Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/TWoR1ZsFLxQzUlJoCj6H-249pBg.roa
File:                     TWoR1ZsFLxQzUlJoCj6H-249pBg.roa (raw, json)
Hash identifier:          II9YEchbyxxK29v97NLkdO2/S+KMqtzr2atQ8l7or84=
Subject key identifier:   4D:6A:11:D5:9B:05:2F:14:33:52:52:68:0A:3E:87:FB:6E:3D:A4:18
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199E63FB4D5868FD6E9D1BC297833CD7A0C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/TWoR1ZsFLxQzUlJoCj6H-249pBg.roa
Signing time:             Wed 15 Oct 2025 05:02:38 +0000
ROA not before:           Wed 15 Oct 2025 05:02:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22427
IP address blocks:        151.242.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:3f:b4:d5:86:8f:d6:e9:d1:bc:29:78:33:cd:7a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 15 05:02:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d6a11d59b052f14335252680a3e87fb6e3da418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:58:7a:83:45:00:5e:e5:74:40:b6:ce:43:4c:
                    30:50:66:98:3d:5c:0b:3c:55:05:32:b5:30:04:24:
                    12:a2:94:c4:ad:8c:07:ff:01:71:68:4b:61:21:d2:
                    e4:aa:ca:dc:98:76:d8:c8:8a:36:4a:9d:78:81:cc:
                    18:50:59:ed:1b:ac:f0:fe:d7:87:28:9b:b2:54:ad:
                    17:63:18:85:ed:2e:19:af:f5:1a:3b:67:7b:64:90:
                    53:a6:e2:8e:78:c8:01:13:6d:9e:a7:0b:a1:03:75:
                    63:e5:f5:ee:63:d1:99:a3:6a:cb:23:2b:22:56:5e:
                    13:3c:fa:33:4f:c9:af:5f:3f:80:98:0a:d2:f4:03:
                    10:42:d2:4a:20:06:bd:ae:a6:8b:c0:9c:16:68:e0:
                    a0:a9:8a:92:47:21:5c:70:2e:c9:0f:46:dd:2a:ce:
                    41:2b:9a:91:92:53:2e:ba:a1:8c:bf:cf:f2:e2:0d:
                    07:09:12:02:ed:c7:53:46:7d:27:b1:5b:6e:ba:ed:
                    cd:37:9f:7f:10:af:4d:22:d6:93:74:85:91:19:9e:
                    62:9f:a2:6d:2e:59:fe:a5:d7:a0:06:2b:da:0e:17:
                    7a:e2:91:18:11:e3:80:4f:8b:da:c3:d7:11:ef:21:
                    8a:02:29:e9:6d:15:59:92:61:58:1f:6a:b8:37:de:
                    cb:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:6A:11:D5:9B:05:2F:14:33:52:52:68:0A:3E:87:FB:6E:3D:A4:18
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/TWoR1ZsFLxQzUlJoCj6H-249pBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:6d:8b:09:05:ce:37:6d:67:2a:9f:a6:75:f1:1f:63:5d:cf:
         77:92:7a:83:c6:70:55:4c:8b:eb:e8:f7:3b:bd:0c:9a:25:5c:
         db:7f:01:02:37:26:6c:05:6d:35:84:36:ff:95:c7:ee:3a:b9:
         16:df:c9:f6:e3:2a:c8:07:86:79:ee:20:c0:68:69:e8:e6:1f:
         64:2e:4c:49:6a:28:e5:04:45:a0:f1:e0:11:a2:31:a2:af:f1:
         63:ba:23:1d:5c:61:cc:30:5f:05:6e:f7:dc:ff:83:f7:e6:1f:
         d2:e4:5e:81:fa:a7:af:0f:81:76:7b:ae:24:ee:47:9c:36:b7:
         87:61:58:5f:c4:78:3a:45:7d:34:81:6e:cd:f4:66:dc:ec:24:
         86:ad:30:6e:03:29:fb:12:2c:36:1b:99:10:53:75:65:2d:81:
         70:2c:f3:0f:38:8e:90:d0:4f:d9:11:41:81:bb:ac:6b:e7:57:
         82:73:43:7f:ed:f5:30:e6:ed:34:63:8b:14:a9:dc:55:44:41:
         1e:2e:8b:50:10:86:de:97:49:c6:fc:b6:dc:d4:2d:08:3e:50:
         02:3a:a1:65:ee:c0:9e:cd:6a:c7:ff:8f:91:9b:21:4d:c7:7f:
         5c:de:b0:7a:9c:04:af:a6:49:f0:28:37:f5:2a:5e:c9:5b:73:
         df:f0:33:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnmP7TVho/W6dG8KXgzzXoMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDE1MDUwMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDZhMTFkNTliMDUyZjE0MzM1MjUyNjgwYTNlODdmYjZlM2RhNDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Fh6g0UAXuV0QLbOQ0wwUGaYPVwL
PFUFMrUwBCQSopTErYwH/wFxaEthIdLkqsrcmHbYyIo2Sp14gcwYUFntG6zw/teH
KJuyVK0XYxiF7S4Zr/UaO2d7ZJBTpuKOeMgBE22epwuhA3Vj5fXuY9GZo2rLIysi
Vl4TPPozT8mvXz+AmArS9AMQQtJKIAa9rqaLwJwWaOCgqYqSRyFccC7JD0bdKs5B
K5qRklMuuqGMv8/y4g0HCRIC7cdTRn0nsVtuuu3NN59/EK9NItaTdIWRGZ5in6Jt
Lln+pdegBivaDhd64pEYEeOAT4vaw9cR7yGKAinpbRVZkmFYH2q4N97LawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1qEdWbBS8UM1JSaAo+h/tuPaQYMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVFdvUjFac0ZMeFF6VWxKb0NqNkgtMjQ5cEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KaMA0G
CSqGSIb3DQEBCwUAA4IBAQA5bYsJBc43bWcqn6Z18R9jXc93knqDxnBVTIvr6Pc7
vQyaJVzbfwECNyZsBW01hDb/lcfuOrkW38n24yrIB4Z57iDAaGno5h9kLkxJaijl
BEWg8eARojGir/FjuiMdXGHMMF8Fbvfc/4P35h/S5F6B+qevD4F2e64k7kecNreH
YVhfxHg6RX00gW7N9Gbc7CSGrTBuAyn7Eiw2G5kQU3VlLYFwLPMPOI6Q0E/ZEUGB
u6xr51eCc0N/7fUw5u00Y4sUqdxVREEeLotQEIbel0nG/Lbc1C0IPlACOqFl7sCe
zWrH/4+RmyFNx39c3rB6nASvpknwKDf1Kl7JW3Pf8DOl
-----END CERTIFICATE-----