Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/nBbOxSVd3AMD0n529gU4HjQjuHo.roa
File:                     nBbOxSVd3AMD0n529gU4HjQjuHo.roa (raw, json)
Hash identifier:          GSZ3MrTleZjJeAJXcARLgtjKCOQWUSUDZHwSLN61hhM=
Subject key identifier:   9C:16:CE:C5:25:5D:DC:03:03:D2:7E:76:F6:05:38:1E:34:23:B8:7A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196B39F69D85EC2F22CB2BF2532817B9F8E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/nBbOxSVd3AMD0n529gU4HjQjuHo.roa
Signing time:             Fri 09 May 2025 05:58:11 +0000
ROA not before:           Fri 09 May 2025 05:58:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48925
IP address blocks:        151.242.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b3:9f:69:d8:5e:c2:f2:2c:b2:bf:25:32:81:7b:9f:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  9 05:58:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c16cec5255ddc0303d27e76f605381e3423b87a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:01:65:a1:f5:ba:f1:e6:6c:39:a8:0e:5c:9d:
                    e2:6f:df:d3:f1:ee:6e:be:01:66:a8:3c:18:3c:9d:
                    6e:1c:4d:3a:c1:73:8c:12:90:a7:7b:1c:eb:c7:df:
                    bf:f9:7d:7d:2e:d2:d4:01:06:9e:b8:5d:bd:e2:1a:
                    bc:db:27:a9:b7:62:9c:cd:9d:da:21:19:40:a2:c7:
                    93:92:e4:a2:84:73:9d:4e:f1:17:03:02:ab:71:82:
                    75:0b:50:65:46:30:81:b5:93:30:22:73:11:d7:ca:
                    32:00:b5:6b:0c:c1:7a:6d:6e:f6:e4:d8:de:98:87:
                    14:1b:1f:ce:25:9a:bd:a1:04:b5:5b:89:f7:72:40:
                    f0:27:0d:fe:c2:b9:6d:54:a3:ec:14:8c:a3:18:79:
                    56:76:55:7c:52:3f:19:f1:08:d6:1f:1c:42:7b:81:
                    eb:6e:40:2c:bf:58:7c:c2:25:e1:63:60:97:ff:28:
                    06:52:1b:ab:30:2a:6a:5c:e3:53:d6:a7:0d:9d:23:
                    9e:0f:52:79:60:00:1e:d4:2c:18:d1:6c:e9:62:19:
                    c0:4e:d3:53:29:62:40:a9:7b:dc:27:cd:02:08:2f:
                    0c:53:3a:12:62:d7:b2:1a:dd:ff:b0:a7:0f:1a:10:
                    1c:ab:e9:49:71:52:66:90:e6:df:ed:4d:67:43:fc:
                    65:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:16:CE:C5:25:5D:DC:03:03:D2:7E:76:F6:05:38:1E:34:23:B8:7A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/nBbOxSVd3AMD0n529gU4HjQjuHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:71:c3:af:20:1a:70:3e:52:ca:fa:e2:01:44:e5:0c:c7:95:
         42:bf:4b:22:9a:5f:45:ca:cd:84:a6:97:1a:34:b0:de:89:25:
         f4:8a:b7:46:6e:9b:6e:38:61:62:90:b3:77:5a:09:a2:99:75:
         53:65:23:49:16:89:34:a1:ad:fb:d0:2a:fe:65:4e:02:76:20:
         ea:32:93:c4:08:7b:24:25:2a:bc:a7:57:9a:d2:1d:28:a5:db:
         f3:22:5d:3c:fe:cd:11:f7:f7:67:44:08:23:9b:e7:60:a6:26:
         7b:63:38:21:b9:04:ff:c8:70:0a:a3:08:bc:1e:95:c9:06:f0:
         3b:a7:6c:37:cd:09:cc:e3:7d:f5:d0:eb:09:69:29:d1:2e:7a:
         1e:a8:37:6b:12:21:26:78:a4:23:b9:23:76:19:2c:a0:d6:82:
         51:13:1f:00:bc:f6:3f:30:fb:bf:9c:34:18:14:39:0a:c5:4b:
         ed:85:3e:2b:d7:af:13:93:6a:eb:14:7f:da:0f:9f:9d:6a:d5:
         44:b5:e8:83:d8:fb:4a:f9:4a:29:5f:c8:0c:a0:bd:a3:a0:4a:
         14:47:79:c4:2f:c8:e2:e2:af:b3:73:9b:42:f5:95:56:fc:07:
         e2:73:74:75:f3:c3:e0:db:89:1c:ad:67:fb:9a:50:4b:b0:ba:
         49:95:1c:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZazn2nYXsLyLLK/JTKBe5+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTA5MDU1ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzE2Y2VjNTI1NWRkYzAzMDNkMjdlNzZmNjA1MzgxZTM0MjNiODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gFlofW68eZsOagOXJ3ib9/T8e5u
vgFmqDwYPJ1uHE06wXOMEpCnexzrx9+/+X19LtLUAQaeuF294hq82yept2KczZ3a
IRlAoseTkuSihHOdTvEXAwKrcYJ1C1BlRjCBtZMwInMR18oyALVrDMF6bW725Nje
mIcUGx/OJZq9oQS1W4n3ckDwJw3+wrltVKPsFIyjGHlWdlV8Uj8Z8QjWHxxCe4Hr
bkAsv1h8wiXhY2CX/ygGUhurMCpqXONT1qcNnSOeD1J5YAAe1CwY0WzpYhnATtNT
KWJAqXvcJ80CCC8MUzoSYteyGt3/sKcPGhAcq+lJcVJmkObf7U1nQ/xloQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwWzsUlXdwDA9J+dvYFOB40I7h6MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbkJiT3hTVmQzQU1EMG41MjlnVTRIalFqdUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JqMA0G
CSqGSIb3DQEBCwUAA4IBAQBEccOvIBpwPlLK+uIBROUMx5VCv0siml9Fys2Eppca
NLDeiSX0irdGbptuOGFikLN3WgmimXVTZSNJFok0oa370Cr+ZU4CdiDqMpPECHsk
JSq8p1ea0h0opdvzIl08/s0R9/dnRAgjm+dgpiZ7YzghuQT/yHAKowi8HpXJBvA7
p2w3zQnM43310OsJaSnRLnoeqDdrEiEmeKQjuSN2GSyg1oJREx8AvPY/MPu/nDQY
FDkKxUvthT4r168Tk2rrFH/aD5+datVEteiD2PtK+UopX8gMoL2joEoUR3nEL8ji
4q+zc5tC9ZVW/Afic3R188Pg24kcrWf7mlBLsLpJlRyL
-----END CERTIFICATE-----