Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ea3F5t2lF8AnVT6hlA7iBLwXo1Q.roa
File:                     Ea3F5t2lF8AnVT6hlA7iBLwXo1Q.roa (raw, json)
Hash identifier:          uLWviLuwv2kfz3gnJcP8SbhAWjyvsFB80yoY4REUVz8=
Subject key identifier:   11:AD:C5:E6:DD:A5:17:C0:27:55:3E:A1:94:0E:E2:04:BC:17:A3:54
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196C9CF5900338C803A14474CF8DC81F491
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ea3F5t2lF8AnVT6hlA7iBLwXo1Q.roa
Signing time:             Tue 13 May 2025 13:22:11 +0000
ROA not before:           Tue 13 May 2025 13:22:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        151.242.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:cf:59:00:33:8c:80:3a:14:47:4c:f8:dc:81:f4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 13 13:22:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11adc5e6dda517c027553ea1940ee204bc17a354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:17:6e:5f:60:e5:b3:ac:19:0f:de:d7:72:3c:
                    27:94:fa:8a:63:40:3b:00:17:b2:dd:45:9b:ed:e8:
                    51:d3:f3:13:12:25:de:0f:5b:00:8d:ab:48:82:6a:
                    f5:bd:dd:6d:f5:58:70:6a:7c:11:82:5d:e1:d1:d5:
                    ca:da:cd:38:4c:0b:1c:c9:16:f7:f0:72:11:e0:8d:
                    e7:93:ad:01:00:d5:50:e8:28:e0:7a:c9:d6:5b:8a:
                    d8:dc:6a:f7:9e:80:ce:2b:5d:1f:a3:5e:18:b9:f3:
                    4a:51:2f:e3:71:71:ff:70:99:46:91:34:56:7a:b8:
                    26:71:5d:32:bf:4a:4c:dc:c9:0d:80:23:22:88:c0:
                    2a:05:31:38:70:d1:50:92:1f:b9:bc:44:18:af:a5:
                    b7:41:a3:42:93:9c:37:0b:38:4e:3e:44:d9:ed:4f:
                    91:81:15:29:84:73:4d:5b:b3:5c:54:a4:8a:a9:aa:
                    7a:ca:30:aa:d0:93:e3:d1:0b:78:85:ae:e2:26:58:
                    d7:d5:da:38:46:ac:ca:3d:c0:bb:af:3f:5b:e0:33:
                    17:c2:9d:04:54:94:e7:68:c1:45:89:26:da:7b:27:
                    11:2a:d9:be:d6:a7:ea:6a:fe:86:f8:87:7c:f4:31:
                    de:ad:f4:6f:ae:71:d0:3d:6d:d9:7b:67:08:68:55:
                    7e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:AD:C5:E6:DD:A5:17:C0:27:55:3E:A1:94:0E:E2:04:BC:17:A3:54
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ea3F5t2lF8AnVT6hlA7iBLwXo1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:2a:bc:d7:56:df:f9:ae:c8:58:ab:df:20:6c:8b:59:02:cb:
         07:ff:50:47:17:95:ec:a3:4c:b8:4f:bd:58:ef:f0:ba:bc:99:
         a6:32:ab:84:a0:a7:46:d3:ea:0f:c8:07:95:de:ed:96:a6:8a:
         5d:69:56:35:28:d9:a9:7c:6b:04:52:12:54:cf:f5:63:7c:63:
         32:32:a9:b1:68:3b:a8:4e:76:3f:ba:af:b6:97:7e:17:5c:36:
         ca:36:45:27:86:90:cd:23:34:ee:85:93:21:1b:f9:40:5c:27:
         5f:c6:03:85:bd:24:8c:ac:43:38:29:56:f8:d8:df:9b:88:18:
         62:18:f1:7c:14:43:cb:18:58:14:01:23:c6:65:fc:22:ba:7e:
         0c:b4:30:f9:12:49:eb:8a:9c:a6:bf:79:e6:49:f9:bb:e5:a1:
         4e:99:df:f5:75:04:25:9d:5e:b8:a8:81:37:49:ad:c7:f0:1a:
         7c:aa:1a:47:90:6e:2c:51:20:a9:a4:95:da:f6:9b:e8:0d:6f:
         7a:5c:ee:7e:88:9e:fc:fe:f4:13:60:13:fe:39:ce:69:80:ae:
         a9:bb:48:4d:50:88:de:7a:eb:1f:5b:7c:4a:e6:a2:a4:30:5e:
         bf:1a:60:84:a2:f3:b8:63:d1:da:50:f3:6c:69:46:8b:7d:ce:
         c4:26:5b:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJz1kAM4yAOhRHTPjcgfSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTEzMTMyMjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWFkYzVlNmRkYTUxN2MwMjc1NTNlYTE5NDBlZTIwNGJjMTdhMzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhduX2Dls6wZD97XcjwnlPqKY0A7
ABey3UWb7ehR0/MTEiXeD1sAjatIgmr1vd1t9VhwanwRgl3h0dXK2s04TAscyRb3
8HIR4I3nk60BANVQ6CjgesnWW4rY3Gr3noDOK10fo14YufNKUS/jcXH/cJlGkTRW
ergmcV0yv0pM3MkNgCMiiMAqBTE4cNFQkh+5vEQYr6W3QaNCk5w3CzhOPkTZ7U+R
gRUphHNNW7NcVKSKqap6yjCq0JPj0Qt4ha7iJljX1do4RqzKPcC7rz9b4DMXwp0E
VJTnaMFFiSbaeycRKtm+1qfqav6G+Id89DHerfRvrnHQPW3Ze2cIaFV+5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGtxebdpRfAJ1U+oZQO4gS8F6NUMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRWEzRjV0MmxGOEFuVlQ2aGxBN2lCTHdYbzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JWMA0G
CSqGSIb3DQEBCwUAA4IBAQBUKrzXVt/5rshYq98gbItZAssH/1BHF5Xso0y4T71Y
7/C6vJmmMquEoKdG0+oPyAeV3u2WpopdaVY1KNmpfGsEUhJUz/VjfGMyMqmxaDuo
TnY/uq+2l34XXDbKNkUnhpDNIzTuhZMhG/lAXCdfxgOFvSSMrEM4KVb42N+biBhi
GPF8FEPLGFgUASPGZfwiun4MtDD5Eknripymv3nmSfm75aFOmd/1dQQlnV64qIE3
Sa3H8Bp8qhpHkG4sUSCppJXa9pvoDW96XO5+iJ78/vQTYBP+Oc5pgK6pu0hNUIje
eusfW3xK5qKkMF6/GmCEovO4Y9HaUPNsaUaLfc7EJlvF
-----END CERTIFICATE-----