Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/THugyNin0BE82ZWqyoiMP605roI.roa
File:                     THugyNin0BE82ZWqyoiMP605roI.roa (raw, json)
Hash identifier:          BWPcZgWB8qVgeuJE3KgddmUYHMY5utSYNzI3Sglh+fM=
Subject key identifier:   4C:7B:A0:C8:D8:A7:D0:11:3C:D9:95:AA:CA:88:8C:3F:AD:39:AE:82
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01994168F0068ECEB8E55B206FFF8C21CDAB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/THugyNin0BE82ZWqyoiMP605roI.roa
Signing time:             Sat 13 Sep 2025 04:50:20 +0000
ROA not before:           Sat 13 Sep 2025 04:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216405
IP address blocks:        151.247.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:41:68:f0:06:8e:ce:b8:e5:5b:20:6f:ff:8c:21:cd:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 13 04:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c7ba0c8d8a7d0113cd995aaca888c3fad39ae82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:45:29:fd:f8:51:d3:05:c9:10:ec:cc:a2:ab:
                    0d:25:6b:f3:43:cb:1b:1d:52:23:77:a9:df:d6:2e:
                    5e:98:83:ea:73:9d:cf:99:38:1a:6c:b2:8d:b4:fd:
                    50:68:4c:e1:6f:29:3a:0c:7c:45:0b:f6:38:62:03:
                    86:f0:71:a0:fc:11:0b:93:89:a7:c6:c3:8c:73:12:
                    b8:a0:3b:16:71:94:dd:a8:8f:67:f7:1f:70:0f:f6:
                    e9:60:23:0d:dc:e6:6b:61:a5:1c:f1:c4:ef:57:07:
                    2d:6c:0f:7e:9c:a5:52:d9:5c:43:71:78:fe:ad:0e:
                    1f:18:b1:a3:60:ad:23:85:42:d1:70:d2:23:0e:ee:
                    ab:c1:a7:41:2e:0f:7e:78:2f:64:80:e7:3a:70:ea:
                    03:35:cf:00:85:68:d3:b8:64:38:95:9e:a4:e3:28:
                    49:1b:15:94:6b:cf:95:5f:16:71:65:99:cf:eb:07:
                    9f:76:e9:ec:aa:b8:9d:2f:db:dc:27:32:09:91:79:
                    cc:47:36:e8:da:49:82:27:05:ba:ee:fe:96:bc:d8:
                    dc:4c:bc:23:8e:10:b7:64:6c:9c:ed:58:e7:5d:0b:
                    54:d8:81:55:f7:4f:28:b4:76:f5:3a:d6:3c:13:f5:
                    ef:cb:6d:ac:d3:a6:fe:b8:ff:18:c8:23:2c:58:7a:
                    3a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:7B:A0:C8:D8:A7:D0:11:3C:D9:95:AA:CA:88:8C:3F:AD:39:AE:82
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/THugyNin0BE82ZWqyoiMP605roI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:14:f7:8f:a5:61:81:f8:aa:70:15:c9:be:e9:c2:a6:7a:85:
         83:bc:ab:be:c8:73:22:d8:c2:a0:07:6e:dd:24:d2:de:dc:13:
         da:74:4a:40:4e:65:8a:a4:c7:7c:09:1a:30:53:19:d4:38:fe:
         ab:60:57:39:b3:50:11:71:3d:2b:a2:b7:8c:c2:6e:f8:f5:fb:
         4c:e6:4f:2d:a9:7a:c5:33:ce:bf:20:7a:f0:e0:6e:ba:f1:8a:
         28:e0:0b:45:c7:96:c0:c3:6e:1b:a4:56:43:e9:1d:6c:e4:80:
         d4:2b:47:6e:54:49:c1:0f:55:8e:5a:f6:d5:51:18:e3:b5:60:
         c6:e6:df:4f:0c:34:79:96:7f:21:e1:42:10:f4:de:2e:0c:07:
         f7:eb:9a:08:13:05:11:df:f5:70:78:a0:04:c2:b2:68:c7:8a:
         4d:86:1e:02:52:e0:49:51:ae:cd:88:53:ac:8b:48:0a:4c:60:
         c6:0e:72:2e:71:31:c2:dc:ff:02:76:11:19:7b:88:52:1a:ba:
         a1:bd:06:3e:f7:9e:43:d5:cf:4b:78:b6:84:62:40:96:74:46:
         69:06:2e:f9:fa:ef:d6:68:9e:08:9c:a3:20:92:d5:50:c8:be:
         8e:67:64:39:d2:ba:5b:4a:04:f8:50:a5:a6:07:01:9a:b3:67:
         7b:2b:21:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlBaPAGjs645Vsgb/+MIc2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTEzMDQ1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzdiYTBjOGQ4YTdkMDExM2NkOTk1YWFjYTg4OGMzZmFkMzlhZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkUp/fhR0wXJEOzMoqsNJWvzQ8sb
HVIjd6nf1i5emIPqc53PmTgabLKNtP1QaEzhbyk6DHxFC/Y4YgOG8HGg/BELk4mn
xsOMcxK4oDsWcZTdqI9n9x9wD/bpYCMN3OZrYaUc8cTvVwctbA9+nKVS2VxDcXj+
rQ4fGLGjYK0jhULRcNIjDu6rwadBLg9+eC9kgOc6cOoDNc8AhWjTuGQ4lZ6k4yhJ
GxWUa8+VXxZxZZnP6wefdunsqridL9vcJzIJkXnMRzbo2kmCJwW67v6WvNjcTLwj
jhC3ZGyc7VjnXQtU2IFV908otHb1OtY8E/Xvy22s06b+uP8YyCMsWHo6AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEx7oMjYp9ARPNmVqsqIjD+tOa6CMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVEh1Z3lOaW4wQkU4MlpXcXlvaU1QNjA1cm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/fXMA0G
CSqGSIb3DQEBCwUAA4IBAQCzFPePpWGB+KpwFcm+6cKmeoWDvKu+yHMi2MKgB27d
JNLe3BPadEpATmWKpMd8CRowUxnUOP6rYFc5s1ARcT0roreMwm749ftM5k8tqXrF
M86/IHrw4G668Yoo4AtFx5bAw24bpFZD6R1s5IDUK0duVEnBD1WOWvbVURjjtWDG
5t9PDDR5ln8h4UIQ9N4uDAf365oIEwUR3/VweKAEwrJox4pNhh4CUuBJUa7NiFOs
i0gKTGDGDnIucTHC3P8CdhEZe4hSGrqhvQY+955D1c9LeLaEYkCWdEZpBi75+u/W
aJ4InKMgktVQyL6OZ2Q50rpbSgT4UKWmBwGas2d7KyGU
-----END CERTIFICATE-----