Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yH-2-5Ci21QtXViKe8Rp8_JUBkg.roa
File:                     yH-2-5Ci21QtXViKe8Rp8_JUBkg.roa (raw, json)
Hash identifier:          REVVDTZ0w516jRpqcCjHM0+uhX0k4ozxkpiGBZLqoss=
Subject key identifier:   C8:7F:B6:FB:90:A2:DB:54:2D:5D:58:8A:7B:C4:69:F3:F2:54:06:48
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019928F3BA1D88276A5BA5540303A8A014A7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yH-2-5Ci21QtXViKe8Rp8_JUBkg.roa
Signing time:             Mon 08 Sep 2025 10:51:25 +0000
ROA not before:           Mon 08 Sep 2025 10:51:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208226
IP address blocks:        151.242.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:f3:ba:1d:88:27:6a:5b:a5:54:03:03:a8:a0:14:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  8 10:51:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c87fb6fb90a2db542d5d588a7bc469f3f2540648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c0:a4:7e:c8:ac:6f:4f:b9:c0:32:ea:fb:54:
                    f7:67:4b:91:bf:b4:06:d8:ab:09:49:fe:7f:98:e6:
                    d5:66:cd:28:c7:22:48:a0:aa:38:d0:8c:3d:d2:91:
                    ef:52:02:7b:a7:88:21:36:01:ad:7b:52:32:c8:b8:
                    08:0d:d4:d8:73:1a:82:3d:b5:c5:b5:b6:7b:8a:ae:
                    79:81:20:4d:b7:18:a8:dc:fb:df:d9:28:8e:3c:13:
                    b2:9d:10:2c:87:94:a0:87:98:e9:7e:ee:b4:63:d1:
                    29:04:39:46:19:b3:20:3f:5f:85:87:4a:8e:6d:ad:
                    79:f1:62:a6:46:2b:b3:67:c8:9b:99:55:87:c7:b8:
                    4b:f0:f4:10:2e:39:7a:72:83:d1:e5:ad:6b:ef:ef:
                    25:bd:f3:b0:c3:98:87:17:d1:ab:30:88:62:71:33:
                    44:63:56:aa:57:75:a1:19:ba:c7:06:ad:33:fc:81:
                    50:ef:46:7b:a1:a3:dd:73:1f:d8:3f:60:9d:81:a6:
                    af:f8:10:a4:f3:d3:68:67:25:d4:dc:19:27:c5:c8:
                    e7:a0:7c:08:65:32:da:73:ce:18:59:51:9c:dd:cc:
                    f6:96:6e:ac:bf:20:12:b9:93:a3:b7:95:d1:e3:04:
                    93:e9:62:40:52:ac:71:e3:aa:d6:ad:a7:5e:d8:30:
                    7b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:7F:B6:FB:90:A2:DB:54:2D:5D:58:8A:7B:C4:69:F3:F2:54:06:48
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yH-2-5Ci21QtXViKe8Rp8_JUBkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:0c:c2:9c:26:ce:82:c2:60:5b:b4:9c:7d:aa:20:99:e3:58:
         f1:47:45:6d:57:15:fe:c2:c0:8d:58:88:05:df:17:d8:6e:45:
         d9:f7:20:01:4d:f6:74:15:d2:6a:f8:03:90:28:c3:e9:7d:98:
         28:6c:45:cd:95:ae:ca:3b:ed:d4:b6:bf:07:25:f7:0d:86:e5:
         85:06:8a:cf:0f:a3:00:02:40:37:75:c9:4c:eb:f2:b9:20:4d:
         1a:62:b1:c4:8f:50:47:5b:97:16:19:a7:c7:51:6c:03:d1:e8:
         ad:5b:c7:10:a8:ba:86:48:3d:78:54:e9:13:a2:9a:c9:b3:34:
         68:3a:b7:06:d2:71:7e:10:d2:4c:c8:0d:54:fb:a6:3d:0f:68:
         fd:a5:39:fb:5e:af:40:86:d5:34:6b:8e:91:b9:b3:08:fa:fd:
         d5:f7:9b:ea:c1:a7:57:4f:ac:c0:ae:25:3a:c3:59:b1:53:9a:
         09:52:43:55:7a:8a:e6:f5:e0:f2:6c:af:e3:02:f0:ab:61:9c:
         53:f9:51:d1:2e:b1:68:a9:0e:bb:fd:99:f4:c0:03:90:f5:5a:
         b6:41:23:be:f0:92:00:8d:71:a1:82:e7:3a:55:59:87:84:ab:
         38:c3:89:4c:9b:dc:66:47:cc:28:f1:94:c5:a0:d7:2d:a9:4c:
         d5:08:84:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZko87odiCdqW6VUAwOooBSnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTA4MTA1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODdmYjZmYjkwYTJkYjU0MmQ1ZDU4OGE3YmM0NjlmM2YyNTQwNjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysCkfsisb0+5wDLq+1T3Z0uRv7QG
2KsJSf5/mObVZs0oxyJIoKo40Iw90pHvUgJ7p4ghNgGte1IyyLgIDdTYcxqCPbXF
tbZ7iq55gSBNtxio3Pvf2SiOPBOynRAsh5Sgh5jpfu60Y9EpBDlGGbMgP1+Fh0qO
ba158WKmRiuzZ8ibmVWHx7hL8PQQLjl6coPR5a1r7+8lvfOww5iHF9GrMIhicTNE
Y1aqV3WhGbrHBq0z/IFQ70Z7oaPdcx/YP2Cdgaav+BCk89NoZyXU3BknxcjnoHwI
ZTLac84YWVGc3cz2lm6svyASuZOjt5XR4wST6WJAUqxx46rWrade2DB79wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMh/tvuQottULV1YinvEafPyVAZIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveUgtMi01Q2kyMVF0WFZpS2U4UnA4X0pVQmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KTMA0G
CSqGSIb3DQEBCwUAA4IBAQAvDMKcJs6CwmBbtJx9qiCZ41jxR0VtVxX+wsCNWIgF
3xfYbkXZ9yABTfZ0FdJq+AOQKMPpfZgobEXNla7KO+3Utr8HJfcNhuWFBorPD6MA
AkA3dclM6/K5IE0aYrHEj1BHW5cWGafHUWwD0eitW8cQqLqGSD14VOkToprJszRo
OrcG0nF+ENJMyA1U+6Y9D2j9pTn7Xq9AhtU0a46RubMI+v3V95vqwadXT6zAriU6
w1mxU5oJUkNVeorm9eDybK/jAvCrYZxT+VHRLrFoqQ67/Zn0wAOQ9Vq2QSO+8JIA
jXGhguc6VVmHhKs4w4lMm9xmR8wo8ZTFoNctqUzVCITN
-----END CERTIFICATE-----