Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aIi1yVcacs5F_17PzLEvTJWcJtc.roa
File:                     aIi1yVcacs5F_17PzLEvTJWcJtc.roa (raw, json)
Hash identifier:          nw04XeyDNsrtsguFmbtxMn71UgEHFcy0R6oCACQ16G0=
Subject key identifier:   68:88:B5:C9:57:1A:72:CE:45:FF:5E:CF:CC:B1:2F:4C:95:9C:26:D7
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D142B03523CF823BEC8A2FF5ECEA74F3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aIi1yVcacs5F_17PzLEvTJWcJtc.roa
Signing time:             Fri 22 Aug 2025 10:11:05 +0000
ROA not before:           Fri 22 Aug 2025 10:11:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42160
IP address blocks:        151.240.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:42:b0:35:23:cf:82:3b:ec:8a:2f:f5:ec:ea:74:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 22 10:11:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6888b5c9571a72ce45ff5ecfccb12f4c959c26d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:af:9f:a2:24:b6:42:3c:3e:99:4d:60:d7:57:
                    e6:52:f4:df:20:bd:33:e8:e9:05:3b:0d:9c:c3:d0:
                    43:8e:8e:8f:47:28:fb:c3:66:39:78:14:05:68:73:
                    e2:24:47:fa:40:59:c4:cc:53:ed:21:55:90:bf:3d:
                    c0:27:c1:61:04:f8:26:05:2f:37:f9:da:54:36:27:
                    5c:dc:8f:fe:ba:57:4d:09:c7:dc:48:5b:64:01:f3:
                    04:5d:f2:76:81:40:97:db:4a:c5:8a:1f:6a:6a:b6:
                    77:7f:bf:f0:7c:a5:ce:61:b6:25:46:11:1a:f1:61:
                    b5:30:7b:d3:b7:53:84:d6:18:30:48:af:cf:80:f7:
                    93:44:7f:b7:63:84:31:04:8a:08:a7:bb:b5:01:36:
                    ba:7b:ef:de:de:df:84:97:c3:2e:08:56:8d:21:4c:
                    1e:26:9e:85:91:e8:17:65:42:e6:20:66:b9:29:9a:
                    18:6a:85:a2:c3:45:69:09:b3:41:db:7e:79:45:1c:
                    21:07:de:be:d3:13:46:26:06:0f:b0:f1:7e:c0:5b:
                    07:dd:1a:87:db:6b:9d:5a:db:1c:c1:99:f5:ac:d2:
                    33:7b:5a:32:46:db:71:2f:0d:b7:36:8f:15:62:ef:
                    bd:b2:fc:08:57:1c:6c:ab:b1:f5:46:a9:10:f6:21:
                    1c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:88:B5:C9:57:1A:72:CE:45:FF:5E:CF:CC:B1:2F:4C:95:9C:26:D7
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aIi1yVcacs5F_17PzLEvTJWcJtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:38:ad:7b:54:34:0d:8f:5f:72:8e:4a:72:8f:40:3f:8e:5a:
         42:fa:88:f2:e3:07:99:c0:19:9d:44:35:ae:42:42:6b:43:6a:
         08:44:3e:f7:6d:47:8f:88:45:f3:f3:45:ce:f5:08:6f:00:8b:
         9d:50:0c:fd:eb:82:04:fe:29:08:14:44:5d:a8:97:16:44:bd:
         9e:9b:a9:19:ec:96:ce:bb:bd:26:98:c8:22:35:da:04:70:86:
         91:07:07:ec:3f:ff:54:2b:40:6b:e4:94:32:91:c8:61:71:a7:
         5a:40:05:d5:d0:bb:2d:47:c0:77:4b:ff:cd:45:66:51:94:09:
         12:fb:f4:c8:37:22:c1:15:9c:aa:24:37:f3:5c:ec:59:d7:33:
         5d:20:19:3f:33:23:bd:e6:45:9a:6c:72:3f:78:ac:7b:cd:b6:
         79:87:94:43:51:7c:14:99:ef:c9:17:ca:a1:18:3f:0b:04:88:
         56:8d:b7:5d:77:19:18:32:77:d3:9d:0e:80:04:a6:3f:d2:42:
         70:80:d4:5c:2d:f8:3d:fc:9f:e1:a0:35:d5:ab:99:0c:53:af:
         72:e9:ea:a6:d8:b5:f3:26:b2:2f:61:4b:b7:69:f9:1a:eb:f1:
         c3:0b:e8:9f:16:9f:fc:cb:dd:2e:4f:2c:d5:a8:b7:5d:79:e0:
         85:c4:83:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRQrA1I8+CO+yKL/Xs6nTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTAxMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODg4YjVjOTU3MWE3MmNlNDVmZjVlY2ZjY2IxMmY0Yzk1OWMyNmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6+foiS2Qjw+mU1g11fmUvTfIL0z
6OkFOw2cw9BDjo6PRyj7w2Y5eBQFaHPiJEf6QFnEzFPtIVWQvz3AJ8FhBPgmBS83
+dpUNidc3I/+uldNCcfcSFtkAfMEXfJ2gUCX20rFih9qarZ3f7/wfKXOYbYlRhEa
8WG1MHvTt1OE1hgwSK/PgPeTRH+3Y4QxBIoIp7u1ATa6e+/e3t+El8MuCFaNIUwe
Jp6FkegXZULmIGa5KZoYaoWiw0VpCbNB2355RRwhB96+0xNGJgYPsPF+wFsH3RqH
22udWtscwZn1rNIze1oyRttxLw23No8VYu+9svwIVxxsq7H1RqkQ9iEcGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiItclXGnLORf9ez8yxL0yVnCbXMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYUlpMXlWY2FjczVGXzE3UHpMRXZUSldjSnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/BNMA0G
CSqGSIb3DQEBCwUAA4IBAQAGOK17VDQNj19yjkpyj0A/jlpC+ojy4weZwBmdRDWu
QkJrQ2oIRD73bUePiEXz80XO9QhvAIudUAz964IE/ikIFERdqJcWRL2em6kZ7JbO
u70mmMgiNdoEcIaRBwfsP/9UK0Br5JQykchhcadaQAXV0LstR8B3S//NRWZRlAkS
+/TINyLBFZyqJDfzXOxZ1zNdIBk/MyO95kWabHI/eKx7zbZ5h5RDUXwUme/JF8qh
GD8LBIhWjbdddxkYMnfTnQ6ABKY/0kJwgNRcLfg9/J/hoDXVq5kMU69y6eqm2LXz
JrIvYUu3afka6/HDC+ifFp/8y90uTyzVqLddeeCFxIPi
-----END CERTIFICATE-----