Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ObOOyBiAm3qzMTmsk2u5W-O1B9E.roa
File:                     ObOOyBiAm3qzMTmsk2u5W-O1B9E.roa (raw, json)
Hash identifier:          dTrI4ojh8XpxW9IZweQPtOfKUzKGQji6V+qqnJp6aZU=
Subject key identifier:   39:B3:8E:C8:18:80:9B:7A:B3:31:39:AC:93:6B:B9:5B:E3:B5:07:D1
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198C74ECD8FE43770A8065E6350C47F38F6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ObOOyBiAm3qzMTmsk2u5W-O1B9E.roa
Signing time:             Wed 20 Aug 2025 11:48:07 +0000
ROA not before:           Wed 20 Aug 2025 11:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        151.243.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c7:4e:cd:8f:e4:37:70:a8:06:5e:63:50:c4:7f:38:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 20 11:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39b38ec818809b7ab33139ac936bb95be3b507d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:eb:9e:b0:9a:d0:57:21:8f:c4:87:e8:e7:31:
                    03:c1:51:bc:a2:26:92:2f:66:5e:37:f1:06:a2:b4:
                    a2:63:d8:86:f1:e4:43:7d:1c:c0:d9:15:cb:8e:c7:
                    c1:fa:ac:d9:df:ee:80:73:e5:cd:a3:d0:cf:04:fb:
                    d8:cc:61:a0:01:8d:dc:7e:2e:19:de:9c:6f:1e:25:
                    61:4a:dc:f9:0b:8c:a9:6a:fb:d8:6a:55:e8:55:cb:
                    1e:4f:6f:6d:4d:ee:a9:27:15:ee:2f:60:93:47:94:
                    44:16:f5:6c:fc:74:1c:d5:df:4b:52:9d:fb:af:08:
                    dc:06:c1:d9:fa:df:7c:9a:db:e4:d8:1e:d2:2e:b0:
                    bb:cb:0a:2d:2b:6e:86:54:51:8e:8f:c6:50:28:29:
                    e3:2a:e4:6d:e4:ad:ae:27:61:e7:79:21:55:12:62:
                    78:ec:c2:ba:45:77:bc:af:13:2b:6e:1b:04:6a:91:
                    6d:2e:60:91:26:cc:2f:4d:60:a0:a4:e8:f6:5e:0c:
                    f9:af:21:f5:78:4d:85:20:89:17:a1:86:e9:b9:4a:
                    8a:61:1a:4c:13:3a:e7:58:1a:4c:25:fe:a5:09:64:
                    fd:9a:92:49:0b:9a:92:25:1a:3a:4b:cc:6a:c4:a4:
                    f0:7d:57:d5:28:15:22:84:be:86:67:9e:1a:4c:91:
                    7b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B3:8E:C8:18:80:9B:7A:B3:31:39:AC:93:6B:B9:5B:E3:B5:07:D1
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ObOOyBiAm3qzMTmsk2u5W-O1B9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:aa:9e:fa:68:f2:f0:48:36:87:a0:a9:f8:01:c7:8a:12:34:
         df:cc:6a:63:3c:3d:16:d2:e0:06:ee:03:48:d0:25:70:05:68:
         e9:6e:43:8b:41:e3:5d:de:bc:ad:11:fe:d2:b9:c3:6c:36:fd:
         17:34:28:5b:0e:16:3a:af:57:b0:a8:3a:a3:97:bb:df:b4:c2:
         94:9a:69:10:77:78:cc:2c:59:5e:d6:dd:8a:1e:d9:8f:77:6d:
         9c:f4:96:27:b4:70:b2:07:25:1a:45:45:b1:a0:50:78:80:ef:
         63:28:8b:65:48:cc:32:fb:b9:70:14:10:22:66:37:e6:a2:e7:
         ac:6c:3a:4e:66:ee:40:5f:67:1b:17:e6:23:3d:c3:de:18:eb:
         15:3f:b5:a7:f0:f8:1e:18:f0:84:6e:4f:36:14:d0:6c:11:9f:
         d3:90:0a:3e:b3:c2:cf:25:99:3a:90:a1:c3:ab:cd:6e:e2:90:
         48:f5:8a:68:dd:7a:55:08:d7:69:fa:cd:fa:0e:a3:93:2f:29:
         80:a1:47:cc:40:34:9d:0c:cc:56:6f:51:ea:e6:71:ea:5c:43:
         b5:10:61:23:5f:b4:5c:ca:4e:ec:1d:d8:e5:22:e7:e7:2c:b8:
         84:f0:c8:5f:21:2e:cb:89:36:9a:e1:c0:c3:0b:14:f3:bd:a2:
         24:ff:ec:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjHTs2P5DdwqAZeY1DEfzj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIwMTE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWIzOGVjODE4ODA5YjdhYjMzMTM5YWM5MzZiYjk1YmUzYjUwN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuuesJrQVyGPxIfo5zEDwVG8oiaS
L2ZeN/EGorSiY9iG8eRDfRzA2RXLjsfB+qzZ3+6Ac+XNo9DPBPvYzGGgAY3cfi4Z
3pxvHiVhStz5C4ypavvYalXoVcseT29tTe6pJxXuL2CTR5REFvVs/HQc1d9LUp37
rwjcBsHZ+t98mtvk2B7SLrC7ywotK26GVFGOj8ZQKCnjKuRt5K2uJ2HneSFVEmJ4
7MK6RXe8rxMrbhsEapFtLmCRJswvTWCgpOj2Xgz5ryH1eE2FIIkXoYbpuUqKYRpM
EzrnWBpMJf6lCWT9mpJJC5qSJRo6S8xqxKTwfVfVKBUihL6GZ54aTJF74QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmzjsgYgJt6szE5rJNruVvjtQfRMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvT2JPT3lCaUFtM3F6TVRtc2sydTVXLU8xQjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NtMA0G
CSqGSIb3DQEBCwUAA4IBAQBbqp76aPLwSDaHoKn4AceKEjTfzGpjPD0W0uAG7gNI
0CVwBWjpbkOLQeNd3rytEf7SucNsNv0XNChbDhY6r1ewqDqjl7vftMKUmmkQd3jM
LFle1t2KHtmPd22c9JYntHCyByUaRUWxoFB4gO9jKItlSMwy+7lwFBAiZjfmoues
bDpOZu5AX2cbF+YjPcPeGOsVP7Wn8PgeGPCEbk82FNBsEZ/TkAo+s8LPJZk6kKHD
q81u4pBI9Ypo3XpVCNdp+s36DqOTLymAoUfMQDSdDMxWb1Hq5nHqXEO1EGEjX7Rc
yk7sHdjlIufnLLiE8MhfIS7LiTaa4cDDCxTzvaIk/+yd
-----END CERTIFICATE-----