Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WhrXblE8OxlMHXrkszEBkLxmfV4.roa
File:                     WhrXblE8OxlMHXrkszEBkLxmfV4.roa (raw, json)
Hash identifier:          gZrOlXow8E2SGSDDYuqmI3l1g0X14oTsOEcYT1PNoEo=
Subject key identifier:   5A:1A:D7:6E:51:3C:3B:19:4C:1D:7A:E4:B3:31:01:90:BC:66:7D:5E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01979BAA996174159794E30E5E759A76E33D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WhrXblE8OxlMHXrkszEBkLxmfV4.roa
Signing time:             Mon 23 Jun 2025 07:22:18 +0000
ROA not before:           Mon 23 Jun 2025 07:22:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147293
IP address blocks:        151.243.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 19:11:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:aa:99:61:74:15:97:94:e3:0e:5e:75:9a:76:e3:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 23 07:22:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a1ad76e513c3b194c1d7ae4b3310190bc667d5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ed:72:3e:78:4b:f2:1d:b7:a5:cb:bf:6c:10:
                    ce:9e:96:f9:d9:ad:38:63:e8:cf:00:c7:40:29:91:
                    3b:25:57:cc:ab:c0:17:69:f7:f7:e2:de:91:a0:30:
                    1e:69:3e:20:42:54:ed:af:31:89:39:a7:d2:72:0b:
                    f8:b8:3c:63:d4:19:75:27:e9:7a:51:c9:d3:ae:a6:
                    9b:06:2b:ba:e3:d4:58:85:2a:ae:ec:ce:a1:ac:d9:
                    6e:a7:ae:d0:9b:9a:3b:77:6b:95:d6:d7:e8:a7:c1:
                    aa:32:f3:f2:20:a1:af:74:bf:fe:f7:40:eb:c5:c0:
                    16:1a:68:e3:90:5e:f3:64:3f:87:f3:7b:d5:59:c5:
                    04:16:22:5e:e4:67:5a:6a:15:bd:e6:19:25:d5:5c:
                    9d:24:b8:4c:36:38:ff:ff:b8:23:56:6c:b8:5f:d8:
                    8f:9c:30:37:84:51:19:7c:22:96:7b:58:87:ed:8c:
                    5f:24:b8:b5:bd:36:5a:10:cc:84:ec:9d:07:0b:b7:
                    09:d9:30:9d:0e:e1:e5:30:c6:4b:69:2d:94:60:f9:
                    49:7e:25:36:5d:f3:17:c9:b5:03:3e:d6:11:33:19:
                    52:ba:4f:d0:3a:d8:34:10:44:96:95:7a:82:f8:fe:
                    e7:c9:40:7e:65:2d:a5:ea:fd:5c:22:bc:ca:97:35:
                    db:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:1A:D7:6E:51:3C:3B:19:4C:1D:7A:E4:B3:31:01:90:BC:66:7D:5E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WhrXblE8OxlMHXrkszEBkLxmfV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:30:01:04:a3:d0:22:d2:16:14:28:e1:42:52:60:9a:60:05:
         6f:c9:80:89:ee:de:4c:65:3d:ea:fc:27:88:bd:3f:45:c7:6f:
         c8:64:e9:6c:cb:05:2a:e7:ca:8a:93:1a:41:e1:ca:d4:39:24:
         15:f1:6c:77:17:eb:c3:18:6b:ba:c0:cf:d2:61:82:c4:65:2e:
         e9:66:c6:6c:f6:98:67:ec:31:20:d9:f9:ce:fb:f0:67:f6:58:
         72:0e:ff:52:b7:db:bf:fd:4a:4c:06:b8:2b:0f:78:d8:8c:51:
         78:bb:11:44:aa:c1:5f:97:76:7e:00:51:84:58:ed:5a:fe:2f:
         72:76:52:59:2c:0d:07:cc:aa:6a:20:28:fd:d8:7f:cd:b4:a0:
         e6:0f:6b:56:d9:6d:8c:37:c2:d9:97:63:b5:b1:b4:6f:ff:6d:
         33:7d:91:c8:fe:5b:d7:86:cd:64:74:0f:c1:ca:28:41:db:52:
         15:5b:0a:7c:86:56:da:3e:bb:c2:b9:6a:7c:0f:e6:57:cf:03:
         c3:d4:1a:4e:60:8e:9c:3b:cc:6e:98:f7:c8:81:54:0e:88:97:
         51:32:bf:fe:5a:41:93:7d:cb:45:30:ce:98:62:96:88:80:2d:
         80:48:75:96:64:71:29:fa:be:32:ba:4e:39:6c:89:c6:43:82:
         ea:de:cf:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZebqplhdBWXlOMOXnWaduM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIzMDcyMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTFhZDc2ZTUxM2MzYjE5NGMxZDdhZTRiMzMxMDE5MGJjNjY3ZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+1yPnhL8h23pcu/bBDOnpb52a04
Y+jPAMdAKZE7JVfMq8AXaff34t6RoDAeaT4gQlTtrzGJOafScgv4uDxj1Bl1J+l6
UcnTrqabBiu649RYhSqu7M6hrNlup67Qm5o7d2uV1tfop8GqMvPyIKGvdL/+90Dr
xcAWGmjjkF7zZD+H83vVWcUEFiJe5GdaahW95hkl1VydJLhMNjj//7gjVmy4X9iP
nDA3hFEZfCKWe1iH7YxfJLi1vTZaEMyE7J0HC7cJ2TCdDuHlMMZLaS2UYPlJfiU2
XfMXybUDPtYRMxlSuk/QOtg0EESWlXqC+P7nyUB+ZS2l6v1cIrzKlzXbzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoa125RPDsZTB165LMxAZC8Zn1eMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvV2hyWGJsRThPeGxNSFhya3N6RUJrTHhtZlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MUMA0G
CSqGSIb3DQEBCwUAA4IBAQBnMAEEo9Ai0hYUKOFCUmCaYAVvyYCJ7t5MZT3q/CeI
vT9Fx2/IZOlsywUq58qKkxpB4crUOSQV8Wx3F+vDGGu6wM/SYYLEZS7pZsZs9phn
7DEg2fnO+/Bn9lhyDv9St9u//UpMBrgrD3jYjFF4uxFEqsFfl3Z+AFGEWO1a/i9y
dlJZLA0HzKpqICj92H/NtKDmD2tW2W2MN8LZl2O1sbRv/20zfZHI/lvXhs1kdA/B
yihB21IVWwp8hlbaPrvCuWp8D+ZXzwPD1BpOYI6cO8xumPfIgVQOiJdRMr/+WkGT
fctFMM6YYpaIgC2ASHWWZHEp+r4yuk45bInGQ4Lq3s9s
-----END CERTIFICATE-----