Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Uw-Lt5aqbv7jJoiuhOxVptSjNPY.roa
File:                     Uw-Lt5aqbv7jJoiuhOxVptSjNPY.roa (raw, json)
Hash identifier:          E8x8RmR0BYwpjWFv5ucQMRyYvpqSe6OUcCThHs6CbVc=
Subject key identifier:   53:0F:8B:B7:96:AA:6E:FE:E3:26:88:AE:84:EC:55:A6:D4:A3:34:F6
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019786DDABDF2536281D2634B111D7057007
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Uw-Lt5aqbv7jJoiuhOxVptSjNPY.roa
Signing time:             Thu 19 Jun 2025 06:26:03 +0000
ROA not before:           Thu 19 Jun 2025 06:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210554
IP address blocks:        151.243.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:86:dd:ab:df:25:36:28:1d:26:34:b1:11:d7:05:70:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 19 06:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=530f8bb796aa6efee32688ae84ec55a6d4a334f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:03:96:0b:64:f9:59:da:11:ed:e8:6e:38:2e:
                    d4:33:88:98:aa:47:06:af:5c:4b:68:6e:f7:81:a1:
                    37:1b:14:93:6c:1b:f6:1b:1c:74:6e:7c:da:75:ef:
                    ac:58:ab:03:98:8e:a1:a9:37:cb:2b:59:20:a9:62:
                    e8:64:15:50:1a:38:c7:f3:d3:d6:8d:87:da:e5:dd:
                    3c:75:ce:67:36:3d:02:01:36:6f:4e:d1:39:25:a9:
                    55:16:89:17:62:ca:cf:46:fd:f6:a0:78:cc:0f:22:
                    60:04:c5:cf:38:98:f8:6b:57:e4:fe:27:4a:aa:69:
                    c9:fc:a7:a5:98:7e:7c:8f:58:b1:2f:9d:1c:17:8f:
                    5a:1e:15:a5:26:5f:ca:80:55:1a:75:72:8e:8e:05:
                    ce:24:70:ef:bd:f5:70:32:11:2a:3f:1e:ee:52:93:
                    20:1b:bc:3f:56:ca:ad:ce:e8:36:2a:e2:48:f7:f5:
                    d2:62:f5:a3:f6:9a:7b:da:4c:5c:67:62:7b:8d:48:
                    b4:3f:da:ec:c0:c2:0b:68:ac:88:8d:4d:3c:88:1a:
                    fc:68:5c:60:91:60:d8:1f:cc:da:70:a6:ae:a5:3a:
                    df:35:6f:ad:42:30:07:e0:17:bf:e1:b5:47:e7:03:
                    d0:ab:5b:5f:93:93:14:6e:4c:38:89:75:fc:07:d8:
                    43:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0F:8B:B7:96:AA:6E:FE:E3:26:88:AE:84:EC:55:A6:D4:A3:34:F6
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Uw-Lt5aqbv7jJoiuhOxVptSjNPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:53:73:d0:09:22:2b:e3:db:c7:5e:49:55:24:01:2c:c5:c5:
         59:2a:e8:df:c9:66:e7:92:93:25:40:5f:13:02:81:5d:af:d7:
         57:18:32:96:3f:55:58:85:ff:67:5a:5a:1a:f0:93:8b:df:64:
         7f:42:6c:3e:ed:1e:bd:c4:5e:76:94:6b:05:55:3f:9f:e9:26:
         7c:d7:84:c6:4f:33:30:81:82:81:9b:ae:56:3d:d1:9b:c2:74:
         ec:73:7f:e0:c6:97:87:89:24:f9:2c:32:7d:ba:9d:4e:3f:cd:
         20:e7:4f:29:c2:77:7c:59:4c:3a:23:13:1e:45:a1:fe:b2:cf:
         88:4e:35:a8:0a:5d:80:80:a6:3d:4f:93:73:63:c9:8f:f1:a0:
         ed:6b:d0:e8:97:9a:20:59:76:e3:83:69:9a:48:f6:20:04:46:
         3f:ff:7d:ec:ba:30:32:f5:7a:ce:3c:0f:82:d1:d5:c3:4d:c1:
         79:8a:a0:09:18:51:2d:9e:15:78:57:73:21:68:0b:50:f3:56:
         6b:d6:9c:ea:22:61:49:7a:76:55:72:49:ff:d4:a5:7f:18:6d:
         dd:11:de:15:12:d9:49:d0:c4:5a:e8:f4:c1:0d:25:07:b2:ae:
         e6:fc:fb:0b:6b:57:59:aa:4e:d4:09:8b:f5:05:64:a1:59:6d:
         be:0d:d6:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeG3avfJTYoHSY0sRHXBXAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjE5MDYyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzBmOGJiNzk2YWE2ZWZlZTMyNjg4YWU4NGVjNTVhNmQ0YTMzNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QOWC2T5WdoR7ehuOC7UM4iYqkcG
r1xLaG73gaE3GxSTbBv2Gxx0bnzade+sWKsDmI6hqTfLK1kgqWLoZBVQGjjH89PW
jYfa5d08dc5nNj0CATZvTtE5JalVFokXYsrPRv32oHjMDyJgBMXPOJj4a1fk/idK
qmnJ/KelmH58j1ixL50cF49aHhWlJl/KgFUadXKOjgXOJHDvvfVwMhEqPx7uUpMg
G7w/Vsqtzug2KuJI9/XSYvWj9pp72kxcZ2J7jUi0P9rswMILaKyIjU08iBr8aFxg
kWDYH8zacKaupTrfNW+tQjAH4Be/4bVH5wPQq1tfk5MUbkw4iXX8B9hDJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMPi7eWqm7+4yaIroTsVabUozT2MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVXctTHQ1YXFidjdqSm9pdWhPeFZwdFNqTlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MYMA0G
CSqGSIb3DQEBCwUAA4IBAQAeU3PQCSIr49vHXklVJAEsxcVZKujfyWbnkpMlQF8T
AoFdr9dXGDKWP1VYhf9nWloa8JOL32R/Qmw+7R69xF52lGsFVT+f6SZ814TGTzMw
gYKBm65WPdGbwnTsc3/gxpeHiST5LDJ9up1OP80g508pwnd8WUw6IxMeRaH+ss+I
TjWoCl2AgKY9T5NzY8mP8aDta9Dol5ogWXbjg2maSPYgBEY//33sujAy9XrOPA+C
0dXDTcF5iqAJGFEtnhV4V3MhaAtQ81Zr1pzqImFJenZVckn/1KV/GG3dEd4VEtlJ
0MRa6PTBDSUHsq7m/PsLa1dZqk7UCYv1BWShWW2+DdbJ
-----END CERTIFICATE-----