Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Zh0hwTKw8NFhgFJoGcx8FYTMsBY.roa
File:                     Zh0hwTKw8NFhgFJoGcx8FYTMsBY.roa (raw, json)
Hash identifier:          h2P5u0wts/w/K83ZvXd/y9inDOGq06PB7PzQFcFPRiQ=
Subject key identifier:   66:1D:21:C1:32:B0:F0:D1:61:80:52:68:19:CC:7C:15:84:CC:B0:16
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196B3A3FC3780BDA6CA35C08D2545E16A90
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Zh0hwTKw8NFhgFJoGcx8FYTMsBY.roa
Signing time:             Fri 09 May 2025 06:03:10 +0000
ROA not before:           Fri 09 May 2025 06:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209699
IP address blocks:        151.242.33.0/24 maxlen: 24
                          151.243.58.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b3:a3:fc:37:80:bd:a6:ca:35:c0:8d:25:45:e1:6a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  9 06:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=661d21c132b0f0d16180526819cc7c1584ccb016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1e:a2:0d:c8:22:9e:5a:8b:f4:4e:c3:6e:2a:
                    8e:60:64:90:72:9f:cf:c6:69:4e:c9:a3:9b:1b:5c:
                    88:bb:85:5d:53:44:43:3c:a9:bf:bd:c5:32:bb:24:
                    31:c1:3f:17:11:8a:21:85:86:57:f2:5a:0d:47:f8:
                    dd:ac:75:ae:67:59:de:02:16:e2:7c:b1:53:c5:36:
                    fc:4b:1f:b0:25:12:b3:82:c6:2b:e9:fc:3d:96:6b:
                    2b:ad:29:1f:55:52:70:67:03:ca:64:38:9e:31:48:
                    b0:49:0f:5a:81:b7:09:79:36:94:17:a0:84:66:b0:
                    f2:24:07:0b:2a:80:27:b2:47:9c:48:a3:92:cd:24:
                    76:a8:97:ea:11:15:10:09:7b:e2:b6:b0:d9:37:d6:
                    e7:00:18:46:34:c8:59:ed:cd:bd:de:5c:10:fc:61:
                    3f:d7:b3:d1:62:cb:f4:d5:46:4a:19:3f:5f:70:96:
                    d2:ad:a1:6d:2a:ea:45:64:63:80:d8:3d:2c:53:71:
                    92:53:2a:5e:ad:b1:9e:1a:08:c7:b0:40:49:66:2b:
                    81:4c:57:36:20:ec:2b:c2:de:26:44:2a:46:b2:73:
                    e4:bd:78:2f:91:ee:fb:a8:55:45:21:b2:4e:f7:0a:
                    e6:47:7c:be:e9:d3:d2:9c:39:35:dc:08:61:5e:bb:
                    ae:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:1D:21:C1:32:B0:F0:D1:61:80:52:68:19:CC:7C:15:84:CC:B0:16
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Zh0hwTKw8NFhgFJoGcx8FYTMsBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.33.0/24
                  151.243.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:69:1d:7c:c2:c8:66:0d:18:54:1f:17:9b:94:0e:64:c2:ad:
         43:e2:55:8b:ef:70:0e:b9:c0:54:b5:a6:5a:4a:21:0c:9c:93:
         8e:05:78:bb:b4:79:a6:d5:01:9f:95:db:74:54:c5:9e:c1:7e:
         d3:c5:6d:4d:54:60:ca:5a:44:e5:18:04:b3:6e:e7:29:41:66:
         15:d2:43:df:a9:e0:68:88:2b:11:16:45:e9:a7:54:51:cd:bb:
         bc:22:c8:05:6a:54:33:06:1c:4c:d1:07:21:be:86:61:c8:37:
         45:45:91:ee:c5:dc:d1:d6:95:19:8b:69:8c:e7:82:15:db:22:
         93:c4:ed:2b:10:4b:be:d6:79:1f:41:67:4c:9b:c2:4d:17:50:
         d0:3f:aa:35:b7:74:d6:84:b7:12:cf:58:2d:72:9f:98:62:b4:
         f4:b4:89:19:dd:68:1f:24:b9:2e:be:9f:50:57:91:24:3e:1c:
         93:88:7b:dd:8f:1a:3e:82:85:92:2f:25:1b:ee:9e:b1:07:40:
         5c:70:e5:13:cc:9c:e5:a9:f8:53:66:b1:81:0a:5a:4f:a5:6b:
         1c:31:21:d7:c7:a4:b7:9c:35:01:d0:6a:04:8e:d7:58:60:8a:
         f5:5d:2a:80:d8:32:5f:1b:e2:63:25:f6:46:51:23:5c:54:c3:
         88:2a:59:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZazo/w3gL2myjXAjSVF4WqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTA5MDYwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjFkMjFjMTMyYjBmMGQxNjE4MDUyNjgxOWNjN2MxNTg0Y2NiMDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlR6iDcginlqL9E7DbiqOYGSQcp/P
xmlOyaObG1yIu4VdU0RDPKm/vcUyuyQxwT8XEYohhYZX8loNR/jdrHWuZ1neAhbi
fLFTxTb8Sx+wJRKzgsYr6fw9lmsrrSkfVVJwZwPKZDieMUiwSQ9agbcJeTaUF6CE
ZrDyJAcLKoAnskecSKOSzSR2qJfqERUQCXvitrDZN9bnABhGNMhZ7c293lwQ/GE/
17PRYsv01UZKGT9fcJbSraFtKupFZGOA2D0sU3GSUyperbGeGgjHsEBJZiuBTFc2
IOwrwt4mRCpGsnPkvXgvke77qFVFIbJO9wrmR3y+6dPSnDk13AhhXruuwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGYdIcEysPDRYYBSaBnMfBWEzLAWMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWmgwaHdUS3c4TkZoZ0ZKb0djeDhGWVRNc0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/IhAwQB
l/M6MA0GCSqGSIb3DQEBCwUAA4IBAQB4aR18wshmDRhUHxeblA5kwq1D4lWL73AO
ucBUtaZaSiEMnJOOBXi7tHmm1QGfldt0VMWewX7TxW1NVGDKWkTlGASzbucpQWYV
0kPfqeBoiCsRFkXpp1RRzbu8IsgFalQzBhxM0QchvoZhyDdFRZHuxdzR1pUZi2mM
54IV2yKTxO0rEEu+1nkfQWdMm8JNF1DQP6o1t3TWhLcSz1gtcp+YYrT0tIkZ3Wgf
JLkuvp9QV5EkPhyTiHvdjxo+goWSLyUb7p6xB0BccOUTzJzlqfhTZrGBClpPpWsc
MSHXx6S3nDUB0GoEjtdYYIr1XSqA2DJfG+JjJfZGUSNcVMOIKlnv
-----END CERTIFICATE-----