Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/oEYnOYAgfWRCgBEKi-V9eILI-74.roa
File:                     oEYnOYAgfWRCgBEKi-V9eILI-74.roa (raw, json)
Hash identifier:          GKfoKTzcR8BAL7Z9TpChxjbeDePJVJPM3rsh4mnhgfY=
Subject key identifier:   A0:46:27:39:80:20:7D:64:42:80:11:0A:8B:E5:7D:78:82:C8:FB:BE
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01996565F5D38733C1D77F61A04E1B3D7AB1
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/oEYnOYAgfWRCgBEKi-V9eILI-74.roa
Signing time:             Sat 20 Sep 2025 04:33:24 +0000
ROA not before:           Sat 20 Sep 2025 04:33:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205009
IP address blocks:        151.243.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:65:65:f5:d3:87:33:c1:d7:7f:61:a0:4e:1b:3d:7a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 20 04:33:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a046273980207d644280110a8be57d7882c8fbbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8a:49:b1:b4:e1:4c:33:8f:cf:7f:73:e2:47:
                    56:3e:fe:78:2d:ee:ca:9a:28:8f:ff:51:25:d7:a7:
                    76:44:97:42:02:2b:e2:06:ca:6e:87:72:f6:e8:ad:
                    5e:13:e2:3a:02:60:2f:83:7e:2e:76:61:e1:97:0c:
                    e8:b9:0b:7a:d6:b9:ae:20:1d:a0:50:bf:3d:7e:e1:
                    c1:a3:e1:de:25:c9:12:76:db:a9:8b:5b:2e:28:92:
                    13:73:38:2b:11:f7:7c:09:70:93:a3:33:97:75:a8:
                    e5:60:8d:1a:96:22:e5:59:62:0d:87:72:c3:68:65:
                    fa:33:8f:85:3a:a3:4c:fb:4a:c1:e9:c3:5c:13:e8:
                    23:1d:96:3a:5e:bb:5e:21:71:1b:b5:2a:42:89:52:
                    37:c6:cd:78:f8:05:de:55:78:45:b3:71:3e:b5:17:
                    a9:4e:c0:35:33:b8:76:65:83:b7:37:f7:eb:27:a5:
                    db:9b:42:66:cf:b9:aa:37:f1:c9:2c:4b:f3:ea:b1:
                    f8:b9:e2:65:19:88:a7:17:e9:8b:c4:77:c1:8f:44:
                    df:c5:e2:8b:f4:6f:e2:59:9b:b0:10:8e:f0:69:6e:
                    32:11:4b:9e:6c:bf:3b:04:78:bf:c0:5c:ac:f5:14:
                    8c:e2:28:6d:cd:06:5a:fa:05:9f:6c:3c:5e:f1:10:
                    4f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:46:27:39:80:20:7D:64:42:80:11:0A:8B:E5:7D:78:82:C8:FB:BE
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/oEYnOYAgfWRCgBEKi-V9eILI-74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f5:90:ff:40:ec:ca:45:98:81:5a:86:f4:50:4e:db:c5:ac:
         de:7a:d6:31:31:b9:5a:f6:b5:52:e0:0e:36:70:47:3c:aa:8a:
         81:c2:7f:2a:73:52:3b:da:2e:75:1e:3f:f4:40:e5:dd:bf:70:
         12:c5:00:ce:04:16:49:3a:0e:a2:04:25:a6:b4:1e:c5:70:51:
         d6:9c:81:ea:f6:d1:f5:7b:aa:cc:24:cc:50:08:87:7d:ba:f1:
         58:bc:80:ce:ec:c7:fd:59:75:96:9b:8e:78:e5:aa:46:54:df:
         1a:dc:5d:f9:5c:3f:9c:4c:87:75:c2:93:1a:c5:44:f5:1e:96:
         b1:78:1c:9e:50:c5:0a:10:fe:68:7d:e3:14:73:00:1b:71:ec:
         29:d1:bf:d7:31:cd:1c:ad:d9:2e:08:24:d4:4d:ca:5a:6b:b6:
         75:c5:0d:69:d4:b9:22:bc:9e:83:50:af:cc:f4:98:af:39:1a:
         3e:fd:4f:38:08:b6:02:6d:47:b7:e2:b4:72:f5:39:01:c5:db:
         e5:d4:d1:e6:b9:9f:bd:09:e3:9c:c9:cf:2c:85:cb:ba:d7:ab:
         2b:b3:c9:38:86:4f:c8:92:16:f9:f0:2e:9b:0b:14:eb:d3:19:
         b1:9d:ba:4c:82:1b:19:af:29:11:80:0f:f3:1c:09:7a:d6:25:
         ab:97:b5:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZllZfXThzPB139hoE4bPXqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIwMDQzMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDQ2MjczOTgwMjA3ZDY0NDI4MDExMGE4YmU1N2Q3ODgyYzhmYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYpJsbThTDOPz39z4kdWPv54Le7K
miiP/1El16d2RJdCAiviBspuh3L26K1eE+I6AmAvg34udmHhlwzouQt61rmuIB2g
UL89fuHBo+HeJckSdtupi1suKJITczgrEfd8CXCTozOXdajlYI0aliLlWWINh3LD
aGX6M4+FOqNM+0rB6cNcE+gjHZY6XrteIXEbtSpCiVI3xs14+AXeVXhFs3E+tRep
TsA1M7h2ZYO3N/frJ6Xbm0Jmz7mqN/HJLEvz6rH4ueJlGYinF+mLxHfBj0TfxeKL
9G/iWZuwEI7waW4yEUuebL87BHi/wFys9RSM4ihtzQZa+gWfbDxe8RBPEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBGJzmAIH1kQoARCovlfXiCyPu+MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvb0VZbk9ZQWdmV1JDZ0JFS2ktVjllSUxJLTc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/PhMA0G
CSqGSIb3DQEBCwUAA4IBAQAR9ZD/QOzKRZiBWob0UE7bxazeetYxMbla9rVS4A42
cEc8qoqBwn8qc1I72i51Hj/0QOXdv3ASxQDOBBZJOg6iBCWmtB7FcFHWnIHq9tH1
e6rMJMxQCId9uvFYvIDO7Mf9WXWWm4545apGVN8a3F35XD+cTId1wpMaxUT1Hpax
eByeUMUKEP5ofeMUcwAbcewp0b/XMc0crdkuCCTUTcpaa7Z1xQ1p1LkivJ6DUK/M
9JivORo+/U84CLYCbUe34rRy9TkBxdvl1NHmuZ+9CeOcyc8shcu616srs8k4hk/I
khb58C6bCxTr0xmxnbpMghsZrykRgA/zHAl61iWrl7WH
-----END CERTIFICATE-----