Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rjSRtDvuLuqDao8mz7-HXGNUMV8.roa
File:                     rjSRtDvuLuqDao8mz7-HXGNUMV8.roa (raw, json)
Hash identifier:          pCL+KAFWV2FgXhO/pnQCzSDG8t7/uxfEpV+57XwKJP4=
Subject key identifier:   AE:34:91:B4:3B:EE:2E:EA:83:6A:8F:26:CF:BF:87:5C:63:54:31:5F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01997144965C0EFF1608A594EBCF2C01938F
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rjSRtDvuLuqDao8mz7-HXGNUMV8.roa
Signing time:             Mon 22 Sep 2025 11:52:24 +0000
ROA not before:           Mon 22 Sep 2025 11:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400342
IP address blocks:        151.242.152.0/23 maxlen: 24
                          151.243.49.0/24 maxlen: 24
                          151.243.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:44:96:5c:0e:ff:16:08:a5:94:eb:cf:2c:01:93:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 22 11:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae3491b43bee2eea836a8f26cfbf875c6354315f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1d:0c:be:b9:58:1a:94:c2:a6:66:38:df:32:
                    02:c3:6e:d3:c3:ca:6a:ab:ab:11:2a:54:af:62:52:
                    3d:3b:2b:c7:a6:41:70:7d:c7:d6:15:d7:73:d4:df:
                    c2:8c:be:6e:4b:93:7c:d6:ee:9b:38:9a:a3:ea:c1:
                    63:4e:70:c9:a7:ed:51:73:21:93:b8:15:a3:15:81:
                    bb:bd:fd:34:9a:78:bc:43:de:05:4e:51:27:c0:4d:
                    47:44:ae:92:9f:9c:66:49:22:9f:49:d0:61:d4:96:
                    ee:36:26:38:e0:9d:7b:8e:76:5a:0b:b5:c5:e4:18:
                    c1:64:6a:fe:45:d8:16:8f:75:4f:00:0a:39:e7:34:
                    20:da:8b:d8:a8:eb:87:57:68:84:73:24:89:b1:d6:
                    b0:ea:31:6a:61:ea:c7:e7:1b:ff:18:63:70:5f:5b:
                    3f:26:c4:94:49:91:93:ee:81:ff:fe:ef:88:5f:6e:
                    00:b5:73:fa:8c:1d:5f:79:f5:8b:cb:89:37:44:e2:
                    27:c0:fa:ad:cc:b5:04:87:41:ec:c9:5f:51:68:e4:
                    f3:7e:75:26:9f:e6:11:4a:4f:86:18:73:12:fb:b4:
                    25:01:1b:cc:d1:ba:81:b9:07:42:b8:c6:04:65:2b:
                    51:f0:ed:62:1f:23:aa:d6:13:d9:14:31:24:57:c9:
                    11:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:34:91:B4:3B:EE:2E:EA:83:6A:8F:26:CF:BF:87:5C:63:54:31:5F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rjSRtDvuLuqDao8mz7-HXGNUMV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.152.0/23
                  151.243.49.0/24
                  151.243.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:b8:62:cb:c6:2d:de:db:08:a2:9a:6f:52:2e:dd:80:71:eb:
         c6:7f:c2:3b:88:be:45:ef:20:c0:9a:f5:41:5f:df:72:a7:47:
         d5:17:de:02:b3:f2:f8:b9:f0:ce:2c:78:d5:f1:a5:25:7a:88:
         ed:dd:ee:8b:3a:a3:08:c0:56:36:7e:d1:b5:62:eb:36:a0:08:
         28:73:88:a4:72:a3:b0:1e:7a:ee:f5:67:47:06:cc:6d:3f:7c:
         44:c5:6c:67:21:94:64:86:62:78:1d:aa:aa:1d:d4:39:28:08:
         ba:58:94:07:25:88:4a:39:da:ed:52:58:ca:b6:38:c6:45:16:
         51:00:6a:75:9b:85:78:b2:4c:53:4b:96:a2:99:73:b6:b0:8c:
         45:fe:4c:d8:b2:21:92:1a:e5:d9:f2:91:be:9f:6f:9f:05:dc:
         b2:8c:9b:38:d3:e6:7c:2a:78:ae:7a:d5:eb:fa:3e:81:bc:ed:
         e9:b4:10:69:36:4f:40:63:67:a8:ac:5c:c9:ad:b4:c0:17:45:
         50:62:82:31:66:ef:97:ec:2b:8d:02:78:fe:be:35:ca:10:af:
         6d:f1:06:77:da:a3:b1:f7:5b:3c:ed:d5:8c:40:cf:63:7c:f6:
         47:ab:7f:71:5f:85:20:dc:23:9b:41:39:b9:55:0c:ea:60:d5:
         9b:15:1d:a6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlxRJZcDv8WCKWU688sAZOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIyMTE1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTM0OTFiNDNiZWUyZWVhODM2YThmMjZjZmJmODc1YzYzNTQzMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth0MvrlYGpTCpmY43zICw27Tw8pq
q6sRKlSvYlI9OyvHpkFwfcfWFddz1N/CjL5uS5N81u6bOJqj6sFjTnDJp+1RcyGT
uBWjFYG7vf00mni8Q94FTlEnwE1HRK6Sn5xmSSKfSdBh1JbuNiY44J17jnZaC7XF
5BjBZGr+RdgWj3VPAAo55zQg2ovYqOuHV2iEcySJsdaw6jFqYerH5xv/GGNwX1s/
JsSUSZGT7oH//u+IX24AtXP6jB1fefWLy4k3ROInwPqtzLUEh0HsyV9RaOTzfnUm
n+YRSk+GGHMS+7QlARvM0bqBuQdCuMYEZStR8O1iHyOq1hPZFDEkV8kRWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK40kbQ77i7qg2qPJs+/h1xjVDFfMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcmpTUnREdnVMdXFEYW84bXo3LUhYR05VTVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBl/KYAwQA
l/MxAwQAl/NfMA0GCSqGSIb3DQEBCwUAA4IBAQAEuGLLxi3e2wiimm9SLt2AcevG
f8I7iL5F7yDAmvVBX99yp0fVF94Cs/L4ufDOLHjV8aUleojt3e6LOqMIwFY2ftG1
Yus2oAgoc4ikcqOwHnru9WdHBsxtP3xExWxnIZRkhmJ4HaqqHdQ5KAi6WJQHJYhK
OdrtUljKtjjGRRZRAGp1m4V4skxTS5aimXO2sIxF/kzYsiGSGuXZ8pG+n2+fBdyy
jJs40+Z8KniuetXr+j6BvO3ptBBpNk9AY2eorFzJrbTAF0VQYoIxZu+X7CuNAnj+
vjXKEK9t8QZ32qOx91s87dWMQM9jfPZHq39xX4Ug3CObQTm5VQzqYNWbFR2m
-----END CERTIFICATE-----