Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xekUKLKQebuqr2q5ggr8Sb1vwZ4.roa
File:                     xekUKLKQebuqr2q5ggr8Sb1vwZ4.roa (raw, json)
Hash identifier:          gkpnYGCvvnJvwTKCY8jLilEwUd3RHtp/HsBzYAfpMyM=
Subject key identifier:   C5:E9:14:28:B2:90:79:BB:AA:AF:6A:B9:82:0A:FC:49:BD:6F:C1:9E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198B689DE0D4A6D1F498B384F36A5B745F9
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xekUKLKQebuqr2q5ggr8Sb1vwZ4.roa
Signing time:             Sun 17 Aug 2025 05:39:05 +0000
ROA not before:           Sun 17 Aug 2025 05:39:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215288
IP address blocks:        151.242.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b6:89:de:0d:4a:6d:1f:49:8b:38:4f:36:a5:b7:45:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 17 05:39:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5e91428b29079bbaaaf6ab9820afc49bd6fc19e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:18:cd:1d:f5:9e:81:3f:fa:d7:fc:85:63:56:
                    54:33:92:66:83:5e:b1:7e:d0:29:60:68:d2:8f:46:
                    b2:7c:67:24:26:b5:ed:c0:a1:a4:b4:5b:e2:fe:52:
                    14:96:c0:5f:0a:de:69:ac:7a:1f:0d:54:15:06:32:
                    7c:fc:86:2d:b0:7f:63:06:0b:9b:f2:ec:e7:a8:45:
                    ab:3a:c5:88:19:af:f3:11:dd:f7:1c:5d:24:3f:e9:
                    81:8b:71:b7:61:93:8f:05:95:83:45:dd:f4:47:ce:
                    53:93:f1:e5:3b:4a:e4:bb:11:f3:a9:b3:16:62:6c:
                    08:e2:0a:2c:15:e8:b8:76:cf:4f:bd:14:ea:cf:a1:
                    56:db:77:01:60:fe:4e:c8:0f:3b:c7:32:44:6e:8c:
                    5f:5e:4c:dc:67:3b:09:0f:3d:e9:3c:62:f4:02:50:
                    e1:5e:02:7b:59:b2:c9:37:a1:77:a4:bb:d4:d1:4a:
                    e0:94:4e:8a:92:22:4c:b7:ee:a3:85:44:aa:f2:91:
                    ee:3d:a8:22:91:15:7d:af:ea:63:9e:b5:b0:e2:2e:
                    58:dc:54:ba:cb:22:d8:cd:39:84:91:0c:65:91:47:
                    92:fb:a2:be:0f:4a:81:33:1f:7b:9c:96:5f:6e:30:
                    f3:10:06:ca:f7:eb:2f:e6:e3:72:15:37:9b:4e:ca:
                    ae:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E9:14:28:B2:90:79:BB:AA:AF:6A:B9:82:0A:FC:49:BD:6F:C1:9E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xekUKLKQebuqr2q5ggr8Sb1vwZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:63:5c:0c:cd:90:25:f4:38:91:43:bd:dc:7e:b5:82:00:71:
         15:17:8b:01:06:a2:2e:f1:f6:7e:2c:35:b1:cc:dd:5f:ff:eb:
         b7:90:2a:54:a5:a9:fc:b2:d1:20:35:89:74:4a:9c:60:46:3b:
         94:1d:5a:ff:70:95:08:f0:12:2f:a9:03:fa:12:ea:4e:a2:44:
         c6:0b:05:57:b9:88:58:80:93:c1:43:a1:c7:96:28:7a:48:a6:
         2a:96:0d:69:70:9e:1d:d8:53:d5:59:61:dc:49:bf:b1:10:c0:
         73:b4:d1:8d:ff:e5:ba:8d:90:28:ba:38:9c:bc:e6:b6:aa:6e:
         06:5d:03:1b:2c:5b:83:97:04:78:db:52:8d:e5:94:fa:0a:0e:
         71:0c:c5:cf:08:84:81:80:07:90:ce:74:c7:77:9e:6f:e3:87:
         10:1a:c5:7b:ab:fd:db:c2:97:4d:7f:ae:46:ca:74:c3:fa:60:
         44:ca:83:61:6e:92:f5:f9:ab:46:0a:4d:ce:38:34:da:ae:25:
         b8:09:f2:bc:76:a6:a8:43:fa:e6:17:fc:f5:de:b7:7b:c0:b0:
         7a:f1:cc:b7:cd:34:14:1c:27:52:16:a0:3f:81:78:b1:93:2c:
         b9:de:32:70:cc:80:a3:ea:bd:84:31:c4:73:2b:92:a3:e0:47:
         b5:7a:33:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi2id4NSm0fSYs4Tzalt0X5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODE3MDUzOTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU5MTQyOGIyOTA3OWJiYWFhZjZhYjk4MjBhZmM0OWJkNmZjMTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBjNHfWegT/61/yFY1ZUM5Jmg16x
ftApYGjSj0ayfGckJrXtwKGktFvi/lIUlsBfCt5prHofDVQVBjJ8/IYtsH9jBgub
8uznqEWrOsWIGa/zEd33HF0kP+mBi3G3YZOPBZWDRd30R85Tk/HlO0rkuxHzqbMW
YmwI4gosFei4ds9PvRTqz6FW23cBYP5OyA87xzJEboxfXkzcZzsJDz3pPGL0AlDh
XgJ7WbLJN6F3pLvU0UrglE6KkiJMt+6jhUSq8pHuPagikRV9r+pjnrWw4i5Y3FS6
yyLYzTmEkQxlkUeS+6K+D0qBMx97nJZfbjDzEAbK9+sv5uNyFTebTsqudQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXpFCiykHm7qq9quYIK/Em9b8GeMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveGVrVUtMS1FlYnVxcjJxNWdncjhTYjF2d1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KEMA0G
CSqGSIb3DQEBCwUAA4IBAQAEY1wMzZAl9DiRQ73cfrWCAHEVF4sBBqIu8fZ+LDWx
zN1f/+u3kCpUpan8stEgNYl0SpxgRjuUHVr/cJUI8BIvqQP6EupOokTGCwVXuYhY
gJPBQ6HHlih6SKYqlg1pcJ4d2FPVWWHcSb+xEMBztNGN/+W6jZAoujicvOa2qm4G
XQMbLFuDlwR421KN5ZT6Cg5xDMXPCISBgAeQznTHd55v44cQGsV7q/3bwpdNf65G
ynTD+mBEyoNhbpL1+atGCk3OODTariW4CfK8dqaoQ/rmF/z13rd7wLB68cy3zTQU
HCdSFqA/gXixkyy53jJwzICj6r2EMcRzK5Kj4Ee1ejPR
-----END CERTIFICATE-----