
HfDfBQ75p35tbmBinwwprtb/tZOECr+SBcmy09IJSpryC9sqLpq0KHe/BuOJNLDF
tUTz3fMj8FD7NNyQ3jOhxeIFSBwXHsU3LuIHCKboowkkx8rBTrE2qQKceQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1rUHtMJY9fMrxsvWJ4kSzqcrM0MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRFd0UWUwd2xqMTh5dkd5OVluaVJMT3B5c3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KFMA0G
CSqGSIb3DQEBCwUAA4IBAQCJuOpqx/gSsEqlhF6ziAMKiYRx6Eto5KD7rxjyoXkj
phsC1klJGQNgvUcRYMIxNe7WudVme1rc/qVBMYUdb7A8/18PhbRqu+CiHLSf+pWy
yi8zauZsROQdIpXd3eBgks0BJ1l+zxPNGg7aUykM0lFWe6oSW2OQLdJxMDwGOxkQ
WCdQXT/YJnmNd0toe+qvyCM3ixlYRP4DZfIOCR4tsM3W8LmHM8UXtZGOqKqUYFsK
5tRaN5MW5h//r7t0PsBdR7LQtml1PFbQkxxIM6lpszLLGmP23d33F6CFTboqgCDz
AhouA1eHxz6Ea9OomuXvJhdIOCFFh0rpMHPzVGFvWIfG
-----END CERTIFICATE-----