Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/E49G6CAvZtWZFyNja93Hw2pZoMw.roa
File:                     E49G6CAvZtWZFyNja93Hw2pZoMw.roa (raw, json)
Hash identifier:          BnFsao/2gkM7lCSYOZ7/uf9YgkMglkh/svc3aEDDkGU=
Subject key identifier:   13:8F:46:E8:20:2F:66:D5:99:17:23:63:6B:DD:C7:C3:6A:59:A0:CC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199A977C968901C2CCE730406F277AEAC71
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/E49G6CAvZtWZFyNja93Hw2pZoMw.roa
Signing time:             Fri 03 Oct 2025 09:47:03 +0000
ROA not before:           Fri 03 Oct 2025 09:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398493
IP address blocks:        151.244.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:77:c9:68:90:1c:2c:ce:73:04:06:f2:77:ae:ac:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct  3 09:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=138f46e8202f66d5991723636bddc7c36a59a0cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a2:9a:90:ad:6c:c7:fd:02:97:d8:5e:98:3f:
                    26:15:3d:f4:f8:52:15:8d:48:be:31:5e:57:b6:e3:
                    d4:2f:0c:6b:29:a0:49:66:e1:78:69:bb:2e:2c:27:
                    05:5f:f6:f8:6a:b4:e1:f2:c3:36:7e:23:e4:2d:15:
                    38:ec:2e:04:af:63:8a:0d:c4:cf:46:eb:1d:30:ad:
                    1c:d9:5f:80:fb:db:dc:11:0c:74:bb:7d:8a:2e:fc:
                    f6:68:e9:25:de:79:70:30:4a:7d:37:87:0e:fe:af:
                    e2:39:fd:b7:65:7d:cf:b5:0e:4b:4e:e1:c4:90:2f:
                    28:fb:55:fc:37:2a:15:fa:c2:c0:7b:30:9f:e5:c1:
                    3e:7e:bc:68:54:e1:f7:9b:98:a8:71:6b:31:27:6c:
                    ed:c4:45:79:2d:73:ff:66:2f:21:15:32:b7:37:5b:
                    3f:99:89:0a:99:0f:24:18:aa:f0:3e:c6:35:86:bb:
                    fd:90:f1:c4:3e:a0:ce:33:ab:7a:72:3b:6e:1d:78:
                    89:5a:16:f3:f5:ec:95:d8:ce:dd:4a:41:5c:96:78:
                    3c:ba:f2:2f:d1:2b:d8:25:4b:a9:d0:a3:bd:0c:87:
                    c3:c6:3b:01:9b:89:ba:c8:4c:34:9a:e0:7b:51:99:
                    25:04:c9:3a:80:3d:d9:1e:2f:db:bd:b8:15:3b:ec:
                    ca:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:8F:46:E8:20:2F:66:D5:99:17:23:63:6B:DD:C7:C3:6A:59:A0:CC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/E49G6CAvZtWZFyNja93Hw2pZoMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:39:7b:b1:ab:e3:2f:0d:80:21:4b:18:13:e4:3a:58:32:9b:
         c4:76:61:e5:a1:1a:21:bc:74:34:bb:b9:a4:46:eb:b3:07:76:
         57:12:ba:bf:93:f6:d0:ef:65:9e:59:e0:21:14:7d:75:fc:e1:
         f1:d3:98:72:1f:f6:5b:d1:e9:27:f5:ae:55:bf:e4:e8:41:12:
         3a:f5:8c:6c:58:ca:c1:24:5e:5d:a1:d9:ad:54:0d:16:6d:eb:
         0f:da:42:e5:f5:59:94:e2:a3:92:60:26:dc:ed:13:0d:9c:66:
         79:00:b3:8b:5d:19:bc:96:f2:ba:e4:6d:54:a9:22:48:33:a2:
         dc:6f:89:ef:e7:ab:95:16:4a:47:ae:d5:e4:bb:43:25:85:97:
         71:1c:d9:9d:75:34:a3:10:1c:d9:e6:dd:a3:ac:fd:91:73:38:
         51:5e:f3:ee:99:f1:8d:dd:61:cd:d1:0d:81:ec:7c:0d:4b:8a:
         ab:26:dd:31:50:20:03:a4:e7:47:34:06:bc:a7:c0:eb:c6:e2:
         29:11:b5:69:fc:55:60:d1:05:15:fb:a8:5b:e9:6f:44:1c:14:
         c5:be:53:14:43:5a:33:b2:ff:02:bd:de:5f:88:7d:67:ff:6b:
         10:79:eb:6a:13:5d:88:76:db:f3:2d:2f:63:87:b4:81:14:04:
         b5:e6:41:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmpd8lokBwsznMEBvJ3rqxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDAzMDk0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzhmNDZlODIwMmY2NmQ1OTkxNzIzNjM2YmRkYzdjMzZhNTlhMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qKakK1sx/0Cl9hemD8mFT30+FIV
jUi+MV5XtuPULwxrKaBJZuF4absuLCcFX/b4arTh8sM2fiPkLRU47C4Er2OKDcTP
RusdMK0c2V+A+9vcEQx0u32KLvz2aOkl3nlwMEp9N4cO/q/iOf23ZX3PtQ5LTuHE
kC8o+1X8NyoV+sLAezCf5cE+frxoVOH3m5iocWsxJ2ztxEV5LXP/Zi8hFTK3N1s/
mYkKmQ8kGKrwPsY1hrv9kPHEPqDOM6t6cjtuHXiJWhbz9eyV2M7dSkFclng8uvIv
0SvYJUup0KO9DIfDxjsBm4m6yEw0muB7UZklBMk6gD3ZHi/bvbgVO+zKcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOPRuggL2bVmRcjY2vdx8NqWaDMMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRTQ5RzZDQXZadFdaRnlOamE5M0h3MnBab013LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/TWMA0G
CSqGSIb3DQEBCwUAA4IBAQAOOXuxq+MvDYAhSxgT5DpYMpvEdmHloRohvHQ0u7mk
RuuzB3ZXErq/k/bQ72WeWeAhFH11/OHx05hyH/Zb0ekn9a5Vv+ToQRI69YxsWMrB
JF5dodmtVA0WbesP2kLl9VmU4qOSYCbc7RMNnGZ5ALOLXRm8lvK65G1UqSJIM6Lc
b4nv56uVFkpHrtXku0MlhZdxHNmddTSjEBzZ5t2jrP2RczhRXvPumfGN3WHN0Q2B
7HwNS4qrJt0xUCADpOdHNAa8p8DrxuIpEbVp/FVg0QUV+6hb6W9EHBTFvlMUQ1oz
sv8Cvd5fiH1n/2sQeetqE12IdtvzLS9jh7SBFAS15kFo
-----END CERTIFICATE-----