Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pLqZkQ5mPH7yFoycGWAP595h1z8.roa
File:                     pLqZkQ5mPH7yFoycGWAP595h1z8.roa (raw, json)
Hash identifier:          VagNOAR/+sfm4EXsom3sWJU8yel0Zhb8weQyS6ntoE0=
Subject key identifier:   A4:BA:99:91:0E:66:3C:7E:F2:16:8C:9C:19:60:0F:E7:DE:61:D7:3F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199CE25FAC3AB6DD73AB20674DE61BD159D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pLqZkQ5mPH7yFoycGWAP595h1z8.roa
Signing time:             Fri 10 Oct 2025 12:43:39 +0000
ROA not before:           Fri 10 Oct 2025 12:43:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205896
IP address blocks:        151.245.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:25:fa:c3:ab:6d:d7:3a:b2:06:74:de:61:bd:15:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 10 12:43:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4ba99910e663c7ef2168c9c19600fe7de61d73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bc:63:66:c1:c6:51:51:09:e5:e2:8d:6f:6b:
                    53:38:58:67:82:87:82:11:75:31:4b:cf:97:85:da:
                    67:2d:c5:ad:7d:57:6e:12:80:b9:8c:ff:cd:9e:1e:
                    af:2b:68:41:22:29:b1:5b:d6:09:25:fb:2e:91:93:
                    57:cb:16:95:47:01:10:db:1c:57:75:4e:4b:d9:03:
                    fd:94:d6:36:e6:bb:82:79:45:9b:70:52:5e:95:4b:
                    c7:ee:4b:06:38:0b:f1:64:a2:91:9b:4a:3c:5b:86:
                    78:b4:29:de:d4:02:aa:ee:7a:b1:f0:cb:c8:7d:c0:
                    a0:f7:d2:74:a4:08:5a:cf:77:e7:0c:50:a5:21:dd:
                    13:67:91:17:6c:c8:47:7e:7b:40:18:12:fe:f9:ac:
                    09:3f:5a:96:4e:c5:65:35:ed:37:a8:58:bf:a8:bd:
                    45:d5:09:87:29:c7:4b:f7:6c:80:bc:f4:dc:fb:1e:
                    ad:db:bd:c1:8f:89:3d:27:af:5c:a8:19:f3:75:37:
                    3a:02:65:4f:57:21:51:11:70:bb:54:5e:12:d9:81:
                    b8:0e:9d:12:4b:93:07:ee:56:eb:0c:12:d9:55:b4:
                    5f:af:72:0f:62:53:82:b8:ea:1d:60:0b:7f:b1:ff:
                    55:3c:2b:5b:73:44:4a:8e:86:c5:b9:c0:87:18:f7:
                    85:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BA:99:91:0E:66:3C:7E:F2:16:8C:9C:19:60:0F:E7:DE:61:D7:3F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pLqZkQ5mPH7yFoycGWAP595h1z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:75:70:c4:5f:92:ab:4b:30:03:3c:2a:fe:d0:fb:d1:89:5d:
         4c:ac:7e:e8:3d:1b:22:79:96:f8:53:db:7b:3b:ff:65:b1:91:
         ce:0c:83:3e:28:c4:7b:0f:06:74:51:40:43:08:a6:94:76:00:
         20:36:82:d6:5f:35:47:de:22:3d:60:3e:44:58:1f:7e:f5:bc:
         19:c1:04:72:71:c2:f5:1f:a0:3d:03:d4:a4:80:78:ee:3c:8d:
         c6:89:19:67:12:ef:f2:e2:4f:14:38:da:69:ef:c8:ca:ac:a4:
         30:95:c8:5e:5d:d3:ca:8d:da:c6:17:5a:c7:95:0d:3f:71:4a:
         ce:4c:52:01:62:db:ed:cf:44:34:e2:ec:65:4d:b2:e1:b0:22:
         ed:f2:ba:49:4b:c6:6f:24:3a:99:84:e7:d5:90:9d:8a:31:41:
         1c:28:36:19:ba:db:40:82:02:b1:8d:2f:ac:52:87:86:eb:90:
         00:f7:23:37:93:86:dd:d0:43:1e:31:be:f6:00:34:fa:78:08:
         ef:3c:1d:22:ad:b2:5a:08:ca:e7:aa:54:b8:6d:bd:78:18:d4:
         28:c0:ce:af:8e:f1:0c:98:b8:12:f9:01:72:11:c1:df:2f:6e:
         67:7a:f8:de:39:12:4a:b5:85:bd:a6:43:21:cd:e8:47:66:83:
         ed:e8:71:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOJfrDq23XOrIGdN5hvRWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDEwMTI0MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJhOTk5MTBlNjYzYzdlZjIxNjhjOWMxOTYwMGZlN2RlNjFkNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bxjZsHGUVEJ5eKNb2tTOFhngoeC
EXUxS8+XhdpnLcWtfVduEoC5jP/Nnh6vK2hBIimxW9YJJfsukZNXyxaVRwEQ2xxX
dU5L2QP9lNY25ruCeUWbcFJelUvH7ksGOAvxZKKRm0o8W4Z4tCne1AKq7nqx8MvI
fcCg99J0pAhaz3fnDFClId0TZ5EXbMhHfntAGBL++awJP1qWTsVlNe03qFi/qL1F
1QmHKcdL92yAvPTc+x6t273Bj4k9J69cqBnzdTc6AmVPVyFREXC7VF4S2YG4Dp0S
S5MH7lbrDBLZVbRfr3IPYlOCuOodYAt/sf9VPCtbc0RKjobFucCHGPeFxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKS6mZEOZjx+8haMnBlgD+feYdc/MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcExxWmtRNW1QSDd5Rm95Y0dXQVA1OTVoMXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/UkMA0G
CSqGSIb3DQEBCwUAA4IBAQBFdXDEX5KrSzADPCr+0PvRiV1MrH7oPRsieZb4U9t7
O/9lsZHODIM+KMR7DwZ0UUBDCKaUdgAgNoLWXzVH3iI9YD5EWB9+9bwZwQRyccL1
H6A9A9SkgHjuPI3GiRlnEu/y4k8UONpp78jKrKQwlcheXdPKjdrGF1rHlQ0/cUrO
TFIBYtvtz0Q04uxlTbLhsCLt8rpJS8ZvJDqZhOfVkJ2KMUEcKDYZuttAggKxjS+s
UoeG65AA9yM3k4bd0EMeMb72ADT6eAjvPB0irbJaCMrnqlS4bb14GNQowM6vjvEM
mLgS+QFyEcHfL25nevjeORJKtYW9pkMhzehHZoPt6HEN
-----END CERTIFICATE-----