Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MII755TwyyAzy9vTGoosxDTYqlc.roa
File:                     MII755TwyyAzy9vTGoosxDTYqlc.roa (raw, json)
Hash identifier:          36HK+7IVeubzNIa4tT1HynYvCAKppkIJqWYvWsKEtDw=
Subject key identifier:   30:82:3B:E7:94:F0:CB:20:33:CB:DB:D3:1A:8A:2C:C4:34:D8:AA:57
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01988A2B3ACBCE6DAFCBE4AB34AE31C8E0EA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MII755TwyyAzy9vTGoosxDTYqlc.roa
Signing time:             Fri 08 Aug 2025 14:52:25 +0000
ROA not before:           Fri 08 Aug 2025 14:52:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152900
IP address blocks:        151.244.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8a:2b:3a:cb:ce:6d:af:cb:e4:ab:34:ae:31:c8:e0:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  8 14:52:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30823be794f0cb2033cbdbd31a8a2cc434d8aa57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c5:c2:a2:39:f5:2a:83:79:6d:54:da:ac:a6:
                    a7:d3:0a:7a:e1:b7:17:93:50:51:20:9b:00:95:bc:
                    62:d5:1b:85:e3:2e:51:ae:2f:86:83:53:e4:c9:11:
                    db:ee:15:c3:a7:18:dc:a2:44:fe:3e:18:de:85:05:
                    9c:6e:0b:ca:67:63:b8:84:cf:68:95:c3:ef:bc:ce:
                    58:18:68:3c:a9:af:9f:49:0c:4d:49:03:d4:c2:ca:
                    da:7f:dc:e5:c7:2c:4f:e5:ab:67:c0:39:c3:21:65:
                    f9:a8:a8:8d:64:71:8c:44:ac:ee:49:c4:69:67:62:
                    df:87:fc:f0:c9:1a:50:c6:bf:24:7d:29:cc:42:ba:
                    db:e5:6f:d6:ee:95:b1:73:91:6e:7f:54:46:01:02:
                    d8:82:a7:2e:08:cf:75:34:fd:d4:5c:3f:69:47:c9:
                    8d:3b:c5:ea:09:2a:3e:cc:ef:9c:2a:f5:2e:e6:15:
                    a4:ad:7b:9c:31:d3:9b:cc:48:88:43:46:84:2b:22:
                    61:a1:c1:90:69:3b:8f:eb:07:78:57:71:42:c2:71:
                    54:9b:b7:8a:be:9d:9e:ce:26:5c:e0:78:53:62:74:
                    93:77:67:5e:c4:ed:36:75:2d:a3:10:97:38:1d:d4:
                    95:98:5d:cf:f0:51:9a:e5:5a:6c:08:c1:23:3f:2f:
                    56:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:82:3B:E7:94:F0:CB:20:33:CB:DB:D3:1A:8A:2C:C4:34:D8:AA:57
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MII755TwyyAzy9vTGoosxDTYqlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:d1:e1:3e:d6:0a:67:40:f7:b3:9f:1f:6e:26:0b:fb:b3:19:
         2f:cd:2b:30:2b:11:1e:5d:e5:ee:38:8d:82:88:3a:e3:fc:dd:
         ef:34:5a:f5:46:2f:ca:8e:d4:3a:c6:5b:cc:0a:c5:08:c2:47:
         01:a4:b5:50:63:e0:a2:48:8d:74:fe:0c:ce:d4:cb:5c:86:35:
         15:f5:5c:d3:2b:e5:77:2f:4c:2c:c6:19:91:2b:d0:7f:70:ad:
         7c:f2:af:76:1a:c7:d2:eb:b4:a5:26:57:6f:dd:a3:fc:6a:8f:
         e6:ae:6a:d3:cb:ff:cf:22:34:aa:26:fa:d1:29:f4:9c:c8:1c:
         54:a0:97:49:33:ed:ad:b2:ed:c0:fa:a5:b8:3f:98:e3:15:20:
         e8:81:60:00:68:1b:d6:25:24:f0:51:d4:35:7b:d4:8c:17:c0:
         db:fd:51:8c:4c:ea:f7:66:ed:72:59:2b:95:97:fb:df:dd:ec:
         07:59:27:33:9d:ba:3d:60:dc:fa:e5:2d:f3:82:67:3a:42:a0:
         6d:e5:11:f2:4e:41:c6:5d:1a:3c:5c:c2:0e:26:2a:e5:ef:33:
         aa:7f:5e:e7:58:9f:a6:33:dc:4f:59:52:65:51:88:76:8f:4a:
         d6:af:78:43:d4:de:25:be:f4:b0:ae:2b:eb:55:13:8a:88:cd:
         40:11:75:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiKKzrLzm2vy+SrNK4xyODqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODA4MTQ1MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDgyM2JlNzk0ZjBjYjIwMzNjYmRiZDMxYThhMmNjNDM0ZDhhYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMXCojn1KoN5bVTarKan0wp64bcX
k1BRIJsAlbxi1RuF4y5Rri+Gg1PkyRHb7hXDpxjcokT+PhjehQWcbgvKZ2O4hM9o
lcPvvM5YGGg8qa+fSQxNSQPUwsraf9zlxyxP5atnwDnDIWX5qKiNZHGMRKzuScRp
Z2Lfh/zwyRpQxr8kfSnMQrrb5W/W7pWxc5Fuf1RGAQLYgqcuCM91NP3UXD9pR8mN
O8XqCSo+zO+cKvUu5hWkrXucMdObzEiIQ0aEKyJhocGQaTuP6wd4V3FCwnFUm7eK
vp2eziZc4HhTYnSTd2dexO02dS2jEJc4HdSVmF3P8FGa5VpsCMEjPy9WDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCCO+eU8MsgM8vb0xqKLMQ02KpXMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTUlJNzU1VHd5eUF6eTl2VEdvb3N4RFRZcWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/T7MA0G
CSqGSIb3DQEBCwUAA4IBAQBj0eE+1gpnQPeznx9uJgv7sxkvzSswKxEeXeXuOI2C
iDrj/N3vNFr1Ri/KjtQ6xlvMCsUIwkcBpLVQY+CiSI10/gzO1MtchjUV9VzTK+V3
L0wsxhmRK9B/cK188q92GsfS67SlJldv3aP8ao/mrmrTy//PIjSqJvrRKfScyBxU
oJdJM+2tsu3A+qW4P5jjFSDogWAAaBvWJSTwUdQ1e9SMF8Db/VGMTOr3Zu1yWSuV
l/vf3ewHWScznbo9YNz65S3zgmc6QqBt5RHyTkHGXRo8XMIOJirl7zOqf17nWJ+m
M9xPWVJlUYh2j0rWr3hD1N4lvvSwrivrVROKiM1AEXUz
-----END CERTIFICATE-----