Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/a55SK2oVc8PtVrXIXD7YRECl3tY.roa
File:                     a55SK2oVc8PtVrXIXD7YRECl3tY.roa (raw, json)
Hash identifier:          MrliY2djBPtye1ZtkhqeIwJ3E9vYzGvlyxCyLI3o+6c=
Subject key identifier:   6B:9E:52:2B:6A:15:73:C3:ED:56:B5:C8:5C:3E:D8:44:40:A5:DE:D6
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01996565F63CF352A31ACFDDB175C582371D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/a55SK2oVc8PtVrXIXD7YRECl3tY.roa
Signing time:             Sat 20 Sep 2025 04:33:24 +0000
ROA not before:           Sat 20 Sep 2025 04:33:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214209
IP address blocks:        151.242.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:65:65:f6:3c:f3:52:a3:1a:cf:dd:b1:75:c5:82:37:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 20 04:33:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b9e522b6a1573c3ed56b5c85c3ed84440a5ded6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2b:41:c7:1b:b4:60:42:53:95:ab:55:59:53:
                    50:ac:64:3b:ae:a2:62:3d:96:31:f0:51:fd:3b:f2:
                    e2:b9:0b:31:a3:44:f9:74:df:a9:7b:9c:8e:76:ce:
                    34:02:c5:52:92:52:82:da:3c:3a:1b:4b:60:c8:5b:
                    af:06:03:78:87:4f:08:fa:74:70:e9:36:8e:13:a3:
                    ea:4e:df:00:ce:6c:64:43:78:52:2c:dd:e2:d2:31:
                    97:62:38:75:0f:95:f2:3a:79:4e:80:43:c4:ae:ed:
                    0a:f6:c7:b4:c3:80:8c:fb:3b:d9:f9:be:4a:24:f3:
                    87:5a:a1:f7:48:ec:28:a1:1d:f3:b8:1f:02:b4:e6:
                    10:65:3b:3c:91:10:9f:62:a7:52:9b:1f:00:48:64:
                    17:d5:1e:96:0c:bd:5a:4b:0e:5e:3c:44:28:50:c9:
                    20:bb:bd:1c:8b:5c:8a:ab:d2:b6:27:80:4b:28:30:
                    5b:ea:4b:77:0b:1d:90:90:69:fc:a6:a0:f8:51:26:
                    cf:b9:2d:0b:38:c6:f9:ee:ed:a6:78:ce:cd:e2:2d:
                    33:4d:04:df:a0:9d:86:d3:d1:5a:f3:bf:cc:54:34:
                    27:47:47:76:a4:88:a2:f6:1f:59:7b:a9:f0:26:f6:
                    dd:81:72:59:4a:c5:b0:ab:3c:59:82:cc:ea:c7:44:
                    93:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:9E:52:2B:6A:15:73:C3:ED:56:B5:C8:5C:3E:D8:44:40:A5:DE:D6
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/a55SK2oVc8PtVrXIXD7YRECl3tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:6b:f3:b1:94:58:8b:18:40:3d:c8:97:74:a5:d6:9a:74:fc:
         ff:ea:4e:78:72:c2:4f:c0:a1:99:fc:02:34:4d:55:5b:6f:fe:
         cc:19:5a:50:a5:3a:bd:f9:c8:02:f0:23:e1:cf:13:3f:7a:a0:
         3e:77:dd:c9:c5:a8:3e:1c:54:6b:5b:3d:6e:89:e1:ce:94:79:
         39:cf:aa:0e:e2:88:13:d6:dc:71:f4:2a:4d:e2:f7:08:77:4e:
         9d:66:32:33:76:f4:05:24:0e:69:bc:97:e2:50:81:11:67:5b:
         17:51:ae:b1:70:78:d3:07:37:06:0f:a6:c8:90:2c:29:31:e4:
         4d:ce:1f:6c:5e:01:1f:aa:1a:02:e1:bc:2f:f6:f4:d7:15:0c:
         dd:f9:3f:04:0a:87:51:3e:0e:4d:b7:b6:f3:70:57:07:da:19:
         b3:ad:2d:92:b2:30:53:81:f0:91:42:c9:dc:d3:34:fc:6d:3c:
         64:b9:8c:11:e2:00:37:b2:aa:b0:97:32:90:d4:1a:42:8a:26:
         0f:37:3a:76:e0:28:57:77:72:67:28:67:41:32:04:11:ff:22:
         87:ad:d7:38:c0:70:04:dc:1c:03:d1:41:e4:73:7b:e4:36:7e:
         61:55:56:29:d9:a6:4b:b4:f6:4b:ad:29:5a:99:73:69:40:90:
         72:51:7b:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZllZfY881KjGs/dsXXFgjcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIwMDQzMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjllNTIyYjZhMTU3M2MzZWQ1NmI1Yzg1YzNlZDg0NDQwYTVkZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqytBxxu0YEJTlatVWVNQrGQ7rqJi
PZYx8FH9O/LiuQsxo0T5dN+pe5yOds40AsVSklKC2jw6G0tgyFuvBgN4h08I+nRw
6TaOE6PqTt8AzmxkQ3hSLN3i0jGXYjh1D5XyOnlOgEPEru0K9se0w4CM+zvZ+b5K
JPOHWqH3SOwooR3zuB8CtOYQZTs8kRCfYqdSmx8ASGQX1R6WDL1aSw5ePEQoUMkg
u70ci1yKq9K2J4BLKDBb6kt3Cx2QkGn8pqD4USbPuS0LOMb57u2meM7N4i0zTQTf
oJ2G09Fa87/MVDQnR0d2pIii9h9Ze6nwJvbdgXJZSsWwqzxZgszqx0STPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGueUitqFXPD7Va1yFw+2ERApd7WMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYTU1U0syb1ZjOFB0VnJYSVhEN1lSRUNsM3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IeMA0G
CSqGSIb3DQEBCwUAA4IBAQCva/OxlFiLGEA9yJd0pdaadPz/6k54csJPwKGZ/AI0
TVVbb/7MGVpQpTq9+cgC8CPhzxM/eqA+d93Jxag+HFRrWz1uieHOlHk5z6oO4ogT
1txx9CpN4vcId06dZjIzdvQFJA5pvJfiUIERZ1sXUa6xcHjTBzcGD6bIkCwpMeRN
zh9sXgEfqhoC4bwv9vTXFQzd+T8ECodRPg5Nt7bzcFcH2hmzrS2SsjBTgfCRQsnc
0zT8bTxkuYwR4gA3sqqwlzKQ1BpCiiYPNzp24ChXd3JnKGdBMgQR/yKHrdc4wHAE
3BwD0UHkc3vkNn5hVVYp2aZLtPZLrSlamXNpQJByUXt+
-----END CERTIFICATE-----