Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sOlEX8f-lOIjcq5xs4o22RDVUnU.roa
File:                     sOlEX8f-lOIjcq5xs4o22RDVUnU.roa (raw, json)
Hash identifier:          KTxc/venfdUsGb1sYg1USNnJPfRR/TMuFQV3KbdcSLg=
Subject key identifier:   B0:E9:44:5F:C7:FE:94:E2:23:72:AE:71:B3:8A:36:D9:10:D5:52:75
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199863882842818C993664B94B84D5BC75C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sOlEX8f-lOIjcq5xs4o22RDVUnU.roa
Signing time:             Fri 26 Sep 2025 13:31:14 +0000
ROA not before:           Fri 26 Sep 2025 13:31:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        151.240.124.0/24 maxlen: 24
                          151.242.226.0/24 maxlen: 24
                          151.244.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:86:38:82:84:28:18:c9:93:66:4b:94:b8:4d:5b:c7:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 26 13:31:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0e9445fc7fe94e22372ae71b38a36d910d55275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d0:96:cf:00:c9:26:11:4a:f7:a0:79:b3:32:
                    d5:f8:39:9c:8c:19:ca:6e:a2:4a:8b:dd:8c:62:e2:
                    e3:69:79:c3:58:6d:f5:7f:f2:a7:fa:15:45:00:91:
                    6e:76:9e:1b:9c:ae:9b:56:83:54:99:0b:fd:7d:ce:
                    d4:79:80:19:1e:37:a7:53:04:6a:d8:d9:7a:e0:15:
                    03:98:d6:d5:54:89:b8:f0:59:86:6a:57:4e:b1:ee:
                    38:40:92:ec:c1:36:78:5d:5f:56:30:41:1d:ae:0b:
                    0d:f3:32:a7:6f:39:e5:69:e0:c9:29:ab:2a:15:c7:
                    2a:cf:3a:c3:6a:d2:73:47:58:a3:22:70:e5:8c:d8:
                    35:f9:77:73:86:3f:97:15:86:db:cc:26:6c:ce:a3:
                    2e:19:1b:d4:1a:47:84:54:3c:05:8e:4c:8d:f5:59:
                    82:d6:2b:ca:a2:da:0e:b7:71:42:95:b0:ec:72:bf:
                    03:c4:6c:12:d8:94:fd:57:ea:85:0a:2f:30:b9:fb:
                    f2:1e:ee:64:91:29:da:7c:23:47:30:0e:8a:b6:33:
                    98:f7:b3:5c:aa:6c:ec:b1:f5:8e:49:6a:b7:ed:de:
                    f4:fc:f6:2f:e8:23:95:8b:26:fe:b9:86:97:6f:ca:
                    ff:fd:ba:52:e6:09:27:55:7e:30:2f:29:6d:ec:5c:
                    83:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:E9:44:5F:C7:FE:94:E2:23:72:AE:71:B3:8A:36:D9:10:D5:52:75
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sOlEX8f-lOIjcq5xs4o22RDVUnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.124.0/24
                  151.242.226.0/24
                  151.244.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7b:92:b5:db:6b:5a:7f:76:d3:c9:75:fd:7f:c7:29:9d:4f:
         8e:27:c5:7d:2b:b3:b1:dc:0f:4b:b8:34:fd:dd:bf:50:4e:e2:
         7c:ff:19:71:74:4a:b4:f6:f4:94:13:d8:df:7d:f8:6a:67:c4:
         67:f3:9a:f6:1d:50:35:ad:0d:c1:0a:98:da:b3:7b:8c:ec:c7:
         91:23:a4:d0:44:6a:fe:b7:06:76:3b:e5:f4:a0:d7:2b:62:b8:
         15:06:87:2e:df:de:a4:4a:c7:b0:69:bd:d4:77:a7:d5:74:40:
         73:e3:8f:3c:8a:6d:4e:18:8a:89:01:51:ef:ce:4a:3c:e3:35:
         f1:06:c5:26:70:f9:df:c4:d6:7e:06:35:3a:bb:e2:f6:bc:1b:
         77:3d:df:55:75:f3:34:72:2d:bd:79:5e:e3:cd:7f:ee:70:ab:
         4b:42:e4:42:d1:eb:74:1b:e4:59:4c:81:e7:a3:cf:f9:40:3b:
         4f:61:e9:4a:d7:ab:ea:57:86:ae:dd:7d:f7:7e:1b:27:42:81:
         0a:c1:51:34:8d:24:27:c5:5b:9b:47:2b:ad:a0:09:e5:36:11:
         fd:03:e8:00:90:2b:79:71:fb:80:d5:5d:96:a5:04:e0:da:da:
         2d:7d:f6:1c:33:df:e2:b7:a2:21:12:e0:25:44:a5:8d:73:07:
         29:f0:25:ec
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmGOIKEKBjJk2ZLlLhNW8dcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTI2MTMzMTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGU5NDQ1ZmM3ZmU5NGUyMjM3MmFlNzFiMzhhMzZkOTEwZDU1Mjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNCWzwDJJhFK96B5szLV+DmcjBnK
bqJKi92MYuLjaXnDWG31f/Kn+hVFAJFudp4bnK6bVoNUmQv9fc7UeYAZHjenUwRq
2Nl64BUDmNbVVIm48FmGaldOse44QJLswTZ4XV9WMEEdrgsN8zKnbznlaeDJKasq
FccqzzrDatJzR1ijInDljNg1+Xdzhj+XFYbbzCZszqMuGRvUGkeEVDwFjkyN9VmC
1ivKotoOt3FClbDscr8DxGwS2JT9V+qFCi8wufvyHu5kkSnafCNHMA6KtjOY97Nc
qmzssfWOSWq37d70/PYv6COViyb+uYaXb8r//bpS5gknVX4wLylt7FyDbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLDpRF/H/pTiI3KucbOKNtkQ1VJ1MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvc09sRVg4Zi1sT0lqY3E1eHM0bzIyUkRWVW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/B8AwQA
l/LiAwQAl/QaMA0GCSqGSIb3DQEBCwUAA4IBAQB5e5K122taf3bTyXX9f8cpnU+O
J8V9K7Ox3A9LuDT93b9QTuJ8/xlxdEq09vSUE9jfffhqZ8Rn85r2HVA1rQ3BCpja
s3uM7MeRI6TQRGr+twZ2O+X0oNcrYrgVBocu396kSsewab3Ud6fVdEBz4488im1O
GIqJAVHvzko84zXxBsUmcPnfxNZ+BjU6u+L2vBt3Pd9VdfM0ci29eV7jzX/ucKtL
QuRC0et0G+RZTIHno8/5QDtPYelK16vqV4au3X33fhsnQoEKwVE0jSQnxVubRyut
oAnlNhH9A+gAkCt5cfuA1V2WpQTg2totffYcM9/it6IhEuAlRKWNcwcp8CXs
-----END CERTIFICATE-----