Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qb-qVWkym-hAHpEh2POWnykxr00.roa
File:                     qb-qVWkym-hAHpEh2POWnykxr00.roa (raw, json)
Hash identifier:          tkX81o/dGpPq3DPmOAxrYnhZRjvpVUDaEnAicBieYfQ=
Subject key identifier:   A9:BF:AA:55:69:32:9B:E8:40:1E:91:21:D8:F3:96:9F:29:31:AF:4D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01969081D8450B6A151B0F640B83BE03AD9A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qb-qVWkym-hAHpEh2POWnykxr00.roa
Signing time:             Fri 02 May 2025 10:19:10 +0000
ROA not before:           Fri 02 May 2025 10:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        151.243.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 05:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:90:81:d8:45:0b:6a:15:1b:0f:64:0b:83:be:03:ad:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  2 10:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9bfaa5569329be8401e9121d8f3969f2931af4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fc:85:9a:29:75:06:b8:2d:d5:57:04:df:95:
                    04:29:02:96:a1:b3:10:5c:5f:e6:2b:05:f1:3c:43:
                    ea:53:4b:a5:e7:b6:a9:3e:fe:fb:99:2f:54:6b:5c:
                    52:f6:1a:1d:a4:6b:10:b4:86:61:1f:5a:af:b0:b0:
                    4c:d1:97:b9:2a:fa:e8:73:9b:73:71:b3:b9:77:ff:
                    85:84:80:27:87:c3:bf:32:a4:a2:59:70:b3:fc:fd:
                    71:03:4d:77:8d:04:c0:72:2a:7c:48:24:94:91:91:
                    2d:c8:2f:11:ab:55:cb:7b:34:f6:24:ef:fb:87:ac:
                    fe:67:ce:ac:a8:a7:28:63:35:3c:ba:84:65:d9:c7:
                    a7:32:97:6a:e1:7f:fe:ad:5d:9f:cc:53:bf:7a:d8:
                    bc:5c:ea:4a:f9:6d:1d:7f:06:19:7b:26:ad:52:da:
                    d7:d3:67:24:9d:bf:33:b3:40:37:93:43:b1:3d:3c:
                    d8:22:78:bc:fc:2e:04:1c:41:07:51:e6:70:1c:bc:
                    a1:25:56:a2:69:8b:66:eb:d8:40:62:5e:9b:ef:1a:
                    98:55:1b:3b:49:fc:28:24:e1:59:df:24:3a:2a:5b:
                    90:da:10:82:38:d9:07:74:3d:b9:ce:b4:6e:6f:ce:
                    57:77:ef:84:61:7e:34:ec:a6:8b:9b:22:49:81:1a:
                    7b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BF:AA:55:69:32:9B:E8:40:1E:91:21:D8:F3:96:9F:29:31:AF:4D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qb-qVWkym-hAHpEh2POWnykxr00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:3e:db:d9:32:cf:c0:05:f8:46:07:b2:67:48:f2:a7:02:e1:
         f7:60:be:c0:03:d2:b5:25:7f:46:9a:99:88:85:aa:b4:69:ea:
         20:32:1b:14:07:d4:4d:b5:d0:d2:b6:23:f6:8f:1b:7b:5e:6e:
         9c:7f:9e:62:fd:40:19:81:1d:08:14:17:d6:7b:14:18:05:41:
         e5:69:6e:92:69:46:e8:09:f4:d1:81:86:96:6f:91:76:33:b4:
         1f:6f:57:c0:8d:be:ab:85:10:1f:44:b3:cc:4c:d0:7a:49:57:
         84:36:43:3f:5f:b2:b1:4c:8c:34:32:d0:55:4b:2d:4d:65:62:
         5b:cb:9d:15:ed:90:38:64:7f:1c:56:a0:56:2b:97:1b:14:bb:
         26:88:66:37:fc:61:06:84:1a:f2:63:ee:2c:1a:a4:b7:e4:e3:
         15:f9:d4:6b:8e:58:17:48:2b:ab:f7:10:d9:7f:f8:4c:c6:c4:
         ad:17:56:c1:e3:c9:a6:6b:f2:24:57:0b:13:70:be:5c:13:de:
         ff:62:18:e2:10:f9:a7:cd:77:fc:1e:a2:d0:18:2c:7b:a7:7a:
         8f:38:b5:f4:97:e7:08:96:7a:db:c8:e6:38:27:ac:7f:6c:1a:
         cf:99:45:1c:fe:6c:1f:a2:dd:a9:15:aa:ec:dd:e6:af:44:b1:
         a2:d5:36:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaQgdhFC2oVGw9kC4O+A62aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTAyMTAxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJmYWE1NTY5MzI5YmU4NDAxZTkxMjFkOGYzOTY5ZjI5MzFhZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfyFmil1Brgt1VcE35UEKQKWobMQ
XF/mKwXxPEPqU0ul57apPv77mS9Ua1xS9hodpGsQtIZhH1qvsLBM0Ze5Kvroc5tz
cbO5d/+FhIAnh8O/MqSiWXCz/P1xA013jQTAcip8SCSUkZEtyC8Rq1XLezT2JO/7
h6z+Z86sqKcoYzU8uoRl2cenMpdq4X/+rV2fzFO/eti8XOpK+W0dfwYZeyatUtrX
02cknb8zs0A3k0OxPTzYIni8/C4EHEEHUeZwHLyhJVaiaYtm69hAYl6b7xqYVRs7
SfwoJOFZ3yQ6KluQ2hCCONkHdD25zrRub85Xd++EYX407KaLmyJJgRp7yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKm/qlVpMpvoQB6RIdjzlp8pMa9NMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcWItcVZXa3ltLWhBSHBFaDJQT1dueWt4cjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/M2MA0G
CSqGSIb3DQEBCwUAA4IBAQCGPtvZMs/ABfhGB7JnSPKnAuH3YL7AA9K1JX9GmpmI
haq0aeogMhsUB9RNtdDStiP2jxt7Xm6cf55i/UAZgR0IFBfWexQYBUHlaW6SaUbo
CfTRgYaWb5F2M7Qfb1fAjb6rhRAfRLPMTNB6SVeENkM/X7KxTIw0MtBVSy1NZWJb
y50V7ZA4ZH8cVqBWK5cbFLsmiGY3/GEGhBryY+4sGqS35OMV+dRrjlgXSCur9xDZ
f/hMxsStF1bB48mma/IkVwsTcL5cE97/YhjiEPmnzXf8HqLQGCx7p3qPOLX0l+cI
lnrbyOY4J6x/bBrPmUUc/mwfot2pFars3eavRLGi1TZ5
-----END CERTIFICATE-----