Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/P3NFfYlDxZn79ltSqtLBgGI7i0o.roa
File:                     P3NFfYlDxZn79ltSqtLBgGI7i0o.roa (raw, json)
Hash identifier:          9yrIc667atAelZudNAuuM8EfT3HRhowmOGXhf4IGH54=
Subject key identifier:   3F:73:45:7D:89:43:C5:99:FB:F6:5B:52:AA:D2:C1:80:62:3B:8B:4A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01992CD7D0A293C8DCFD765C1E1532750ECD
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/P3NFfYlDxZn79ltSqtLBgGI7i0o.roa
Signing time:             Tue 09 Sep 2025 04:59:25 +0000
ROA not before:           Tue 09 Sep 2025 04:59:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215528
IP address blocks:        151.240.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2c:d7:d0:a2:93:c8:dc:fd:76:5c:1e:15:32:75:0e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  9 04:59:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f73457d8943c599fbf65b52aad2c180623b8b4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1b:de:32:76:1d:ae:ce:d5:17:20:c2:f8:10:
                    57:02:2e:ee:28:39:dc:2f:53:16:26:b2:de:c8:66:
                    94:98:7c:b8:9f:1d:64:00:97:a8:9f:a1:f6:c4:b7:
                    85:92:42:5c:a8:8a:91:05:6e:27:28:63:0f:99:d6:
                    e6:3a:22:65:4e:f7:c3:f9:eb:0a:e3:a2:3c:a3:b7:
                    95:5a:f5:09:7b:a2:7f:f5:a1:ce:6f:87:39:2f:93:
                    7c:44:f9:60:9a:7c:7d:89:2a:27:75:f4:bb:17:7a:
                    a0:ef:be:19:41:5f:fc:aa:23:67:03:68:f9:92:f4:
                    e6:56:bf:94:03:92:64:85:0a:fa:d0:87:d1:58:e0:
                    f1:bc:2b:34:78:20:57:c2:10:f4:e2:5c:e0:73:a4:
                    22:db:77:1c:e2:a4:51:20:73:50:98:c6:af:a4:ef:
                    12:2c:c8:4d:ff:44:47:90:34:f7:fa:95:49:cb:26:
                    d6:cb:ef:fe:f3:45:20:e6:82:7d:ac:d5:65:3c:0e:
                    8a:2f:86:6e:db:80:e2:15:d7:9a:4f:68:c0:0f:72:
                    ef:0b:be:55:4e:74:06:b1:04:e2:f3:29:2d:9f:28:
                    c8:53:27:06:a8:53:e0:72:eb:20:fe:1a:7b:33:65:
                    2f:b1:73:e2:de:9d:2e:2d:d5:51:eb:9c:ce:0a:a5:
                    c3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:73:45:7D:89:43:C5:99:FB:F6:5B:52:AA:D2:C1:80:62:3B:8B:4A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/P3NFfYlDxZn79ltSqtLBgGI7i0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:ab:c9:f9:15:57:1a:f6:17:3a:da:19:e3:64:fe:2e:ca:78:
         18:0b:5e:1f:fc:bb:f0:2c:0b:d9:17:d0:c8:99:14:b4:c6:ac:
         63:64:27:94:eb:44:65:8d:5e:be:03:f6:7b:44:25:f4:53:5e:
         3b:30:b1:24:5b:93:fa:15:61:e1:47:64:be:44:ad:f3:89:37:
         fc:44:87:89:09:93:ea:17:1a:4a:a2:96:56:58:16:c5:93:87:
         0e:86:81:40:40:99:38:cb:3e:02:40:3d:a8:f5:ac:f8:4e:72:
         4a:1d:51:87:ff:3d:f2:a5:b3:c4:7b:0e:c0:8b:58:f3:7e:51:
         52:49:fa:6b:46:16:e7:ef:dc:64:09:7b:e6:81:a9:5c:83:ae:
         31:4f:02:67:38:87:52:d0:c4:68:1c:38:5b:98:34:d5:44:f3:
         51:94:62:89:cb:20:e0:af:f9:89:e9:3c:2b:e0:42:5e:da:7b:
         3c:16:65:84:69:ac:c4:5b:87:3d:0b:1f:af:31:18:74:5d:1a:
         7f:23:ee:cb:ec:91:54:35:ac:f1:bc:3a:49:1b:d3:5e:22:38:
         ce:b3:cf:b2:c2:1b:66:ab:0a:e7:35:d9:d9:09:7b:65:fc:07:
         59:03:63:4c:41:64:76:6c:7c:97:95:8e:80:26:f2:4d:7c:da:
         04:c4:8b:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZks19Cik8jc/XZcHhUydQ7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTA5MDQ1OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjczNDU3ZDg5NDNjNTk5ZmJmNjViNTJhYWQyYzE4MDYyM2I4YjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphveMnYdrs7VFyDC+BBXAi7uKDnc
L1MWJrLeyGaUmHy4nx1kAJeon6H2xLeFkkJcqIqRBW4nKGMPmdbmOiJlTvfD+esK
46I8o7eVWvUJe6J/9aHOb4c5L5N8RPlgmnx9iSondfS7F3qg774ZQV/8qiNnA2j5
kvTmVr+UA5JkhQr60IfRWODxvCs0eCBXwhD04lzgc6Qi23cc4qRRIHNQmMavpO8S
LMhN/0RHkDT3+pVJyybWy+/+80Ug5oJ9rNVlPA6KL4Zu24DiFdeaT2jAD3LvC75V
TnQGsQTi8yktnyjIUycGqFPgcusg/hp7M2UvsXPi3p0uLdVR65zOCqXDfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9zRX2JQ8WZ+/ZbUqrSwYBiO4tKMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUDNORmZZbER4Wm43OWx0U3F0TEJnR0k3aTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/BjMA0G
CSqGSIb3DQEBCwUAA4IBAQCmq8n5FVca9hc62hnjZP4uyngYC14f/LvwLAvZF9DI
mRS0xqxjZCeU60RljV6+A/Z7RCX0U147MLEkW5P6FWHhR2S+RK3ziTf8RIeJCZPq
FxpKopZWWBbFk4cOhoFAQJk4yz4CQD2o9az4TnJKHVGH/z3ypbPEew7Ai1jzflFS
SfprRhbn79xkCXvmgalcg64xTwJnOIdS0MRoHDhbmDTVRPNRlGKJyyDgr/mJ6Twr
4EJe2ns8FmWEaazEW4c9Cx+vMRh0XRp/I+7L7JFUNazxvDpJG9NeIjjOs8+ywhtm
qwrnNdnZCXtl/AdZA2NMQWR2bHyXlY6AJvJNfNoExItB
-----END CERTIFICATE-----