Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FBwUMxwLAqyplnhEbFUEcoq7mkg.roa
File:                     FBwUMxwLAqyplnhEbFUEcoq7mkg.roa (raw, json)
Hash identifier:          dBaYg4N5IOhBjFl1aDwa07FdvQdp6hxI5cmOmzQo2Vg=
Subject key identifier:   14:1C:14:33:1C:0B:02:AC:A9:96:78:44:6C:55:04:72:8A:BB:9A:48
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01989CBE7DE0F45257D2D374ECFFD0E0A443
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FBwUMxwLAqyplnhEbFUEcoq7mkg.roa
Signing time:             Tue 12 Aug 2025 05:26:26 +0000
ROA not before:           Tue 12 Aug 2025 05:26:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39855
IP address blocks:        151.240.155.0/24 maxlen: 24
                          151.247.202.0/24 maxlen: 24
                          151.247.203.0/24 maxlen: 24
                          151.247.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9c:be:7d:e0:f4:52:57:d2:d3:74:ec:ff:d0:e0:a4:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 12 05:26:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=141c14331c0b02aca99678446c5504728abb9a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:80:fb:eb:5c:57:36:99:98:f5:2b:f9:4a:f8:
                    e8:90:0c:e8:09:4d:70:19:9e:7d:bc:23:a9:26:64:
                    c6:3f:66:e5:fe:20:30:73:b2:75:2e:88:bd:65:1d:
                    38:b4:6d:10:f5:6c:f5:b6:0b:a7:e7:c4:92:b1:c1:
                    41:f5:2c:38:6c:af:67:3d:cc:19:46:1a:b4:5d:6c:
                    be:cf:9a:87:8c:92:3d:c6:f8:52:15:07:53:eb:56:
                    a0:bd:e3:50:d3:64:46:10:7e:01:fe:e4:05:6f:29:
                    8f:04:91:f8:a6:af:f0:df:31:6d:24:f0:16:31:3f:
                    c0:b6:3f:2a:e9:8f:ce:88:93:cc:d9:f9:8c:3f:ce:
                    78:f8:2d:b2:07:ef:fc:d6:4c:49:cd:be:65:84:da:
                    67:c0:87:89:9d:33:b2:3f:ab:16:7b:1a:d7:b8:83:
                    5b:86:24:f3:48:3d:65:e1:94:da:1f:d6:67:af:bf:
                    c7:69:30:50:95:bf:37:ef:95:3d:e5:24:fa:86:24:
                    b0:62:21:8e:b9:b2:a8:5a:4b:98:3e:66:e4:85:97:
                    6c:a4:57:89:97:69:df:12:b4:42:22:33:1b:55:84:
                    1a:1d:5c:3c:9b:41:23:44:1f:35:04:f7:31:3b:ea:
                    af:66:51:f8:36:0e:70:95:a0:fe:97:a7:fb:81:0d:
                    32:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1C:14:33:1C:0B:02:AC:A9:96:78:44:6C:55:04:72:8A:BB:9A:48
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FBwUMxwLAqyplnhEbFUEcoq7mkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.155.0/24
                  151.247.202.0-151.247.204.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:18:09:62:b8:27:c3:79:66:6f:e5:9e:51:c1:76:e5:ba:9e:
         66:5e:9e:09:bd:df:df:21:6c:bd:c3:1f:90:31:6c:00:84:b7:
         04:a4:84:3d:3c:95:73:2f:e1:f0:2d:d7:43:a2:55:d8:94:0a:
         54:65:bc:09:18:66:b2:f1:56:69:12:40:f9:d1:03:19:da:d9:
         34:47:b5:eb:8d:51:b7:e8:62:92:bf:e0:e9:22:c1:a0:02:2b:
         29:8f:fa:8b:e1:ff:a7:6d:e6:27:f2:99:c1:d6:90:9f:de:46:
         55:93:ae:c8:dc:22:26:7f:62:fe:20:a6:cd:bc:04:0e:95:09:
         a7:78:62:e1:b3:34:53:8f:83:3a:5b:8e:58:54:ff:5e:18:22:
         da:3d:ea:04:22:e5:d9:fd:d2:c5:fa:1e:32:46:e0:28:3c:a6:
         a8:bd:88:1c:ef:03:5b:22:ab:cb:db:25:dc:3c:25:22:0c:b5:
         ae:e6:cc:d4:f1:1a:0f:bc:e9:44:cd:2f:fe:68:8b:33:de:f7:
         37:98:49:df:8e:03:a6:b4:d5:69:c2:08:7a:d8:64:b2:5e:67:
         51:c8:d9:36:07:76:56:b0:47:39:20:0f:ba:36:8d:e3:1d:b1:
         cd:a3:49:84:ff:a4:c7:b8:15:8b:0a:16:80:2f:8d:ce:92:95:
         9c:e5:db:61
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZicvn3g9FJX0tN07P/Q4KRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODEyMDUyNjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDFjMTQzMzFjMGIwMmFjYTk5Njc4NDQ2YzU1MDQ3MjhhYmI5YTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YD761xXNpmY9Sv5SvjokAzoCU1w
GZ59vCOpJmTGP2bl/iAwc7J1Loi9ZR04tG0Q9Wz1tgun58SSscFB9Sw4bK9nPcwZ
Rhq0XWy+z5qHjJI9xvhSFQdT61agveNQ02RGEH4B/uQFbymPBJH4pq/w3zFtJPAW
MT/Atj8q6Y/OiJPM2fmMP854+C2yB+/81kxJzb5lhNpnwIeJnTOyP6sWexrXuINb
hiTzSD1l4ZTaH9Znr7/HaTBQlb8375U95ST6hiSwYiGOubKoWkuYPmbkhZdspFeJ
l2nfErRCIjMbVYQaHVw8m0EjRB81BPcxO+qvZlH4Ng5wlaD+l6f7gQ0yoQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBQcFDMcCwKsqZZ4RGxVBHKKu5pIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRkJ3VU14d0xBcXlwbG5oRWJGVUVjb3E3bWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAl/CbMAwD
BAGX98oDBACX98wwDQYJKoZIhvcNAQELBQADggEBAC4YCWK4J8N5Zm/lnlHBduW6
nmZengm9398hbL3DH5AxbACEtwSkhD08lXMv4fAt10OiVdiUClRlvAkYZrLxVmkS
QPnRAxna2TRHteuNUbfoYpK/4OkiwaACKymP+ovh/6dt5ifymcHWkJ/eRlWTrsjc
IiZ/Yv4gps28BA6VCad4YuGzNFOPgzpbjlhU/14YIto96gQi5dn90sX6HjJG4Cg8
pqi9iBzvA1siq8vbJdw8JSIMta7mzNTxGg+86UTNL/5oizPe9zeYSd+OA6a01WnC
CHrYZLJeZ1HI2TYHdlawRzkgD7o2jeMdsc2jSYT/pMe4FYsKFoAvjc6SlZzl22E=
-----END CERTIFICATE-----