Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ItOptltcMtHJWSkXfZZo2Hl0-xI.roa
File:                     ItOptltcMtHJWSkXfZZo2Hl0-xI.roa (raw, json)
Hash identifier:          C6DVVdKSO9HsQ5N5xRhE0pjG7VxnCuQjwgd1iK79Wd0=
Subject key identifier:   22:D3:A9:B6:5B:5C:32:D1:C9:59:29:17:7D:96:68:D8:79:74:FB:12
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196AABA7F39A678DE9497C0E310E8A729E3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ItOptltcMtHJWSkXfZZo2Hl0-xI.roa
Signing time:             Wed 07 May 2025 12:31:10 +0000
ROA not before:           Wed 07 May 2025 12:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142401
IP address blocks:        151.242.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:ba:7f:39:a6:78:de:94:97:c0:e3:10:e8:a7:29:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  7 12:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22d3a9b65b5c32d1c95929177d9668d87974fb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:09:e7:3e:35:4d:ab:c5:90:56:bf:c0:d6:d3:
                    d1:b5:3b:96:5d:9b:17:f0:b1:ac:a9:13:59:de:b1:
                    63:8f:70:a5:5b:15:13:fc:4f:06:af:66:2b:dc:2c:
                    c2:ee:7f:50:cb:32:e8:10:3e:b5:48:60:b4:08:63:
                    6b:33:24:d1:44:b2:e0:b5:a7:29:c8:3e:ca:c8:bd:
                    f5:23:42:c2:c0:96:2a:04:77:c0:5c:44:83:af:76:
                    ae:c7:28:e6:4a:eb:46:6a:7d:09:dd:60:30:02:07:
                    1d:90:ab:fa:b5:ec:c3:29:35:4a:87:53:86:70:c8:
                    a4:5e:e8:03:e8:45:d2:41:c6:aa:f7:ed:0d:35:bb:
                    5a:9b:f4:07:76:8e:e8:b5:5d:dc:da:07:f7:ce:cf:
                    ff:33:9c:e5:9b:2a:3f:7b:e4:bc:06:01:e9:8c:f4:
                    10:48:40:39:e3:ac:86:42:82:f7:f2:a8:55:b9:7e:
                    5d:45:17:44:e3:7d:ba:3c:e1:47:ef:15:5f:3d:34:
                    8d:7d:3f:1d:d8:77:a1:e6:ab:2c:6a:db:e1:12:10:
                    a7:38:f1:4f:21:98:22:af:ae:16:d0:77:c4:cb:79:
                    54:e9:4c:34:64:a1:cc:b0:76:f6:37:8f:72:7c:e2:
                    8e:e8:ec:ec:07:ec:29:d6:59:17:a2:b7:50:e4:44:
                    da:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D3:A9:B6:5B:5C:32:D1:C9:59:29:17:7D:96:68:D8:79:74:FB:12
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ItOptltcMtHJWSkXfZZo2Hl0-xI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:fb:39:2a:97:c4:7b:f8:9f:b2:5b:73:35:ae:6b:b0:f7:24:
         bd:00:65:8e:a2:92:c9:29:c4:44:7e:55:5a:b3:2f:7b:4c:52:
         8c:47:2c:e3:d3:bb:2d:59:dd:2e:2b:08:9a:d7:ab:ab:9e:11:
         5a:95:4f:a2:87:8e:3f:95:36:72:57:2d:ae:bd:83:1c:27:a5:
         44:4e:e5:ce:8b:aa:fc:af:f9:f7:93:e5:f8:c0:82:39:72:f9:
         02:16:7b:46:da:12:ef:42:2c:1a:77:00:8e:c9:32:b6:6b:da:
         37:e3:ae:c2:1f:7d:66:62:87:7e:1c:5e:33:0a:b1:6e:1a:ed:
         3f:28:4c:54:de:24:51:c3:ef:39:6f:bf:4b:40:b5:ff:67:41:
         10:f4:8f:22:51:41:df:a8:69:fd:c1:8b:dd:17:86:bc:40:1e:
         16:b3:18:3f:f5:3c:90:81:b2:9e:54:5c:c9:3b:04:0f:e3:6d:
         0d:d2:35:d3:ac:0d:db:6d:b6:87:01:3f:19:e4:b7:1a:05:d6:
         8f:bb:ca:d7:92:32:7b:49:47:cf:0f:5c:ee:69:ec:fb:5e:f2:
         54:f7:ae:00:25:6e:8e:78:27:23:b4:61:da:22:35:57:94:82:
         71:a5:83:48:30:de:ec:39:8a:16:d6:a8:00:0b:df:d9:81:48:
         aa:3d:44:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaqun85pnjelJfA4xDopynjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTA3MTIzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQzYTliNjViNWMzMmQxYzk1OTI5MTc3ZDk2NjhkODc5NzRmYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQnnPjVNq8WQVr/A1tPRtTuWXZsX
8LGsqRNZ3rFjj3ClWxUT/E8Gr2Yr3CzC7n9QyzLoED61SGC0CGNrMyTRRLLgtacp
yD7KyL31I0LCwJYqBHfAXESDr3auxyjmSutGan0J3WAwAgcdkKv6tezDKTVKh1OG
cMikXugD6EXSQcaq9+0NNbtam/QHdo7otV3c2gf3zs//M5zlmyo/e+S8BgHpjPQQ
SEA546yGQoL38qhVuX5dRRdE4326POFH7xVfPTSNfT8d2Heh5qssatvhEhCnOPFP
IZgir64W0HfEy3lU6Uw0ZKHMsHb2N49yfOKO6OzsB+wp1lkXordQ5ETaXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLTqbZbXDLRyVkpF32WaNh5dPsSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSXRPcHRsdGNNdEhKV1NrWGZaWm8ySGwwLXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/I3MA0G
CSqGSIb3DQEBCwUAA4IBAQBg+zkql8R7+J+yW3M1rmuw9yS9AGWOopLJKcREflVa
sy97TFKMRyzj07stWd0uKwia16urnhFalU+ih44/lTZyVy2uvYMcJ6VETuXOi6r8
r/n3k+X4wII5cvkCFntG2hLvQiwadwCOyTK2a9o3467CH31mYod+HF4zCrFuGu0/
KExU3iRRw+85b79LQLX/Z0EQ9I8iUUHfqGn9wYvdF4a8QB4Wsxg/9TyQgbKeVFzJ
OwQP420N0jXTrA3bbbaHAT8Z5LcaBdaPu8rXkjJ7SUfPD1zuaez7XvJU964AJW6O
eCcjtGHaIjVXlIJxpYNIMN7sOYoW1qgAC9/ZgUiqPUTR
-----END CERTIFICATE-----