Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ETxncEAZL1FVWG606NbPnmizfUo.roa
File:                     ETxncEAZL1FVWG606NbPnmizfUo.roa (raw, json)
Hash identifier:          FL+n9FkaTaeb1vBbo/j55fedOQj2Gx75kErM8FctIwg=
Subject key identifier:   11:3C:67:70:40:19:2F:51:55:58:6E:B4:E8:D6:CF:9E:68:B3:7D:4A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D13C47168CA113F4014D875CAB89ABA1
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ETxncEAZL1FVWG606NbPnmizfUo.roa
Signing time:             Fri 22 Aug 2025 10:04:05 +0000
ROA not before:           Fri 22 Aug 2025 10:04:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136501
IP address blocks:        151.242.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:3c:47:16:8c:a1:13:f4:01:4d:87:5c:ab:89:ab:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 22 10:04:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=113c677040192f5155586eb4e8d6cf9e68b37d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f8:d5:f6:98:2a:dd:b7:54:76:d1:67:bb:90:
                    6f:c0:de:f6:a5:cc:e1:a0:38:b7:d5:93:d0:bc:5a:
                    c4:4f:13:bf:e7:91:d1:14:99:27:f4:b4:d8:9f:8c:
                    43:36:c1:90:72:31:8c:53:b2:c3:a2:96:f9:53:08:
                    b9:0e:e0:35:a6:e0:2d:f3:1e:85:e8:b4:e9:88:c5:
                    95:d1:fb:98:a2:db:97:59:f9:b5:af:30:dc:10:a2:
                    26:ec:6c:aa:34:c4:39:f6:06:03:95:43:20:dc:16:
                    fc:49:7a:77:82:bf:ef:e3:85:8d:60:36:25:f4:b5:
                    15:b0:fd:0e:28:17:01:73:f5:f8:6c:5b:85:ee:51:
                    10:17:64:7d:d2:72:8d:ce:6b:c2:60:be:5d:cf:72:
                    25:2c:8e:6b:09:ae:f0:dd:8a:43:75:78:40:e0:a3:
                    7e:0f:e8:d9:3a:b3:bd:30:10:1f:49:b4:92:a1:09:
                    05:97:c9:3e:1b:15:7a:a6:c5:64:65:4f:f1:a8:7f:
                    82:d5:bc:8b:ce:3d:6c:31:de:87:54:76:81:8d:fb:
                    c2:fa:c4:6e:c0:12:6b:36:a1:36:0a:9a:c1:51:a8:
                    0e:0d:a5:5a:62:6f:ce:86:90:47:e8:60:94:f5:8f:
                    11:7b:d9:44:bc:40:50:e3:58:45:c1:74:cb:71:bb:
                    e6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:3C:67:70:40:19:2F:51:55:58:6E:B4:E8:D6:CF:9E:68:B3:7D:4A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ETxncEAZL1FVWG606NbPnmizfUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:d0:22:45:42:f3:a3:87:45:c9:1c:61:c7:af:b4:d9:16:12:
         41:bf:1a:d4:73:a1:1d:09:7c:cd:ec:3d:ce:aa:00:ff:33:b0:
         86:c5:19:ae:0a:e8:11:44:3c:c2:00:51:5c:5b:57:25:04:6b:
         9e:de:6c:c9:21:63:01:fd:41:82:37:08:85:5a:fb:ed:3e:0f:
         55:67:ca:5d:e5:12:f6:a1:a1:bf:ba:a7:58:6a:4f:cc:38:dc:
         0a:bb:ad:fd:ef:84:51:36:ce:93:4d:fa:4b:7a:c8:40:c1:10:
         1a:0f:ea:88:76:a1:93:c7:dd:13:24:3d:31:c7:00:b9:8a:76:
         e0:a0:12:78:df:8f:ac:ba:3c:53:e4:bd:6c:b7:51:e8:63:1c:
         bb:91:07:f2:9f:90:91:7d:7e:42:f5:8c:73:45:31:a0:78:c2:
         d9:96:39:60:70:10:26:77:6f:cc:35:7d:6c:92:27:c3:f3:7b:
         a4:d0:a9:fb:42:a3:f1:11:12:bf:ca:27:bc:e9:b5:41:6c:2f:
         f8:a5:82:87:bc:68:bd:90:a0:55:52:61:68:f0:de:58:e0:74:
         70:41:aa:4b:bc:ef:8c:37:44:8f:4a:cf:d7:ed:e5:ae:b2:05:
         df:d5:b5:c7:f0:0c:3e:48:af:0e:de:c6:c9:02:45:ba:d5:25:
         be:96:89:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRPEcWjKET9AFNh1yriauhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTAwNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTNjNjc3MDQwMTkyZjUxNTU1ODZlYjRlOGQ2Y2Y5ZTY4YjM3ZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/jV9pgq3bdUdtFnu5BvwN72pczh
oDi31ZPQvFrETxO/55HRFJkn9LTYn4xDNsGQcjGMU7LDopb5Uwi5DuA1puAt8x6F
6LTpiMWV0fuYotuXWfm1rzDcEKIm7GyqNMQ59gYDlUMg3Bb8SXp3gr/v44WNYDYl
9LUVsP0OKBcBc/X4bFuF7lEQF2R90nKNzmvCYL5dz3IlLI5rCa7w3YpDdXhA4KN+
D+jZOrO9MBAfSbSSoQkFl8k+GxV6psVkZU/xqH+C1byLzj1sMd6HVHaBjfvC+sRu
wBJrNqE2CprBUagODaVaYm/OhpBH6GCU9Y8Re9lEvEBQ41hFwXTLcbvm9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBE8Z3BAGS9RVVhutOjWz55os31KMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRVR4bmNFQVpMMUZWV0c2MDZOYlBubWl6ZlVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/K0MA0G
CSqGSIb3DQEBCwUAA4IBAQBL0CJFQvOjh0XJHGHHr7TZFhJBvxrUc6EdCXzN7D3O
qgD/M7CGxRmuCugRRDzCAFFcW1clBGue3mzJIWMB/UGCNwiFWvvtPg9VZ8pd5RL2
oaG/uqdYak/MONwKu63974RRNs6TTfpLeshAwRAaD+qIdqGTx90TJD0xxwC5inbg
oBJ434+sujxT5L1st1HoYxy7kQfyn5CRfX5C9YxzRTGgeMLZljlgcBAmd2/MNX1s
kifD83uk0Kn7QqPxERK/yie86bVBbC/4pYKHvGi9kKBVUmFo8N5Y4HRwQapLvO+M
N0SPSs/X7eWusgXf1bXH8Aw+SK8O3sbJAkW61SW+lol+
-----END CERTIFICATE-----