Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Z3uES1tzXeFvPw-DjzG11BRtcNo.roa
File:                     Z3uES1tzXeFvPw-DjzG11BRtcNo.roa (raw, json)
Hash identifier:          SoC5rzng7n6M2tZnZK8tfZwZsUYRaLqIn2sl3ooJ3uQ=
Subject key identifier:   67:7B:84:4B:5B:73:5D:E1:6F:3F:0F:83:8F:31:B5:D4:14:6D:70:DA
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199F16DF5E44D72DE9B7506FFF6A42CA2A0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Z3uES1tzXeFvPw-DjzG11BRtcNo.roa
Signing time:             Fri 17 Oct 2025 09:08:59 +0000
ROA not before:           Fri 17 Oct 2025 09:08:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215741
IP address blocks:        151.240.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:6d:f5:e4:4d:72:de:9b:75:06:ff:f6:a4:2c:a2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 17 09:08:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=677b844b5b735de16f3f0f838f31b5d4146d70da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e6:31:2a:d2:1d:09:10:a0:7f:18:6d:9b:57:
                    02:1a:bc:ac:75:55:6a:5c:3c:ef:5c:fa:c4:a1:09:
                    84:5b:2a:37:b3:cd:99:59:fa:57:71:75:2a:4c:ed:
                    bc:48:0c:43:ba:ec:ea:f7:b8:c5:e0:47:f5:9d:cf:
                    58:52:40:67:aa:91:30:50:bb:76:9e:19:b0:9f:66:
                    a8:96:69:01:40:17:4e:32:05:0b:af:b5:0a:a6:2c:
                    fc:c0:cb:58:6d:b8:3b:78:34:a5:b7:36:9a:c5:25:
                    cc:66:31:b5:78:aa:0f:20:1b:ca:2b:98:c4:c3:0c:
                    92:38:45:79:ef:87:54:bd:88:2d:a3:25:31:12:89:
                    87:33:f7:46:f0:cc:3c:c3:cf:b8:1e:16:19:e2:49:
                    bf:23:8e:ca:96:b0:14:57:ea:1d:d2:25:c6:f4:4a:
                    1c:2d:fb:07:c6:b5:57:77:7b:0e:8e:2e:19:be:55:
                    76:eb:fe:15:67:a3:d9:5f:ff:f5:ad:c1:5e:22:4d:
                    de:90:45:95:27:8c:f6:f2:66:0d:d4:e9:44:66:e3:
                    07:82:3e:3e:e0:91:a8:03:c0:cb:fc:0b:52:7c:48:
                    be:f0:99:6a:37:25:7c:11:f4:1a:d7:af:13:13:bd:
                    4f:11:0c:3e:1a:3c:f8:ad:5d:2c:3a:c1:25:a1:3f:
                    08:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7B:84:4B:5B:73:5D:E1:6F:3F:0F:83:8F:31:B5:D4:14:6D:70:DA
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Z3uES1tzXeFvPw-DjzG11BRtcNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:1d:75:61:56:86:f0:bd:8e:e0:29:70:93:8c:c4:57:50:1a:
         13:80:3b:02:1f:0e:b2:8b:2a:51:31:e3:83:f8:a5:c4:b8:5e:
         f2:ed:8b:1f:95:d4:0b:02:91:56:dc:d2:73:01:3b:30:ae:30:
         14:56:9c:b0:fd:4b:a7:61:37:67:59:32:31:90:77:05:3a:22:
         58:db:ce:0f:fb:46:33:32:c8:57:18:26:b1:9c:7f:be:09:0d:
         d9:1c:ba:eb:92:7e:ad:62:f8:ec:23:03:44:38:1b:f3:b2:c5:
         c0:ce:59:72:b3:ea:a4:59:cb:77:f3:4d:00:2c:99:e6:f0:54:
         7b:dc:dd:ab:6b:cd:64:77:ac:ba:f8:e4:6d:65:9b:c5:6d:27:
         fe:f7:57:6b:c0:93:ef:fb:0f:79:47:8e:7d:52:97:29:33:54:
         42:f0:7a:b5:fd:2f:d9:8c:88:1a:39:c7:73:5b:e4:f9:8f:ba:
         e6:05:f7:5b:6a:1b:35:7e:5e:62:d5:6b:7f:20:b4:e7:ea:05:
         56:73:e4:c1:fc:f4:9d:a3:6b:4e:3e:31:2f:ba:fe:6d:2d:ab:
         e0:4f:26:5f:f8:03:78:f1:22:c8:d7:e7:c2:e9:f2:1b:77:d1:
         51:45:30:a5:be:fd:4e:b1:1e:fc:5e:a9:dc:9e:8e:eb:2c:4d:
         cf:4b:78:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnxbfXkTXLem3UG//akLKKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDE3MDkwODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdiODQ0YjViNzM1ZGUxNmYzZjBmODM4ZjMxYjVkNDE0NmQ3MGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouYxKtIdCRCgfxhtm1cCGrysdVVq
XDzvXPrEoQmEWyo3s82ZWfpXcXUqTO28SAxDuuzq97jF4Ef1nc9YUkBnqpEwULt2
nhmwn2aolmkBQBdOMgULr7UKpiz8wMtYbbg7eDSltzaaxSXMZjG1eKoPIBvKK5jE
wwySOEV574dUvYgtoyUxEomHM/dG8Mw8w8+4HhYZ4km/I47KlrAUV+od0iXG9Eoc
LfsHxrVXd3sOji4ZvlV26/4VZ6PZX//1rcFeIk3ekEWVJ4z28mYN1OlEZuMHgj4+
4JGoA8DL/AtSfEi+8JlqNyV8EfQa168TE71PEQw+Gjz4rV0sOsEloT8IVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd7hEtbc13hbz8Pg48xtdQUbXDaMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWjN1RVMxdHpYZUZ2UHctRGp6RzExQlJ0Y05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/AbMA0G
CSqGSIb3DQEBCwUAA4IBAQAaHXVhVobwvY7gKXCTjMRXUBoTgDsCHw6yiypRMeOD
+KXEuF7y7YsfldQLApFW3NJzATswrjAUVpyw/UunYTdnWTIxkHcFOiJY284P+0Yz
MshXGCaxnH++CQ3ZHLrrkn6tYvjsIwNEOBvzssXAzllys+qkWct3800ALJnm8FR7
3N2ra81kd6y6+ORtZZvFbSf+91drwJPv+w95R459UpcpM1RC8Hq1/S/ZjIgaOcdz
W+T5j7rmBfdbahs1fl5i1Wt/ILTn6gVWc+TB/PSdo2tOPjEvuv5tLavgTyZf+AN4
8SLI1+fC6fIbd9FRRTClvv1OsR78Xqncno7rLE3PS3hn
-----END CERTIFICATE-----