Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/eG4uv-Rq-mqxJD_Ze8GhQuS9O1k.roa
File:                     eG4uv-Rq-mqxJD_Ze8GhQuS9O1k.roa (raw, json)
Hash identifier:          /3CD+QGmg6Znoaf8aRi3LjNRs090VcZbFM4KeFUxUzI=
Subject key identifier:   78:6E:2E:BF:E4:6A:FA:6A:B1:24:3F:D9:7B:C1:A1:42:E4:BD:3B:59
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01996FFF93ABCF55720EF6E4CE9C326CE9E2
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/eG4uv-Rq-mqxJD_Ze8GhQuS9O1k.roa
Signing time:             Mon 22 Sep 2025 05:57:24 +0000
ROA not before:           Mon 22 Sep 2025 05:57:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        151.244.108.0/24 maxlen: 24
                          151.247.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6f:ff:93:ab:cf:55:72:0e:f6:e4:ce:9c:32:6c:e9:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 22 05:57:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=786e2ebfe46afa6ab1243fd97bc1a142e4bd3b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:99:47:ab:9a:cf:fb:a3:1e:97:ec:27:d3:4a:
                    a3:c2:b3:f6:b3:74:68:6b:fd:f9:02:cc:44:68:fd:
                    27:8d:57:77:22:d4:36:61:3a:63:c8:cc:19:5c:ae:
                    fb:1c:45:ee:a8:f8:93:50:44:f2:f2:2d:a8:f1:b7:
                    0c:9a:e4:ed:c5:95:38:8f:1b:d7:f5:a0:fb:8d:e1:
                    93:e2:4e:8b:37:c8:90:0d:57:a9:ee:e2:d1:d9:14:
                    8f:2f:a6:a2:68:49:d9:82:f0:a1:57:75:7f:43:bf:
                    c6:57:45:43:bb:a4:b9:ea:d7:85:7b:99:8e:49:5c:
                    89:90:75:86:a3:7c:b2:53:3d:ec:9a:29:0d:92:ad:
                    8e:37:9b:7c:9c:cc:9b:a0:7d:12:b4:af:f2:2e:7c:
                    01:86:51:5f:53:90:83:0e:bc:b3:f2:68:30:f4:1f:
                    58:e9:2b:9e:1a:ec:1f:1a:a5:c2:2b:9d:ab:51:67:
                    51:c7:78:38:a4:1c:50:47:54:b7:91:8f:6c:fd:bd:
                    e8:b5:58:10:17:71:0f:01:08:f6:19:87:9d:5b:1e:
                    7e:90:d0:4d:d1:1f:7f:03:7e:ac:41:b6:ef:87:41:
                    b3:1e:f8:a7:77:c3:98:78:23:c4:cb:63:97:13:e1:
                    10:90:65:cc:a2:41:64:13:09:25:56:77:b4:bd:94:
                    6a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:6E:2E:BF:E4:6A:FA:6A:B1:24:3F:D9:7B:C1:A1:42:E4:BD:3B:59
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/eG4uv-Rq-mqxJD_Ze8GhQuS9O1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.108.0/24
                  151.247.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:48:c4:7c:8d:43:3a:df:33:80:ef:37:2f:fe:fc:a9:09:61:
         56:02:0d:c1:9a:f6:34:66:e7:59:9c:90:09:20:2f:7a:09:7d:
         41:08:85:c9:97:02:24:22:8b:38:15:20:06:9e:33:00:8f:27:
         1e:42:ec:bf:d9:99:57:b9:f2:4b:b5:8d:77:8e:48:5e:42:61:
         60:c9:02:c2:11:9f:0c:ae:f4:d3:c2:5e:2e:9d:44:46:37:76:
         18:0f:25:fb:8a:1e:84:43:fe:92:d8:92:bd:e7:b6:da:fb:f1:
         a6:cf:7e:49:e6:c0:ec:fc:20:fa:b6:f4:79:8f:69:73:57:cc:
         81:ac:fb:56:fe:51:f2:95:6a:e4:0f:c2:90:49:52:25:3e:32:
         13:d5:89:29:38:56:05:14:89:52:c1:ef:1e:1a:55:3c:08:38:
         8a:11:03:51:7a:b4:42:d0:da:d3:ae:1e:95:ef:f4:b3:fe:fb:
         4b:8a:9f:32:26:3e:de:ce:c7:c8:bf:2f:18:19:c1:8b:ea:f4:
         d0:48:07:15:5f:62:a2:c7:3b:50:d0:4d:1f:83:f4:dd:7c:ff:
         17:69:af:cf:d2:d1:b0:4f:f0:db:dd:ce:a8:5c:6c:27:9d:b3:
         5b:88:e4:ae:80:b0:be:79:5c:d0:2f:e8:fc:46:97:09:78:68:
         b0:a4:2b:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlv/5Orz1VyDvbkzpwybOniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIyMDU1NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODZlMmViZmU0NmFmYTZhYjEyNDNmZDk3YmMxYTE0MmU0YmQzYjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZlHq5rP+6Mel+wn00qjwrP2s3Ro
a/35AsxEaP0njVd3ItQ2YTpjyMwZXK77HEXuqPiTUETy8i2o8bcMmuTtxZU4jxvX
9aD7jeGT4k6LN8iQDVep7uLR2RSPL6aiaEnZgvChV3V/Q7/GV0VDu6S56teFe5mO
SVyJkHWGo3yyUz3smikNkq2ON5t8nMyboH0StK/yLnwBhlFfU5CDDryz8mgw9B9Y
6SueGuwfGqXCK52rUWdRx3g4pBxQR1S3kY9s/b3otVgQF3EPAQj2GYedWx5+kNBN
0R9/A36sQbbvh0GzHvind8OYeCPEy2OXE+EQkGXMokFkEwklVne0vZRqJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHhuLr/kavpqsSQ/2XvBoULkvTtZMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZUc0dXYtUnEtbXF4SkRfWmU4R2hRdVM5TzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/RsAwQA
l/fNMA0GCSqGSIb3DQEBCwUAA4IBAQC0SMR8jUM63zOA7zcv/vypCWFWAg3BmvY0
ZudZnJAJIC96CX1BCIXJlwIkIos4FSAGnjMAjyceQuy/2ZlXufJLtY13jkheQmFg
yQLCEZ8MrvTTwl4unURGN3YYDyX7ih6EQ/6S2JK957ba+/Gmz35J5sDs/CD6tvR5
j2lzV8yBrPtW/lHylWrkD8KQSVIlPjIT1YkpOFYFFIlSwe8eGlU8CDiKEQNRerRC
0NrTrh6V7/Sz/vtLip8yJj7ezsfIvy8YGcGL6vTQSAcVX2KixztQ0E0fg/TdfP8X
aa/P0tGwT/Db3c6oXGwnnbNbiOSugLC+eVzQL+j8RpcJeGiwpCuc
-----END CERTIFICATE-----