Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Q6TIGKO055G04VafNs6jerLy25w.roa
File:                     Q6TIGKO055G04VafNs6jerLy25w.roa (raw, json)
Hash identifier:          C2nLMGqYufBSkx+vDvTD0JSZKlvooQtDJJCYBt2ypkA=
Subject key identifier:   43:A4:C8:18:A3:B4:E7:91:B4:E1:56:9F:36:CE:A3:7A:B2:F2:DB:9C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01979C6D6358CE8E211B58099311A099A621
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Q6TIGKO055G04VafNs6jerLy25w.roa
Signing time:             Mon 23 Jun 2025 10:55:03 +0000
ROA not before:           Mon 23 Jun 2025 10:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        151.242.66.0/24 maxlen: 24
                          151.243.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:6d:63:58:ce:8e:21:1b:58:09:93:11:a0:99:a6:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 23 10:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a4c818a3b4e791b4e1569f36cea37ab2f2db9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:94:46:e4:61:7f:94:8e:c3:96:09:30:59:87:
                    a3:b6:2d:a9:63:6d:66:db:c9:25:ed:1e:b1:37:8a:
                    92:c7:b4:32:44:1d:16:3a:88:22:ac:03:86:f5:ad:
                    07:aa:62:ce:5a:51:02:e1:0f:77:c1:5f:da:1b:a4:
                    a7:d8:29:ba:c4:69:a6:23:06:14:2b:ce:fd:26:a0:
                    e4:4e:5e:2d:7e:a4:89:8e:ed:c8:81:ca:ad:85:5a:
                    1b:e3:22:59:44:07:09:cb:2b:fe:a7:05:5b:ab:68:
                    e0:d6:2a:e2:79:72:a5:35:e2:87:42:7a:c0:f3:04:
                    e9:40:93:b0:5d:f3:16:b4:71:fa:30:cc:cc:70:03:
                    6c:85:2a:ef:1a:36:22:43:29:71:33:05:90:81:48:
                    0a:7a:d2:bc:0a:f4:df:d2:f2:dd:98:9a:d2:c8:3d:
                    11:5b:17:27:87:d9:13:6c:65:30:15:d1:0a:9b:45:
                    18:f0:15:43:bd:3f:94:5f:9a:33:4a:f8:2d:85:0f:
                    af:29:54:e2:69:46:30:cf:3c:75:7a:d7:e4:6c:f9:
                    84:9a:1f:db:72:23:b9:7f:71:d8:36:74:a9:ec:d6:
                    bd:8b:72:bc:a8:66:01:68:98:15:39:d9:91:17:9a:
                    ec:0b:56:86:d3:5d:06:22:39:35:c3:cb:a8:a4:95:
                    c3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A4:C8:18:A3:B4:E7:91:B4:E1:56:9F:36:CE:A3:7A:B2:F2:DB:9C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Q6TIGKO055G04VafNs6jerLy25w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.66.0/24
                  151.243.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:a9:0e:f9:7d:08:1c:b2:8f:96:08:f8:a5:2f:d3:33:0a:1f:
         b5:1e:bf:80:b2:b1:8e:85:84:2a:36:7d:4f:70:ec:b5:a2:24:
         d7:fa:a1:aa:15:fd:11:12:f2:9d:91:0b:7c:ad:77:37:4a:83:
         75:44:0f:34:e7:8b:e2:61:4c:cd:9b:bd:05:51:01:4f:c7:05:
         de:46:4a:15:4a:db:3f:17:86:a8:a0:31:78:2c:eb:64:d8:50:
         2f:3f:6e:56:7b:6e:cc:4c:b8:3a:02:ce:45:c0:bd:e2:a3:58:
         84:44:c8:a1:12:20:37:47:35:32:43:a3:ce:f3:82:3d:8d:97:
         93:8a:d6:3c:dc:51:70:93:30:0e:e3:56:2a:d4:62:b0:ea:66:
         49:3f:b9:d8:de:ca:a5:f3:67:d4:50:07:ac:61:63:26:fc:25:
         44:0e:0a:7f:f9:5b:8e:91:f9:10:20:22:6e:db:4d:65:19:b3:
         1d:cc:29:2a:7c:f0:b7:2f:7c:d7:6a:6c:96:d0:67:18:c1:38:
         e0:4c:79:ca:c3:35:da:20:af:c9:44:9d:14:10:cd:97:ba:ea:
         40:4c:72:06:bb:f7:b9:5b:1b:02:c2:42:2b:b3:5f:0f:2f:e3:
         a5:9f:96:ae:9a:4c:31:95:0e:a5:c9:56:68:65:db:0a:e8:64:
         44:ea:0c:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZecbWNYzo4hG1gJkxGgmaYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIzMTA1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E0YzgxOGEzYjRlNzkxYjRlMTU2OWYzNmNlYTM3YWIyZjJkYjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZRG5GF/lI7DlgkwWYejti2pY21m
28kl7R6xN4qSx7QyRB0WOogirAOG9a0HqmLOWlEC4Q93wV/aG6Sn2Cm6xGmmIwYU
K879JqDkTl4tfqSJju3IgcqthVob4yJZRAcJyyv+pwVbq2jg1irieXKlNeKHQnrA
8wTpQJOwXfMWtHH6MMzMcANshSrvGjYiQylxMwWQgUgKetK8CvTf0vLdmJrSyD0R
Wxcnh9kTbGUwFdEKm0UY8BVDvT+UX5ozSvgthQ+vKVTiaUYwzzx1etfkbPmEmh/b
ciO5f3HYNnSp7Na9i3K8qGYBaJgVOdmRF5rsC1aG010GIjk1w8uopJXD4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEOkyBijtOeRtOFWnzbOo3qy8tucMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUTZUSUdLTzA1NUcwNFZhZk5zNmplckx5MjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/JCAwQA
l/MaMA0GCSqGSIb3DQEBCwUAA4IBAQCuqQ75fQgcso+WCPilL9MzCh+1Hr+AsrGO
hYQqNn1PcOy1oiTX+qGqFf0REvKdkQt8rXc3SoN1RA8054viYUzNm70FUQFPxwXe
RkoVSts/F4aooDF4LOtk2FAvP25We27MTLg6As5FwL3io1iERMihEiA3RzUyQ6PO
84I9jZeTitY83FFwkzAO41Yq1GKw6mZJP7nY3sql82fUUAesYWMm/CVEDgp/+VuO
kfkQICJu201lGbMdzCkqfPC3L3zXamyW0GcYwTjgTHnKwzXaIK/JRJ0UEM2XuupA
THIGu/e5WxsCwkIrs18PL+Oln5aumkwxlQ6lyVZoZdsK6GRE6gxW
-----END CERTIFICATE-----