Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lJVeZ1M9tDb7VXwvHJGwqv5lhNA.roa
File:                     lJVeZ1M9tDb7VXwvHJGwqv5lhNA.roa (raw, json)
Hash identifier:          pcco6Pvw60qtTfoMJ2325R4pbwuF4pXCWlpPHe3JjyY=
Subject key identifier:   94:95:5E:67:53:3D:B4:36:FB:55:7C:2F:1C:91:B0:AA:FE:65:84:D0
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01989D12B4ED12E1367864123EBA7F37206F
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lJVeZ1M9tDb7VXwvHJGwqv5lhNA.roa
Signing time:             Tue 12 Aug 2025 06:58:25 +0000
ROA not before:           Tue 12 Aug 2025 06:58:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205634
IP address blocks:        151.243.132.0/24 maxlen: 24
                          151.243.133.0/24 maxlen: 24
                          151.243.134.0/24 maxlen: 24
                          151.243.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9d:12:b4:ed:12:e1:36:78:64:12:3e:ba:7f:37:20:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 12 06:58:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94955e67533db436fb557c2f1c91b0aafe6584d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:30:a5:ef:4b:c2:1c:9c:32:6d:33:df:96:c4:
                    fb:eb:bc:4e:33:de:9e:f6:53:4d:00:af:67:8d:8a:
                    29:84:9e:cc:3c:97:de:02:7e:ae:89:64:57:54:08:
                    bd:a3:b0:a1:f4:5f:68:d5:e1:ca:52:3f:f6:60:d0:
                    0c:98:16:1c:9c:dd:e8:f4:93:fa:bb:fa:04:f2:68:
                    2e:75:8b:d7:c3:6e:3d:5d:8f:ff:0f:32:9f:c4:94:
                    7a:57:1e:43:13:e3:d2:06:53:ac:e2:e7:a9:53:35:
                    9f:40:e4:d5:6e:4b:be:26:8c:a5:f7:16:3e:45:e5:
                    e2:69:ca:04:14:b3:30:76:19:4d:50:5e:bc:a8:04:
                    14:23:29:c4:1d:83:f9:bd:9e:9a:0c:19:c3:f7:91:
                    ed:48:f6:d4:e2:98:cf:a8:60:a5:c7:ac:1f:d2:0f:
                    3b:3a:b1:cd:87:3a:d7:a1:4b:0c:6e:53:57:cb:e4:
                    de:8c:c1:f9:97:dd:4e:72:ba:47:da:c6:6e:90:fe:
                    c2:be:ff:f5:69:82:23:94:57:37:68:01:51:00:33:
                    c3:3c:dd:e6:03:ba:a7:4d:44:29:74:e8:da:c3:4f:
                    f3:4e:99:29:10:d3:c0:5a:e2:dc:6a:1d:0d:96:9d:
                    4f:13:00:b4:db:8f:e5:67:14:82:cf:e5:3b:6e:8b:
                    d5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:95:5E:67:53:3D:B4:36:FB:55:7C:2F:1C:91:B0:AA:FE:65:84:D0
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lJVeZ1M9tDb7VXwvHJGwqv5lhNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:7b:78:82:9d:8c:9e:14:dc:57:8b:b7:70:4d:20:1a:b5:41:
         f0:58:78:09:3c:45:a6:c4:1d:62:bf:0a:89:60:6f:73:a6:92:
         07:91:41:45:a7:01:81:a9:21:c8:db:8d:c1:91:2d:5b:6c:e0:
         1e:c7:61:35:3f:c1:eb:34:b1:d1:8e:e6:02:6e:50:c9:72:aa:
         3a:8c:f8:a2:2f:63:1c:14:cb:07:2d:1f:aa:80:d0:69:9f:cd:
         0e:82:37:bd:ee:54:6a:70:f8:32:32:cb:78:fa:78:ae:ed:a7:
         f6:cf:1b:6c:d0:24:bf:e0:65:c0:75:d2:b2:9e:c5:d0:3a:5e:
         1b:b9:43:44:f3:54:27:a1:93:e0:ce:c3:a1:e1:22:74:78:b7:
         9e:5c:c0:6c:f7:69:f2:3d:95:58:ed:c3:28:c0:6e:2a:62:8a:
         b7:e5:39:11:29:14:5f:83:b7:50:50:0c:9f:1a:12:b6:7b:41:
         6a:fd:96:58:b2:4f:8a:9b:3e:c2:53:be:fb:6d:b4:58:1a:9b:
         3c:66:6e:0f:09:b3:54:3b:67:4e:82:9d:35:0c:78:cc:89:af:
         27:2f:e9:9a:36:88:29:35:b4:c6:9a:5d:29:37:57:fa:77:c6:
         6e:49:60:18:c9:e9:70:ef:53:09:1a:66:81:c0:cc:b6:27:6f:
         6e:fc:b1:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZidErTtEuE2eGQSPrp/NyBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODEyMDY1ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk1NWU2NzUzM2RiNDM2ZmI1NTdjMmYxYzkxYjBhYWZlNjU4NGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDCl70vCHJwybTPflsT767xOM96e
9lNNAK9njYophJ7MPJfeAn6uiWRXVAi9o7Ch9F9o1eHKUj/2YNAMmBYcnN3o9JP6
u/oE8mgudYvXw249XY//DzKfxJR6Vx5DE+PSBlOs4uepUzWfQOTVbku+Joyl9xY+
ReXiacoEFLMwdhlNUF68qAQUIynEHYP5vZ6aDBnD95HtSPbU4pjPqGClx6wf0g87
OrHNhzrXoUsMblNXy+TejMH5l91OcrpH2sZukP7Cvv/1aYIjlFc3aAFRADPDPN3m
A7qnTUQpdOjaw0/zTpkpENPAWuLcah0Nlp1PEwC024/lZxSCz+U7bovVcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSVXmdTPbQ2+1V8LxyRsKr+ZYTQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbEpWZVoxTTl0RGI3Vlh3dkhKR3dxdjVsaE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/OEMA0G
CSqGSIb3DQEBCwUAA4IBAQBIe3iCnYyeFNxXi7dwTSAatUHwWHgJPEWmxB1ivwqJ
YG9zppIHkUFFpwGBqSHI243BkS1bbOAex2E1P8HrNLHRjuYCblDJcqo6jPiiL2Mc
FMsHLR+qgNBpn80Ogje97lRqcPgyMst4+niu7af2zxts0CS/4GXAddKynsXQOl4b
uUNE81QnoZPgzsOh4SJ0eLeeXMBs92nyPZVY7cMowG4qYoq35TkRKRRfg7dQUAyf
GhK2e0Fq/ZZYsk+Kmz7CU777bbRYGps8Zm4PCbNUO2dOgp01DHjMia8nL+maNogp
NbTGml0pN1f6d8ZuSWAYyelw71MJGmaBwMy2J29u/LFD
-----END CERTIFICATE-----