Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SrLUmqrkBz4fvi4wp58KiBR0VxI.roa
File:                     SrLUmqrkBz4fvi4wp58KiBR0VxI.roa (raw, json)
Hash identifier:          WfPtupF0Uh+EqZw2989Rpf4Co2sTrrk6yieS29IyR/Q=
Subject key identifier:   4A:B2:D4:9A:AA:E4:07:3E:1F:BE:2E:30:A7:9F:0A:88:14:74:57:12
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01979BA9767B11002B0B5719BCF456E137B0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SrLUmqrkBz4fvi4wp58KiBR0VxI.roa
Signing time:             Mon 23 Jun 2025 07:21:03 +0000
ROA not before:           Mon 23 Jun 2025 07:21:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22160
IP address blocks:        151.243.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:a9:76:7b:11:00:2b:0b:57:19:bc:f4:56:e1:37:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 23 07:21:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ab2d49aaae4073e1fbe2e30a79f0a8814745712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1c:0d:89:c7:e7:0e:f3:fb:29:db:7b:a9:2c:
                    32:ec:25:4f:d5:51:3d:9e:9e:c1:b4:a6:07:14:09:
                    cc:40:94:fb:b2:11:a3:7b:62:23:6e:7d:0f:f8:b8:
                    ab:95:72:37:fb:d0:84:06:5c:28:a3:dc:c2:70:fb:
                    e5:79:a5:23:d4:55:af:27:fa:63:bf:05:2c:d6:fa:
                    8d:e8:3f:51:05:c5:0d:e6:2c:a6:36:e2:b9:1c:e3:
                    80:94:97:9f:23:b9:ed:3c:26:5f:00:12:23:5c:1b:
                    51:dc:88:19:20:37:c2:0f:24:38:ea:7c:6c:41:3d:
                    6f:47:70:b4:6f:13:36:18:c4:8a:ea:f3:ef:31:9b:
                    38:9a:d3:b4:8c:48:79:c8:eb:72:0c:8c:41:b1:0b:
                    b7:96:cf:3b:02:04:d8:9a:ee:d1:6c:4a:0e:0f:58:
                    a8:c4:f7:75:b2:f9:c7:1b:e5:c6:ec:a1:0b:42:33:
                    f4:cc:cc:25:37:54:a5:4b:1b:9e:0c:72:b8:46:d3:
                    7b:1e:c0:b5:86:8d:eb:cb:60:b6:ca:48:03:0c:bc:
                    61:93:5a:f5:78:45:13:f9:16:f8:68:bb:f1:58:fb:
                    26:99:a5:4e:ea:39:5d:d0:af:c4:68:67:b9:12:3e:
                    ea:3c:15:d0:e8:fe:b7:3d:e9:91:a5:61:33:85:e3:
                    e0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B2:D4:9A:AA:E4:07:3E:1F:BE:2E:30:A7:9F:0A:88:14:74:57:12
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SrLUmqrkBz4fvi4wp58KiBR0VxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:2b:c4:f2:38:aa:57:7e:b0:d6:bd:00:72:ce:a5:f2:a2:f5:
         ca:26:6b:be:d0:87:0e:69:90:5b:9a:04:9c:08:d7:35:c2:29:
         d6:06:c9:b0:16:c4:b6:40:27:93:06:21:f2:2e:0a:ae:14:15:
         b3:2f:b4:ee:f0:1b:78:9c:bc:03:1b:bc:eb:05:1d:b0:b6:e1:
         ac:01:34:ae:c3:0a:e3:d0:22:1c:8c:3c:a0:a5:d1:57:c2:41:
         76:14:f2:01:ce:b5:c4:cd:29:80:6b:0e:93:b5:bf:a3:7e:00:
         ea:5c:b2:23:06:30:f2:b5:74:40:5b:7f:7e:de:8d:e7:0a:0f:
         9e:a9:3d:a2:20:d3:25:6e:2c:2a:19:87:69:98:8b:ce:dd:cd:
         5b:c9:ad:f4:5e:70:3d:9d:a4:85:77:9f:b4:96:6e:c5:03:50:
         64:a0:eb:06:a8:30:dc:1e:61:9b:cf:ad:0c:5e:4c:4b:66:fa:
         47:16:1b:72:11:48:39:e8:67:9b:0c:57:fc:f6:97:30:ba:f5:
         74:b8:58:e5:a7:ea:d9:89:17:52:9b:e5:b3:2a:76:97:c7:14:
         33:09:4c:11:d2:ad:f9:67:93:a6:7a:b3:d7:4c:72:14:67:d4:
         56:cd:f9:c8:56:6d:ec:c0:d7:b7:9a:2d:c8:33:d6:0a:72:77:
         02:13:6c:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZebqXZ7EQArC1cZvPRW4TewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIzMDcyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWIyZDQ5YWFhZTQwNzNlMWZiZTJlMzBhNzlmMGE4ODE0NzQ1NzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxwNicfnDvP7Kdt7qSwy7CVP1VE9
np7BtKYHFAnMQJT7shGje2Ijbn0P+LirlXI3+9CEBlwoo9zCcPvleaUj1FWvJ/pj
vwUs1vqN6D9RBcUN5iymNuK5HOOAlJefI7ntPCZfABIjXBtR3IgZIDfCDyQ46nxs
QT1vR3C0bxM2GMSK6vPvMZs4mtO0jEh5yOtyDIxBsQu3ls87AgTYmu7RbEoOD1io
xPd1svnHG+XG7KELQjP0zMwlN1SlSxueDHK4RtN7HsC1ho3ry2C2ykgDDLxhk1r1
eEUT+Rb4aLvxWPsmmaVO6jld0K/EaGe5Ej7qPBXQ6P63PemRpWEzhePggQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqy1Jqq5Ac+H74uMKefCogUdFcSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvU3JMVW1xcmtCejRmdmk0d3A1OEtpQlIwVnhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/N+MA0G
CSqGSIb3DQEBCwUAA4IBAQAwK8TyOKpXfrDWvQByzqXyovXKJmu+0IcOaZBbmgSc
CNc1winWBsmwFsS2QCeTBiHyLgquFBWzL7Tu8Bt4nLwDG7zrBR2wtuGsATSuwwrj
0CIcjDygpdFXwkF2FPIBzrXEzSmAaw6Ttb+jfgDqXLIjBjDytXRAW39+3o3nCg+e
qT2iINMlbiwqGYdpmIvO3c1bya30XnA9naSFd5+0lm7FA1BkoOsGqDDcHmGbz60M
XkxLZvpHFhtyEUg56GebDFf89pcwuvV0uFjlp+rZiRdSm+WzKnaXxxQzCUwR0q35
Z5OmerPXTHIUZ9RWzfnIVm3swNe3mi3IM9YKcncCE2xF
-----END CERTIFICATE-----