Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ymsBkztUolKPVBwXZ-kmegPNtzI.roa
File:                     ymsBkztUolKPVBwXZ-kmegPNtzI.roa (raw, json)
Hash identifier:          zXNzTxn4aqcS0o3ZnNpUysUJrDMxnOWOsokAw7QGb3s=
Subject key identifier:   CA:6B:01:93:3B:54:A2:52:8F:54:1C:17:67:E9:26:7A:03:CD:B7:32
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D171CCB227F0BFE5B3E60E1A8560854D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ymsBkztUolKPVBwXZ-kmegPNtzI.roa
Signing time:             Fri 22 Aug 2025 11:02:32 +0000
ROA not before:           Fri 22 Aug 2025 11:02:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        151.243.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:71:cc:b2:27:f0:bf:e5:b3:e6:0e:1a:85:60:85:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 22 11:02:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca6b01933b54a2528f541c1767e9267a03cdb732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:69:43:83:c3:ed:5a:06:bf:1e:28:64:66:96:
                    1d:09:52:96:c9:3d:00:35:16:d6:73:16:03:6a:98:
                    32:cf:60:05:bc:6b:14:9a:f0:e8:c6:ad:55:3a:27:
                    9d:8f:12:cc:aa:e0:c6:4d:4b:33:50:c8:b8:df:13:
                    64:63:23:28:d2:cb:06:38:e9:75:b2:c9:7d:ef:df:
                    0f:4c:3f:70:84:65:24:ec:cb:a6:cb:94:d2:53:23:
                    d9:54:cc:80:59:cd:3c:35:dc:2d:b4:60:7d:26:1b:
                    21:00:1a:2f:75:49:69:15:18:4f:b5:c1:75:27:61:
                    71:49:23:d6:8b:98:96:b7:ee:1b:b0:bd:13:8c:63:
                    a3:8d:eb:e8:3f:fa:37:7d:60:97:ff:f3:c9:00:77:
                    65:84:f7:80:b7:33:31:fe:c9:f6:0c:45:6e:93:c7:
                    0c:b7:81:a7:7f:b2:ba:3b:47:ff:8c:fe:b5:32:a9:
                    4c:90:15:78:af:3c:75:c8:6d:37:11:43:be:73:3d:
                    fd:d1:c7:9d:cd:36:97:c2:c1:5e:97:81:ad:34:a9:
                    6e:8a:b6:22:df:53:2a:73:88:8f:47:d5:77:bd:dd:
                    f3:57:23:d6:3d:4f:de:93:fd:37:f9:34:6b:c2:18:
                    81:e5:b7:13:d1:3b:70:a2:ad:e8:59:16:4b:44:4d:
                    14:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:6B:01:93:3B:54:A2:52:8F:54:1C:17:67:E9:26:7A:03:CD:B7:32
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ymsBkztUolKPVBwXZ-kmegPNtzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:8f:6a:cd:3f:96:85:92:24:37:75:2a:a3:53:c5:2f:cf:a2:
         8d:57:9b:6e:05:5b:42:a2:b3:4c:d8:3b:29:28:90:ce:dd:c5:
         97:ca:bf:3e:d3:bf:b7:c1:70:df:78:e0:56:b1:b7:30:d1:ef:
         48:c6:d3:39:00:23:2f:06:0c:48:4e:8c:84:e8:64:2f:fa:5f:
         9e:3d:c3:46:7a:bf:b1:04:39:c8:b9:11:72:40:4a:0b:bb:85:
         0a:e2:d5:bf:1d:58:bf:85:53:f4:f4:a2:97:75:58:5c:c0:5f:
         54:5a:ca:9b:bf:27:f5:5b:5d:d8:52:c6:6e:b4:ef:7f:0c:46:
         4a:da:26:4d:40:38:bb:6e:a2:22:b7:8a:ad:b0:26:ee:b9:7d:
         8b:f1:a9:b1:ea:72:06:3f:ff:7a:bd:f5:59:e4:2f:02:47:86:
         10:6b:7a:52:74:49:12:d0:71:15:25:25:fe:57:af:c4:ec:e7:
         84:c4:17:6a:9e:c6:c9:c1:6b:31:04:a5:05:e8:3a:40:ac:f7:
         4a:af:be:30:96:f1:90:01:04:17:77:99:08:e4:59:26:be:51:
         66:69:96:5e:99:d7:89:9c:f0:0b:5a:62:d7:84:1b:c1:e2:54:
         4e:67:bd:83:3f:c9:a9:ac:45:73:47:47:1a:9b:35:04:09:da:
         ba:d5:2b:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRccyyJ/C/5bPmDhqFYIVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTEwMjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTZiMDE5MzNiNTRhMjUyOGY1NDFjMTc2N2U5MjY3YTAzY2RiNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGlDg8PtWga/HihkZpYdCVKWyT0A
NRbWcxYDapgyz2AFvGsUmvDoxq1VOiedjxLMquDGTUszUMi43xNkYyMo0ssGOOl1
ssl9798PTD9whGUk7Mumy5TSUyPZVMyAWc08NdwttGB9JhshABovdUlpFRhPtcF1
J2FxSSPWi5iWt+4bsL0TjGOjjevoP/o3fWCX//PJAHdlhPeAtzMx/sn2DEVuk8cM
t4Gnf7K6O0f/jP61MqlMkBV4rzx1yG03EUO+cz390cedzTaXwsFel4GtNKluirYi
31Mqc4iPR9V3vd3zVyPWPU/ek/03+TRrwhiB5bcT0Ttwoq3oWRZLRE0UkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMprAZM7VKJSj1QcF2fpJnoDzbcyMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveW1zQmt6dFVvbEtQVkJ3WFota21lZ1BOdHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/PUMA0G
CSqGSIb3DQEBCwUAA4IBAQAxj2rNP5aFkiQ3dSqjU8Uvz6KNV5tuBVtCorNM2Dsp
KJDO3cWXyr8+07+3wXDfeOBWsbcw0e9IxtM5ACMvBgxIToyE6GQv+l+ePcNGer+x
BDnIuRFyQEoLu4UK4tW/HVi/hVP09KKXdVhcwF9UWsqbvyf1W13YUsZutO9/DEZK
2iZNQDi7bqIit4qtsCbuuX2L8amx6nIGP/96vfVZ5C8CR4YQa3pSdEkS0HEVJSX+
V6/E7OeExBdqnsbJwWsxBKUF6DpArPdKr74wlvGQAQQXd5kI5FkmvlFmaZZemdeJ
nPALWmLXhBvB4lROZ72DP8mprEVzR0camzUECdq61SsR
-----END CERTIFICATE-----