Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o6fhOfXyXyHuQSqjdR-jUYT4zmI.roa
File:                     o6fhOfXyXyHuQSqjdR-jUYT4zmI.roa (raw, json)
Hash identifier:          ze1ZRr3eW2HS3NgbAW879MiWy0K1nCv/m4JzAki9ioQ=
Subject key identifier:   A3:A7:E1:39:F5:F2:5F:21:EE:41:2A:A3:75:1F:A3:51:84:F8:CE:62
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197C62DD9E8BD5248180A18456D4DD656A8
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o6fhOfXyXyHuQSqjdR-jUYT4zmI.roa
Signing time:             Tue 01 Jul 2025 13:29:42 +0000
ROA not before:           Tue 01 Jul 2025 13:29:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208324
IP address blocks:        151.244.144.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:2d:d9:e8:bd:52:48:18:0a:18:45:6d:4d:d6:56:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  1 13:29:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3a7e139f5f25f21ee412aa3751fa35184f8ce62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a8:72:12:7e:cc:e3:5f:a5:64:8d:86:6e:2b:
                    2d:f1:a4:97:34:21:e5:8f:84:a9:c7:c2:cf:01:b1:
                    55:5a:47:a1:e9:37:7a:0a:ce:aa:9b:f9:f9:85:10:
                    b1:f1:76:ff:d0:29:76:3d:34:87:7a:cf:8f:37:e5:
                    2d:90:2a:73:dd:52:00:ee:d1:4e:03:8b:96:98:d8:
                    62:45:97:9b:de:c1:24:2d:9c:79:64:9f:f5:6c:92:
                    e7:88:1d:98:a3:df:60:b0:92:7a:51:9b:02:99:8c:
                    ed:92:79:99:0d:1b:94:f6:8d:42:32:5c:87:19:13:
                    4e:98:2b:9c:b0:e7:b3:62:c8:80:18:28:e0:ea:a3:
                    58:c1:d7:7c:1a:5b:d5:a9:d8:11:5e:57:11:68:a9:
                    38:d5:4a:d9:34:1c:f0:79:cc:17:5a:1b:75:3c:3a:
                    af:56:37:69:46:0b:36:89:25:48:40:a9:97:a0:1b:
                    80:78:cd:a1:e7:db:b6:23:48:93:03:02:1a:aa:94:
                    82:64:cd:8b:0a:40:a9:45:b5:81:da:1e:3c:a7:13:
                    00:22:20:ff:b6:0a:1b:53:a5:17:63:f9:1f:3e:d5:
                    c9:2f:1c:17:0c:88:b6:bf:56:39:be:02:3f:06:06:
                    57:72:67:f6:07:14:41:9e:4a:d7:ab:15:db:7f:79:
                    52:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A7:E1:39:F5:F2:5F:21:EE:41:2A:A3:75:1F:A3:51:84:F8:CE:62
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o6fhOfXyXyHuQSqjdR-jUYT4zmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         64:e7:09:84:a4:4e:4b:51:27:a0:31:2a:71:45:e9:b3:c7:65:
         bf:b2:f4:6b:cc:af:70:bc:d1:9a:12:ca:5e:71:b1:61:ff:25:
         a2:e1:20:ed:43:a3:d8:31:18:bd:66:5b:ea:dd:2e:3c:fe:bc:
         dd:da:1e:b5:41:b2:76:be:a9:ee:8d:3f:91:85:c5:b1:23:48:
         95:16:f2:02:ab:c1:1f:42:d7:67:f6:d0:fb:5c:9b:ba:b1:06:
         42:09:2f:c9:7e:0a:61:df:cd:dc:32:eb:9e:1c:2e:e0:64:46:
         dc:d3:8d:17:20:58:92:5c:53:e6:4a:f2:7b:45:32:98:d5:d5:
         49:7f:42:96:87:57:a0:20:24:2b:94:1a:80:c6:61:2b:46:a0:
         e3:76:12:2b:0c:10:32:04:ab:c4:9f:b7:cc:8b:2c:44:84:71:
         ab:08:f7:5b:73:ae:6e:ba:7c:3b:0b:ef:cf:76:c0:eb:94:c1:
         39:e8:dd:91:35:38:ba:d9:be:73:95:fe:82:87:c2:e9:06:e4:
         8f:c1:fc:1c:f1:af:a7:4b:7a:bd:6f:b9:da:96:4e:56:d3:cb:
         a9:84:01:d7:e7:17:ec:34:20:f6:0d:00:fd:66:88:f8:4f:18:
         f5:2b:a9:57:39:21:5d:8a:5d:01:79:4a:24:4e:f3:35:75:cc:
         ab:32:fa:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfGLdnovVJIGAoYRW1N1laoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzAxMTMyOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2E3ZTEzOWY1ZjI1ZjIxZWU0MTJhYTM3NTFmYTM1MTg0ZjhjZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtahyEn7M41+lZI2Gbist8aSXNCHl
j4Spx8LPAbFVWkeh6Td6Cs6qm/n5hRCx8Xb/0Cl2PTSHes+PN+UtkCpz3VIA7tFO
A4uWmNhiRZeb3sEkLZx5ZJ/1bJLniB2Yo99gsJJ6UZsCmYztknmZDRuU9o1CMlyH
GRNOmCucsOezYsiAGCjg6qNYwdd8GlvVqdgRXlcRaKk41UrZNBzwecwXWht1PDqv
VjdpRgs2iSVIQKmXoBuAeM2h59u2I0iTAwIaqpSCZM2LCkCpRbWB2h48pxMAIiD/
tgobU6UXY/kfPtXJLxwXDIi2v1Y5vgI/BgZXcmf2BxRBnkrXqxXbf3lSswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOn4Tn18l8h7kEqo3Ufo1GE+M5iMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbzZmaE9mWHlYeUh1UVNxamRSLWpVWVQ0em1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEl/SQMA0G
CSqGSIb3DQEBCwUAA4IBAQBk5wmEpE5LUSegMSpxRemzx2W/svRrzK9wvNGaEspe
cbFh/yWi4SDtQ6PYMRi9Zlvq3S48/rzd2h61QbJ2vqnujT+RhcWxI0iVFvICq8Ef
Qtdn9tD7XJu6sQZCCS/Jfgph383cMuueHC7gZEbc040XIFiSXFPmSvJ7RTKY1dVJ
f0KWh1egICQrlBqAxmErRqDjdhIrDBAyBKvEn7fMiyxEhHGrCPdbc65uunw7C+/P
dsDrlME56N2RNTi62b5zlf6Ch8LpBuSPwfwc8a+nS3q9b7nalk5W08uphAHX5xfs
NCD2DQD9Zoj4Txj1K6lXOSFdil0BeUokTvM1dcyrMvp+
-----END CERTIFICATE-----