Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aKEDb7zeKV5t6f0xcWOXSIqQjls.roa
File:                     aKEDb7zeKV5t6f0xcWOXSIqQjls.roa (raw, json)
Hash identifier:          FSQbLZrkNi7WDNQ3hcIUY+zj0ia78R5g8q1IHk2+okc=
Subject key identifier:   68:A1:03:6F:BC:DE:29:5E:6D:E9:FD:31:71:63:97:48:8A:90:8E:5B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01996B08CEB7948E0483953E1406F873AFBB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aKEDb7zeKV5t6f0xcWOXSIqQjls.roa
Signing time:             Sun 21 Sep 2025 06:49:23 +0000
ROA not before:           Sun 21 Sep 2025 06:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214654
IP address blocks:        151.244.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6b:08:ce:b7:94:8e:04:83:95:3e:14:06:f8:73:af:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 21 06:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68a1036fbcde295e6de9fd31716397488a908e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:88:46:52:e7:81:d5:86:11:ba:51:bf:fc:04:
                    2b:e3:69:6b:d4:0f:ee:1e:be:ef:f8:e2:77:49:1d:
                    3f:ab:44:74:aa:5f:21:2b:ac:34:0a:9d:cc:c3:04:
                    29:8e:f4:68:8a:85:5c:38:dd:0d:52:db:e9:5e:c5:
                    3b:e1:ce:a0:ca:20:17:34:1a:95:03:be:1d:10:63:
                    61:d3:1f:ea:ad:aa:4a:ce:44:5a:b9:a0:02:ab:66:
                    7c:16:1c:da:85:6e:ca:19:af:56:8f:46:3f:87:83:
                    1a:92:0f:d7:90:47:df:95:7e:1f:32:97:cc:6f:8d:
                    af:0b:4f:9b:f3:fa:01:2b:16:ad:87:79:97:f6:1f:
                    81:43:82:93:85:99:4b:ef:ce:df:3a:d7:0f:06:28:
                    13:e3:42:41:9b:32:df:61:fe:c7:39:07:16:0a:eb:
                    82:4a:c4:62:77:7d:e1:5c:2d:bf:83:95:dc:93:0a:
                    4e:d1:7e:c3:65:fa:b1:41:85:a2:e0:a5:7d:32:4a:
                    d2:94:e8:ff:bb:bd:ab:8a:7b:9e:81:c5:ce:66:91:
                    d0:16:f3:25:7a:2e:09:43:35:ed:8c:8b:2f:1c:66:
                    ca:46:ab:e1:9c:9e:ea:98:ce:dc:a7:ff:6b:f7:3d:
                    07:fb:11:34:a0:ff:1d:e8:51:b5:7b:84:79:78:04:
                    8b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A1:03:6F:BC:DE:29:5E:6D:E9:FD:31:71:63:97:48:8A:90:8E:5B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/aKEDb7zeKV5t6f0xcWOXSIqQjls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:29:fb:94:cf:55:67:93:81:1a:1b:c6:40:14:f2:34:b4:27:
         5c:6d:6b:d1:28:df:b3:2f:47:c3:3c:48:a9:78:4a:9f:e3:27:
         43:0e:7b:7c:60:eb:00:1b:0c:ad:98:10:d2:b3:8c:31:f1:44:
         7c:8f:8d:e8:54:53:86:91:13:54:46:6f:26:c0:a0:09:77:ef:
         09:56:a4:5d:a1:85:a4:63:2c:73:38:37:61:c4:45:e8:c1:82:
         8a:a0:a2:d3:5a:1a:ed:d4:c6:5b:60:5d:27:b6:55:44:65:63:
         c8:18:a1:4d:67:95:29:a3:ec:f5:3b:29:ff:c7:ac:54:45:07:
         37:98:2b:07:75:16:2a:31:43:9f:ef:cc:19:5d:ca:a7:67:30:
         c0:c9:6a:c3:8c:ee:36:83:f3:d3:a8:97:9d:a5:5b:c0:ab:60:
         ca:a5:89:e4:8b:76:c3:f2:f5:5f:ec:07:25:b4:30:85:a0:6e:
         df:b9:b9:cd:de:42:a5:84:14:92:40:20:9a:0b:74:41:ab:02:
         ca:79:52:8c:29:bd:22:35:73:18:41:80:3d:4f:07:14:b0:93:
         3c:79:1b:d8:dc:82:ee:6d:71:0e:8d:7c:3a:3b:91:79:65:aa:
         c5:2a:bf:f3:4d:ca:bc:7f:de:bb:f6:fe:16:b9:ae:31:0b:2e:
         c9:67:b5:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlrCM63lI4Eg5U+FAb4c6+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIxMDY0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGExMDM2ZmJjZGUyOTVlNmRlOWZkMzE3MTYzOTc0ODhhOTA4ZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyohGUueB1YYRulG//AQr42lr1A/u
Hr7v+OJ3SR0/q0R0ql8hK6w0Cp3MwwQpjvRoioVcON0NUtvpXsU74c6gyiAXNBqV
A74dEGNh0x/qrapKzkRauaACq2Z8FhzahW7KGa9Wj0Y/h4Makg/XkEfflX4fMpfM
b42vC0+b8/oBKxath3mX9h+BQ4KThZlL787fOtcPBigT40JBmzLfYf7HOQcWCuuC
SsRid33hXC2/g5XckwpO0X7DZfqxQYWi4KV9MkrSlOj/u72rinuegcXOZpHQFvMl
ei4JQzXtjIsvHGbKRqvhnJ7qmM7cp/9r9z0H+xE0oP8d6FG1e4R5eASLFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGihA2+83ileben9MXFjl0iKkI5bMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYUtFRGI3emVLVjV0NmYweGNXT1hTSXFRamxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/TsMA0G
CSqGSIb3DQEBCwUAA4IBAQCLKfuUz1Vnk4EaG8ZAFPI0tCdcbWvRKN+zL0fDPEip
eEqf4ydDDnt8YOsAGwytmBDSs4wx8UR8j43oVFOGkRNURm8mwKAJd+8JVqRdoYWk
YyxzODdhxEXowYKKoKLTWhrt1MZbYF0ntlVEZWPIGKFNZ5Upo+z1Oyn/x6xURQc3
mCsHdRYqMUOf78wZXcqnZzDAyWrDjO42g/PTqJedpVvAq2DKpYnki3bD8vVf7Acl
tDCFoG7fubnN3kKlhBSSQCCaC3RBqwLKeVKMKb0iNXMYQYA9TwcUsJM8eRvY3ILu
bXEOjXw6O5F5ZarFKr/zTcq8f9679v4Wua4xCy7JZ7X5
-----END CERTIFICATE-----