Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/z4XmVXA5HOUJqCcmfVM2xiXssSQ.roa
File:                     z4XmVXA5HOUJqCcmfVM2xiXssSQ.roa (raw, json)
Hash identifier:          SVpz5L+wGkaBQlZv5uHZHSUAkIX0qI0etlxFoSRGySE=
Subject key identifier:   CF:85:E6:55:70:39:1C:E5:09:A8:27:26:7D:53:36:C6:25:EC:B1:24
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01991D9542CA4A6BFEF4A9B7DF2ED3A4CE40
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/z4XmVXA5HOUJqCcmfVM2xiXssSQ.roa
Signing time:             Sat 06 Sep 2025 05:52:25 +0000
ROA not before:           Sat 06 Sep 2025 05:52:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206264
IP address blocks:        151.244.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1d:95:42:ca:4a:6b:fe:f4:a9:b7:df:2e:d3:a4:ce:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  6 05:52:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf85e65570391ce509a827267d5336c625ecb124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:57:8f:9a:7a:7e:0c:a1:60:bd:d3:53:13:32:
                    a6:a6:e3:39:64:ed:f6:85:01:57:81:3e:82:7c:8d:
                    82:a3:34:ef:c7:a2:82:a4:41:32:9d:43:7e:a6:f8:
                    0c:3f:08:85:d1:74:4f:15:35:64:7e:cc:a0:94:23:
                    38:77:35:6a:c4:cd:44:23:d6:4e:fa:6c:03:2b:30:
                    3b:5d:60:f9:a9:89:80:58:b4:8e:a9:18:1f:b5:d4:
                    9d:e3:db:7e:6c:1f:3b:47:2c:b5:e6:d3:f4:e1:94:
                    49:bd:5b:5e:77:ab:6d:ce:ac:ca:47:92:e0:49:18:
                    1e:46:9d:00:6c:5b:4c:be:62:91:29:8c:05:c8:e6:
                    73:bc:01:d4:0d:69:9e:cb:1e:c1:05:b1:17:f4:a8:
                    05:dd:8a:86:fc:12:84:d3:54:09:88:8e:7a:e6:67:
                    f4:e6:13:ad:b4:cc:7a:88:33:99:e6:f7:9e:e6:80:
                    1d:db:80:65:25:19:23:26:a7:3d:c2:10:65:85:c3:
                    df:bc:b7:c8:4b:47:ed:4c:30:12:31:70:ad:96:fd:
                    53:b2:5b:2b:fe:4e:9d:85:58:71:74:9a:d6:e8:3b:
                    a9:46:76:ed:0b:44:b0:cc:a8:5b:c6:ef:6f:e4:14:
                    1b:59:1e:f0:c3:6b:fc:88:18:06:66:0c:66:d5:a1:
                    87:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:85:E6:55:70:39:1C:E5:09:A8:27:26:7D:53:36:C6:25:EC:B1:24
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/z4XmVXA5HOUJqCcmfVM2xiXssSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:38:3e:bd:39:ec:b7:18:35:7a:d7:2c:76:28:79:6a:f1:0c:
         8c:a1:12:f4:c5:23:61:5e:c5:28:98:1a:1b:c8:be:94:8d:93:
         5c:71:3e:bf:6e:58:da:17:ac:98:55:f8:98:1d:27:ef:2a:ed:
         6a:c7:56:be:bc:d2:da:e3:07:1e:f7:66:d4:86:62:72:11:f6:
         8a:82:d4:01:e8:f3:28:20:44:69:90:40:7c:d8:26:4e:8c:ce:
         bd:25:9a:b4:cb:17:d7:2d:dc:ff:e3:61:6c:ae:5b:df:43:44:
         20:a4:ee:e8:3c:f7:a6:b4:0f:00:5b:e3:9f:33:90:bf:6e:f2:
         0b:45:77:38:19:8e:e3:ed:c1:b3:37:ee:3f:71:f2:43:df:f1:
         71:40:8f:29:db:ef:5f:c8:b3:7d:a3:95:0c:29:c7:42:d7:4d:
         5b:78:b7:3a:28:94:70:0f:45:09:0f:8a:34:78:40:b6:83:13:
         be:14:d8:86:14:2f:85:4d:0f:3f:53:fa:c0:25:60:f7:6d:9c:
         98:2a:72:2a:ec:1d:55:14:66:97:b7:4a:6b:7b:fa:1a:ea:7a:
         cb:9b:66:9a:09:ea:32:3f:a4:37:d4:32:1a:af:da:b0:db:3a:
         42:ad:9e:9b:a9:de:2c:44:fa:cf:01:32:94:66:a9:52:22:7c:
         34:f6:7e:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkdlULKSmv+9Km33y7TpM5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTA2MDU1MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjg1ZTY1NTcwMzkxY2U1MDlhODI3MjY3ZDUzMzZjNjI1ZWNiMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1ePmnp+DKFgvdNTEzKmpuM5ZO32
hQFXgT6CfI2CozTvx6KCpEEynUN+pvgMPwiF0XRPFTVkfsyglCM4dzVqxM1EI9ZO
+mwDKzA7XWD5qYmAWLSOqRgftdSd49t+bB87Ryy15tP04ZRJvVted6ttzqzKR5Lg
SRgeRp0AbFtMvmKRKYwFyOZzvAHUDWmeyx7BBbEX9KgF3YqG/BKE01QJiI565mf0
5hOttMx6iDOZ5vee5oAd24BlJRkjJqc9whBlhcPfvLfIS0ftTDASMXCtlv1Tslsr
/k6dhVhxdJrW6DupRnbtC0SwzKhbxu9v5BQbWR7ww2v8iBgGZgxm1aGHgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+F5lVwORzlCagnJn1TNsYl7LEkMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvejRYbVZYQTVIT1VKcUNjbWZWTTJ4aVhzc1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/TcMA0G
CSqGSIb3DQEBCwUAA4IBAQBAOD69Oey3GDV61yx2KHlq8QyMoRL0xSNhXsUomBob
yL6UjZNccT6/bljaF6yYVfiYHSfvKu1qx1a+vNLa4wce92bUhmJyEfaKgtQB6PMo
IERpkEB82CZOjM69JZq0yxfXLdz/42FsrlvfQ0QgpO7oPPemtA8AW+OfM5C/bvIL
RXc4GY7j7cGzN+4/cfJD3/FxQI8p2+9fyLN9o5UMKcdC101beLc6KJRwD0UJD4o0
eEC2gxO+FNiGFC+FTQ8/U/rAJWD3bZyYKnIq7B1VFGaXt0pre/oa6nrLm2aaCeoy
P6Q31DIar9qw2zpCrZ6bqd4sRPrPATKUZqlSInw09n72
-----END CERTIFICATE-----