Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JPRvyTC-fDuMBPsXmV7z2LEC0gI.roa
File:                     JPRvyTC-fDuMBPsXmV7z2LEC0gI.roa (raw, json)
Hash identifier:          E7vGb0JpnX60pxXnRW7TUDlR2y7wLfSXhz+MZDlYyhs=
Subject key identifier:   24:F4:6F:C9:30:BE:7C:3B:8C:04:FB:17:99:5E:F3:D8:B1:02:D2:02
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D57B033E1DC3E3F40A796F779BB019E3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JPRvyTC-fDuMBPsXmV7z2LEC0gI.roa
Signing time:             Sat 23 Aug 2025 05:51:05 +0000
ROA not before:           Sat 23 Aug 2025 05:51:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        151.242.29.0/24 maxlen: 24
                          151.242.66.0/24 maxlen: 24
                          151.243.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d5:7b:03:3e:1d:c3:e3:f4:0a:79:6f:77:9b:b0:19:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 23 05:51:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24f46fc930be7c3b8c04fb17995ef3d8b102d202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6a:0c:32:24:14:f9:d1:d7:5d:fb:7c:34:37:
                    7c:d4:32:bd:8a:e3:70:11:e9:f9:65:8c:e4:35:82:
                    e8:93:dd:24:05:c9:28:f3:45:3a:a8:2b:76:51:f0:
                    80:35:86:90:11:a0:ca:96:b7:c5:7c:e6:2d:71:3a:
                    fd:3f:c2:85:0b:9f:5d:20:f8:fa:2e:ec:fb:9f:cd:
                    4e:0f:1e:08:82:9c:56:23:0a:3d:99:de:61:a8:c6:
                    c3:49:41:68:eb:cf:bf:cd:da:45:46:68:0f:c9:3f:
                    4d:63:e6:15:da:f8:87:e7:68:33:fd:3b:4a:37:75:
                    2a:16:2c:f4:de:02:2a:4c:aa:99:50:f5:3a:96:13:
                    70:19:ae:da:7d:ea:4e:04:e7:3f:b2:ae:6f:b3:d0:
                    1c:5c:c9:3c:e2:e1:28:40:8e:39:9b:03:ff:d3:54:
                    56:19:8e:67:88:70:52:fe:67:15:65:d7:76:7e:8b:
                    fe:fb:68:50:60:0d:d5:ce:43:91:5f:81:46:93:50:
                    e1:f8:84:d9:00:18:18:e1:0d:9c:0d:b4:aa:45:00:
                    9b:4f:33:14:c0:d8:4b:70:0f:a8:11:a1:0a:aa:a1:
                    0a:0f:1d:a3:c7:44:f3:12:2a:10:8c:84:f7:f2:11:
                    62:70:e1:82:c0:7d:04:17:18:19:9f:5b:73:aa:47:
                    f8:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F4:6F:C9:30:BE:7C:3B:8C:04:FB:17:99:5E:F3:D8:B1:02:D2:02
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JPRvyTC-fDuMBPsXmV7z2LEC0gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.29.0/24
                  151.242.66.0/24
                  151.243.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ff:be:8b:69:76:01:01:65:8e:d1:da:27:a5:be:1a:68:84:
         4e:ae:4b:be:df:e4:26:43:af:77:d7:9d:90:3e:5b:f6:ad:96:
         bb:9a:76:77:33:56:c6:c9:63:1b:cd:c8:2f:26:92:88:36:36:
         52:98:5b:77:49:10:a1:ce:c5:1e:ae:e0:bb:f4:e5:c3:05:18:
         96:ad:4b:0c:78:29:da:3b:e3:54:73:e5:30:b4:99:2e:47:4a:
         af:f8:1d:f7:3e:ce:da:d2:3b:47:5b:22:80:6f:f7:f6:eb:08:
         c3:6a:7a:57:14:54:cc:2e:1f:e0:62:21:15:d4:af:3e:9f:d0:
         21:93:c6:f6:58:b3:53:4a:62:3b:6c:76:5a:e9:dd:f5:55:24:
         2f:00:90:61:15:84:dc:37:f0:0c:1e:52:b4:09:ae:96:e8:0f:
         70:af:7e:9f:ea:f7:b0:dd:91:9b:3e:6e:6a:d5:df:6c:62:23:
         01:29:db:f3:de:47:21:94:54:33:69:16:c1:9b:71:01:62:93:
         d9:85:e6:f1:a7:66:08:9c:5b:65:d1:21:b9:0e:0c:3f:cd:75:
         1f:34:7a:51:31:95:20:13:54:1d:df:c3:9c:f7:fa:ce:79:81:
         4d:32:f8:c4:70:3e:c1:c4:c3:8e:f7:3e:17:38:ce:96:56:a0:
         d4:db:47:4a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjVewM+HcPj9Ap5b3ebsBnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIzMDU1MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGY0NmZjOTMwYmU3YzNiOGMwNGZiMTc5OTVlZjNkOGIxMDJkMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2oMMiQU+dHXXft8NDd81DK9iuNw
Een5ZYzkNYLok90kBcko80U6qCt2UfCANYaQEaDKlrfFfOYtcTr9P8KFC59dIPj6
Luz7n81ODx4IgpxWIwo9md5hqMbDSUFo68+/zdpFRmgPyT9NY+YV2viH52gz/TtK
N3UqFiz03gIqTKqZUPU6lhNwGa7afepOBOc/sq5vs9AcXMk84uEoQI45mwP/01RW
GY5niHBS/mcVZdd2fov++2hQYA3VzkORX4FGk1Dh+ITZABgY4Q2cDbSqRQCbTzMU
wNhLcA+oEaEKqqEKDx2jx0TzEioQjIT38hFicOGCwH0EFxgZn1tzqkf4GQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCT0b8kwvnw7jAT7F5le89ixAtICMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSlBSdnlUQy1mRHVNQlBzWG1WN3oyTEVDMGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/IdAwQA
l/JCAwQAl/PuMA0GCSqGSIb3DQEBCwUAA4IBAQBq/76LaXYBAWWO0donpb4aaIRO
rku+3+QmQ693152QPlv2rZa7mnZ3M1bGyWMbzcgvJpKINjZSmFt3SRChzsUeruC7
9OXDBRiWrUsMeCnaO+NUc+UwtJkuR0qv+B33Ps7a0jtHWyKAb/f26wjDanpXFFTM
Lh/gYiEV1K8+n9Ahk8b2WLNTSmI7bHZa6d31VSQvAJBhFYTcN/AMHlK0Ca6W6A9w
r36f6vew3ZGbPm5q1d9sYiMBKdvz3kchlFQzaRbBm3EBYpPZhebxp2YInFtl0SG5
Dgw/zXUfNHpRMZUgE1Qd38Oc9/rOeYFNMvjEcD7BxMOO9z4XOM6WVqDU20dK
-----END CERTIFICATE-----