Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HhqJVEYoEUQXu4bAPmsyGgScVvg.roa
File:                     HhqJVEYoEUQXu4bAPmsyGgScVvg.roa (raw, json)
Hash identifier:          8Z/J/oCU4fOZP1WKPSKl+m5d3Ybi0GG+b12HpjTKb2g=
Subject key identifier:   1E:1A:89:54:46:28:11:44:17:BB:86:C0:3E:6B:32:1A:04:9C:56:F8
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196907A857079F87304A9AD8B8FA76DFFA7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HhqJVEYoEUQXu4bAPmsyGgScVvg.roa
Signing time:             Fri 02 May 2025 10:11:10 +0000
ROA not before:           Fri 02 May 2025 10:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15353
IP address blocks:        151.243.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 10:44:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:90:7a:85:70:79:f8:73:04:a9:ad:8b:8f:a7:6d:ff:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  2 10:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e1a89544628114417bb86c03e6b321a049c56f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:15:60:b5:29:74:cc:c2:d7:bd:bd:74:42:60:
                    7b:5b:1b:5c:5f:51:18:4d:a8:29:ba:c8:13:fb:33:
                    7c:55:38:e2:d3:18:94:38:6b:22:e4:ed:fc:4b:90:
                    cc:b4:02:9f:05:1e:13:50:1e:4e:e3:90:d0:86:b8:
                    87:b8:fb:9e:cb:ca:f1:8f:e5:b0:3b:28:2b:11:51:
                    9a:c2:19:03:45:c1:61:63:d1:0a:c3:5b:b6:55:38:
                    e8:bd:0a:4d:e7:7b:b9:e7:3b:7c:38:6b:81:4d:6b:
                    c5:26:73:c3:45:51:d0:e3:7a:aa:de:ce:d2:80:57:
                    e2:65:8a:0f:c7:e5:06:fe:06:1f:ef:82:27:c1:af:
                    27:0b:8d:26:75:df:fc:71:e3:0e:5c:1f:00:e1:c7:
                    89:56:e2:8f:5f:ff:de:5c:5e:9b:57:9a:b0:90:23:
                    24:75:a0:65:51:60:16:3d:54:99:f5:94:b5:53:c9:
                    9b:17:9e:48:26:5a:7b:31:86:c2:65:1a:d3:fa:22:
                    fc:39:78:90:9c:83:a5:e0:56:a9:41:49:cf:08:e3:
                    b2:4b:d1:ed:f2:54:eb:bc:8e:ac:c2:0b:ae:16:52:
                    e8:87:29:06:3a:8d:c0:51:ec:cf:54:bb:68:66:69:
                    b0:f3:7a:2e:70:88:dd:30:3e:9b:d8:37:6a:59:40:
                    4d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:1A:89:54:46:28:11:44:17:BB:86:C0:3E:6B:32:1A:04:9C:56:F8
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HhqJVEYoEUQXu4bAPmsyGgScVvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:74:7c:7b:32:60:b7:58:4c:3a:b6:f4:3c:72:60:b4:00:45:
         84:35:3f:db:a6:aa:f9:b2:5b:a7:f8:2b:e5:ac:2a:98:af:5e:
         8e:f4:e5:22:b3:8c:20:0f:9a:17:a1:b0:fa:9e:cb:00:39:1a:
         f6:35:58:4a:bd:3e:3b:79:b9:8d:45:f8:fb:f8:be:37:f7:79:
         ff:0b:9b:0a:df:a1:c7:62:5e:aa:08:77:ce:d5:e1:ee:ff:1f:
         fe:5b:69:6b:a9:f9:44:f2:be:96:88:35:e8:7d:ea:61:b0:f9:
         7f:d9:6d:eb:38:45:59:e0:31:69:80:d8:21:5f:78:36:08:72:
         5a:e1:e2:dc:91:9c:19:f9:c3:08:2e:84:a6:1f:d3:54:59:58:
         e9:38:41:14:39:3a:a7:d0:a2:b4:2e:04:d5:27:2a:7a:1e:df:
         e7:58:14:ce:ec:89:11:b9:ca:2e:ef:d4:72:5a:70:3b:bf:31:
         56:dd:9d:cb:93:79:09:d6:78:9c:5c:cf:ac:af:bc:78:9c:c9:
         02:33:93:7b:37:f8:4d:69:07:65:b5:f5:81:01:00:77:d7:2a:
         ca:1f:aa:cd:7f:ae:ad:24:b5:fc:35:f2:c3:71:bd:9c:3d:f6:
         dc:bb:93:50:93:a3:31:7b:30:66:a7:11:4f:9c:e0:22:2c:0c:
         c6:7c:a1:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaQeoVwefhzBKmti4+nbf+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTAyMTAxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTFhODk1NDQ2MjgxMTQ0MTdiYjg2YzAzZTZiMzIxYTA0OWM1NmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhVgtSl0zMLXvb10QmB7WxtcX1EY
TagpusgT+zN8VTji0xiUOGsi5O38S5DMtAKfBR4TUB5O45DQhriHuPuey8rxj+Ww
OygrEVGawhkDRcFhY9EKw1u2VTjovQpN53u55zt8OGuBTWvFJnPDRVHQ43qq3s7S
gFfiZYoPx+UG/gYf74Inwa8nC40mdd/8ceMOXB8A4ceJVuKPX//eXF6bV5qwkCMk
daBlUWAWPVSZ9ZS1U8mbF55IJlp7MYbCZRrT+iL8OXiQnIOl4FapQUnPCOOyS9Ht
8lTrvI6swguuFlLohykGOo3AUezPVLtoZmmw83oucIjdMD6b2DdqWUBNlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4aiVRGKBFEF7uGwD5rMhoEnFb4MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSGhxSlZFWW9FVVFYdTRiQVBtc3lHZ1NjVnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NwMA0G
CSqGSIb3DQEBCwUAA4IBAQCIdHx7MmC3WEw6tvQ8cmC0AEWENT/bpqr5slun+Cvl
rCqYr16O9OUis4wgD5oXobD6nssAORr2NVhKvT47ebmNRfj7+L4393n/C5sK36HH
Yl6qCHfO1eHu/x/+W2lrqflE8r6WiDXofephsPl/2W3rOEVZ4DFpgNghX3g2CHJa
4eLckZwZ+cMILoSmH9NUWVjpOEEUOTqn0KK0LgTVJyp6Ht/nWBTO7IkRucou79Ry
WnA7vzFW3Z3Lk3kJ1nicXM+sr7x4nMkCM5N7N/hNaQdltfWBAQB31yrKH6rNf66t
JLX8NfLDcb2cPfbcu5NQk6MxezBmpxFPnOAiLAzGfKGx
-----END CERTIFICATE-----