Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/y4mQP0WPoFOgEfvBBLuZKwMv6cI.roa
File:                     y4mQP0WPoFOgEfvBBLuZKwMv6cI.roa (raw, json)
Hash identifier:          CKuf43eqS4Pavcs5x0mnznECop70/QXkZ+IHutYYIh8=
Subject key identifier:   CB:89:90:3F:45:8F:A0:53:A0:11:FB:C1:04:BB:99:2B:03:2F:E9:C2
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01978C3F8A678FF800BE199DDEC891D2509D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/y4mQP0WPoFOgEfvBBLuZKwMv6cI.roa
Signing time:             Fri 20 Jun 2025 07:31:03 +0000
ROA not before:           Fri 20 Jun 2025 07:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201949
IP address blocks:        151.244.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:3f:8a:67:8f:f8:00:be:19:9d:de:c8:91:d2:50:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 20 07:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb89903f458fa053a011fbc104bb992b032fe9c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4f:e3:95:d6:3e:e9:4c:ff:2f:09:1b:dc:d2:
                    50:16:4d:84:a1:ee:07:d6:31:0b:e0:4c:e1:55:0e:
                    c8:cf:16:81:74:fb:9b:ec:38:4c:8c:62:19:cf:e3:
                    79:a4:17:bf:32:8a:85:b0:62:57:e2:55:2f:2c:e7:
                    a2:47:97:70:22:04:93:41:9d:a8:76:76:ae:d4:25:
                    d6:ab:94:3d:b0:7c:ce:17:01:86:f8:d9:fc:d2:fb:
                    0f:6f:b1:31:92:d8:42:67:42:1f:dc:3a:e5:38:b3:
                    31:49:5e:0d:5a:84:df:a4:17:f1:6c:ca:95:5b:c9:
                    6e:2e:48:b7:a0:f0:5c:68:39:68:31:0e:00:cd:e4:
                    38:d4:78:c8:57:c1:6e:66:e8:fb:66:ab:6e:e7:e0:
                    4e:05:31:27:d8:41:51:f4:bd:7b:08:a5:a3:51:28:
                    5b:a8:3a:24:d8:27:6e:43:7a:68:6e:bf:55:85:50:
                    09:0d:b3:d7:1d:80:93:90:2c:1d:c7:af:b8:23:d4:
                    a9:dd:3b:6f:c1:d1:a6:5b:d1:10:67:61:7f:4a:fb:
                    09:6c:60:0c:3b:23:05:c0:7d:ad:70:6c:75:31:fe:
                    a5:70:4d:16:8b:e8:af:b6:76:95:a7:68:3d:a0:c0:
                    6f:4d:4c:87:fc:6c:1f:9b:60:18:5d:ea:8b:f2:cb:
                    4d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:89:90:3F:45:8F:A0:53:A0:11:FB:C1:04:BB:99:2B:03:2F:E9:C2
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/y4mQP0WPoFOgEfvBBLuZKwMv6cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:4e:2c:fe:c5:93:e9:c3:e9:37:ee:ee:57:0f:80:13:d3:53:
         fd:bf:74:11:53:cb:45:16:8d:24:87:5f:0f:87:7a:19:9d:ac:
         3a:5f:77:59:4f:d6:49:73:27:30:33:90:00:b3:0f:62:56:e8:
         9b:6a:d3:bc:52:a5:59:e3:3e:03:ba:02:b5:35:e2:81:23:e7:
         db:8f:8e:c0:6e:52:f5:d8:9e:0d:4f:f7:a2:ce:d9:79:1c:ad:
         fd:18:23:48:05:02:33:5f:92:4a:de:02:a6:df:8f:4a:c8:eb:
         94:e9:d3:62:b6:af:f3:84:25:cf:54:ef:59:6d:e5:0c:3d:b4:
         c5:21:97:54:c6:ed:84:3e:ea:fd:d2:c5:f1:e8:3b:47:be:f2:
         1f:87:e5:92:94:c0:22:ce:f7:06:58:02:b4:c3:da:a2:67:50:
         fb:29:e1:81:ac:bc:e0:21:29:ac:86:6e:a3:08:29:5a:c9:4a:
         76:43:bc:c8:f3:b0:40:9c:2e:9f:16:d7:73:23:1d:47:3c:ca:
         a8:54:75:6e:59:0c:ef:38:25:90:51:96:b0:ff:cf:ae:1a:c5:
         66:01:27:fe:31:95:48:d4:a3:5d:00:18:ed:6e:4f:5c:60:09:
         b5:06:46:bc:0d:9d:68:33:a9:38:b0:52:50:58:72:28:c9:26:
         cd:22:98:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeMP4pnj/gAvhmd3siR0lCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIwMDczMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjg5OTAzZjQ1OGZhMDUzYTAxMWZiYzEwNGJiOTkyYjAzMmZlOWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0/jldY+6Uz/Lwkb3NJQFk2Eoe4H
1jEL4EzhVQ7IzxaBdPub7DhMjGIZz+N5pBe/MoqFsGJX4lUvLOeiR5dwIgSTQZ2o
dnau1CXWq5Q9sHzOFwGG+Nn80vsPb7ExkthCZ0If3DrlOLMxSV4NWoTfpBfxbMqV
W8luLki3oPBcaDloMQ4AzeQ41HjIV8FuZuj7Zqtu5+BOBTEn2EFR9L17CKWjUShb
qDok2CduQ3pobr9VhVAJDbPXHYCTkCwdx6+4I9Sp3TtvwdGmW9EQZ2F/SvsJbGAM
OyMFwH2tcGx1Mf6lcE0Wi+ivtnaVp2g9oMBvTUyH/Gwfm2AYXeqL8stN7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuJkD9Fj6BToBH7wQS7mSsDL+nCMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveTRtUVAwV1BvRk9nRWZ2QkJMdVpLd012NmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/QqMA0G
CSqGSIb3DQEBCwUAA4IBAQC5Tiz+xZPpw+k37u5XD4AT01P9v3QRU8tFFo0kh18P
h3oZnaw6X3dZT9ZJcycwM5AAsw9iVuibatO8UqVZ4z4DugK1NeKBI+fbj47AblL1
2J4NT/eiztl5HK39GCNIBQIzX5JK3gKm349KyOuU6dNitq/zhCXPVO9ZbeUMPbTF
IZdUxu2EPur90sXx6DtHvvIfh+WSlMAizvcGWAK0w9qiZ1D7KeGBrLzgISmshm6j
CClayUp2Q7zI87BAnC6fFtdzIx1HPMqoVHVuWQzvOCWQUZaw/8+uGsVmASf+MZVI
1KNdABjtbk9cYAm1Bka8DZ1oM6k4sFJQWHIoySbNIpgB
-----END CERTIFICATE-----