Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_6hD9xzmrSk10UVc1qcvWmmsUdY.roa
File:                     _6hD9xzmrSk10UVc1qcvWmmsUdY.roa (raw, json)
Hash identifier:          gCN0AZ+AamObs7S+IIC4ZmWuZKeJmwlLs7VtZhNTx8U=
Subject key identifier:   FF:A8:43:F7:1C:E6:AD:29:35:D1:45:5C:D6:A7:2F:5A:69:AC:51:D6
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019686DE7F292CCE95EC56DDD0D121FEC201
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_6hD9xzmrSk10UVc1qcvWmmsUdY.roa
Signing time:             Wed 30 Apr 2025 13:24:10 +0000
ROA not before:           Wed 30 Apr 2025 13:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        151.240.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 May 2025 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:de:7f:29:2c:ce:95:ec:56:dd:d0:d1:21:fe:c2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 30 13:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffa843f71ce6ad2935d1455cd6a72f5a69ac51d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:67:94:31:ab:2a:ce:0b:3e:f5:44:ac:0f:f6:
                    63:f8:ab:eb:f5:03:4a:40:49:eb:72:06:f7:6c:3d:
                    fb:11:23:55:a0:ec:63:4f:d6:96:72:e0:e6:1a:d0:
                    be:22:e5:e6:9b:69:ef:81:53:12:18:bf:41:b8:a3:
                    4b:e7:fa:39:95:03:51:82:71:76:77:bd:a9:88:13:
                    b5:ec:5f:c5:2e:e8:3d:50:44:01:9b:5a:d0:64:02:
                    e2:51:cf:91:f5:83:43:b7:f7:3a:ad:10:1a:86:f9:
                    9d:c0:41:ec:c4:a7:cd:de:c8:0b:25:2f:d3:a0:7d:
                    da:1b:5c:a7:d7:55:95:96:80:0c:35:81:22:5d:ac:
                    6a:1b:58:18:63:eb:8d:ae:f3:ee:c0:cb:56:f6:3d:
                    57:c0:f9:e2:b3:aa:56:91:3f:2e:86:f2:be:fc:2c:
                    ed:75:d2:38:85:0d:4a:34:ec:d0:97:0d:0a:f6:3c:
                    59:7d:a7:09:69:90:49:85:61:d7:c1:c0:3b:fe:3f:
                    d6:cc:54:3a:e3:8b:70:ab:86:74:ea:b0:76:a7:d9:
                    99:e7:b6:03:93:3d:de:44:d3:5f:1b:d4:d1:e5:10:
                    ec:15:fb:24:0a:2b:ea:c9:f1:f3:d1:a4:a6:82:08:
                    b9:3c:79:50:8e:c0:cb:22:0c:d9:8a:72:ea:9a:e8:
                    5a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:A8:43:F7:1C:E6:AD:29:35:D1:45:5C:D6:A7:2F:5A:69:AC:51:D6
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_6hD9xzmrSk10UVc1qcvWmmsUdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:8d:c6:04:3c:d5:3f:99:81:f4:01:20:9f:78:b1:a2:11:80:
         3e:77:9d:64:fb:61:e8:89:bd:90:02:65:70:54:8a:17:2d:c3:
         5d:dc:72:ac:47:1a:1b:2d:6d:ab:f8:9a:5b:4f:4f:7b:f1:d0:
         f9:0c:b6:20:75:4f:fe:1b:ea:d4:57:a4:85:82:7b:e7:59:32:
         34:a4:4a:4f:22:9a:bd:cc:9b:5b:45:fb:96:20:2c:09:fe:b6:
         39:01:22:42:e4:16:2f:76:dd:3c:3e:bb:4f:ea:19:86:44:cb:
         e6:0d:49:64:75:84:8e:10:94:50:ff:0b:14:cd:e0:01:05:41:
         e3:ac:51:2a:0c:01:88:4c:8c:98:12:36:4b:b8:4d:5c:76:ba:
         20:d0:bd:31:12:4e:33:ab:9f:53:2b:a2:32:62:e6:91:90:cd:
         ce:18:f4:b7:65:42:6a:84:50:df:19:94:34:f7:c6:98:1e:7a:
         4d:f9:81:77:f6:ca:61:ad:06:bb:3c:b9:04:17:cf:da:54:25:
         3f:5c:ec:93:8e:07:72:b1:ca:82:d6:97:60:55:a5:00:fd:48:
         08:05:60:b8:87:f3:0c:04:5c:5c:d1:8f:0c:7b:fd:d8:16:e6:
         7a:b1:8f:74:cb:61:fb:bd:01:aa:b1:77:c5:05:1e:8d:96:c8:
         57:73:c4:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaG3n8pLM6V7Fbd0NEh/sIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDMwMTMyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmE4NDNmNzFjZTZhZDI5MzVkMTQ1NWNkNmE3MmY1YTY5YWM1MWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WeUMasqzgs+9USsD/Zj+Kvr9QNK
QEnrcgb3bD37ESNVoOxjT9aWcuDmGtC+IuXmm2nvgVMSGL9BuKNL5/o5lQNRgnF2
d72piBO17F/FLug9UEQBm1rQZALiUc+R9YNDt/c6rRAahvmdwEHsxKfN3sgLJS/T
oH3aG1yn11WVloAMNYEiXaxqG1gYY+uNrvPuwMtW9j1XwPnis6pWkT8uhvK+/Czt
ddI4hQ1KNOzQlw0K9jxZfacJaZBJhWHXwcA7/j/WzFQ644twq4Z06rB2p9mZ57YD
kz3eRNNfG9TR5RDsFfskCivqyfHz0aSmggi5PHlQjsDLIgzZinLqmuhaHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+oQ/cc5q0pNdFFXNanL1pprFHWMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvXzZoRDl4em1yU2sxMFVWYzFxY3ZXbW1zVWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/AQMA0G
CSqGSIb3DQEBCwUAA4IBAQBXjcYEPNU/mYH0ASCfeLGiEYA+d51k+2Hoib2QAmVw
VIoXLcNd3HKsRxobLW2r+JpbT0978dD5DLYgdU/+G+rUV6SFgnvnWTI0pEpPIpq9
zJtbRfuWICwJ/rY5ASJC5BYvdt08PrtP6hmGRMvmDUlkdYSOEJRQ/wsUzeABBUHj
rFEqDAGITIyYEjZLuE1cdrog0L0xEk4zq59TK6IyYuaRkM3OGPS3ZUJqhFDfGZQ0
98aYHnpN+YF39sphrQa7PLkEF8/aVCU/XOyTjgdyscqC1pdgVaUA/UgIBWC4h/MM
BFxc0Y8Me/3YFuZ6sY90y2H7vQGqsXfFBR6NlshXc8Ri
-----END CERTIFICATE-----