Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zPWrpDB5wcgV63LFyrq_omZzR0w.roa
File:                     zPWrpDB5wcgV63LFyrq_omZzR0w.roa (raw, json)
Hash identifier:          XoVVi9nRWwKTi86rzC1mD4Hj9no0GMAhLfzoJj2s+a4=
Subject key identifier:   CC:F5:AB:A4:30:79:C1:C8:15:EB:72:C5:CA:BA:BF:A2:66:73:47:4C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D195FFE872EF1FC36432D09AAB419F4C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zPWrpDB5wcgV63LFyrq_omZzR0w.roa
Signing time:             Fri 22 Aug 2025 11:42:05 +0000
ROA not before:           Fri 22 Aug 2025 11:42:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56655
IP address blocks:        151.242.104.0/24 maxlen: 24
                          151.242.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:95:ff:e8:72:ef:1f:c3:64:32:d0:9a:ab:41:9f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 22 11:42:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccf5aba43079c1c815eb72c5cababfa26673474c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:de:d2:b0:b4:c8:f2:0e:03:87:ba:13:ae:3b:
                    ea:58:0b:c1:39:08:4c:c5:20:8d:2c:67:c6:bc:20:
                    27:8f:fe:85:20:2b:60:88:84:0a:47:1a:db:38:b2:
                    85:21:f9:3d:71:aa:52:ed:3e:e8:ca:5c:a6:18:09:
                    70:69:60:61:a8:2e:1a:96:66:f7:79:94:c0:eb:79:
                    23:f8:43:ba:5e:02:ba:5a:b0:a6:c8:8a:fb:8b:77:
                    0c:9d:f6:8f:de:f7:41:97:d7:5c:79:10:f8:e1:06:
                    7f:61:56:72:e9:3d:ed:2e:18:63:ce:a9:90:b1:0a:
                    02:90:a7:22:24:2c:04:dc:0e:e9:64:d1:89:06:ab:
                    fc:fa:dd:cc:0d:a1:f1:d9:61:c9:b1:d5:75:5a:29:
                    6e:89:db:6f:82:2f:5d:55:83:c8:cd:ac:39:d7:e6:
                    af:ab:1d:1d:ce:13:fa:54:d8:8e:eb:ea:58:c7:11:
                    1b:ea:f0:6e:93:fb:73:1e:7f:a6:25:9e:4a:b6:dc:
                    80:bd:67:0e:99:e8:6d:d8:b2:05:bf:2e:07:1b:eb:
                    ad:69:c1:09:dc:51:49:5e:3f:40:16:d8:e0:b2:88:
                    b8:2e:c6:fd:6d:b0:06:50:dc:9a:83:51:5e:65:b1:
                    9b:60:22:c4:00:89:11:8a:c3:69:9e:38:ef:78:8d:
                    1b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F5:AB:A4:30:79:C1:C8:15:EB:72:C5:CA:BA:BF:A2:66:73:47:4C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zPWrpDB5wcgV63LFyrq_omZzR0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.104.0/24
                  151.242.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:80:66:28:8d:32:76:1f:5b:e1:1e:80:12:32:a3:78:e1:70:
         4a:69:d2:68:6c:3d:3c:62:b3:19:6f:bc:b4:18:89:1f:e1:95:
         22:24:4e:01:03:19:f1:e3:d1:d2:d8:ea:c8:88:51:4b:1d:a5:
         6a:03:14:44:f5:fd:d2:76:a5:5e:19:e5:80:12:4c:34:59:bc:
         20:66:3c:fd:7e:85:68:7b:a3:96:9d:fc:b8:e2:f4:a5:54:fa:
         aa:95:ea:cb:d4:7d:09:96:01:2c:2e:7e:d2:01:fd:b5:a8:ed:
         80:44:59:da:c5:43:0f:f2:ec:98:e7:b4:cd:fe:c3:97:92:c1:
         5d:8e:86:ff:6c:91:e9:2d:fb:b0:0a:dc:73:ba:9b:96:f0:a1:
         88:ed:57:e4:28:57:4e:c8:70:12:b2:57:a3:8d:8c:33:25:08:
         43:d1:41:ae:e3:e4:7a:cf:00:5f:b9:71:13:23:12:09:69:fc:
         22:4c:c6:34:b0:68:ec:7e:b7:52:d5:60:52:5f:ac:9a:b1:8b:
         ad:b7:3e:7e:6c:64:39:47:3b:7c:99:b1:d4:cc:50:b2:1a:94:
         61:70:9a:09:fd:4c:0b:b4:3b:42:dd:4f:a1:a6:2b:47:d2:ce:
         c0:4c:62:16:e5:a5:35:0e:7b:61:18:0c:ee:06:7b:8f:82:a3:
         d2:ff:11:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjRlf/ocu8fw2Qy0JqrQZ9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTE0MjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Y1YWJhNDMwNzljMWM4MTVlYjcyYzVjYWJhYmZhMjY2NzM0NzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvt7SsLTI8g4Dh7oTrjvqWAvBOQhM
xSCNLGfGvCAnj/6FICtgiIQKRxrbOLKFIfk9capS7T7oylymGAlwaWBhqC4almb3
eZTA63kj+EO6XgK6WrCmyIr7i3cMnfaP3vdBl9dceRD44QZ/YVZy6T3tLhhjzqmQ
sQoCkKciJCwE3A7pZNGJBqv8+t3MDaHx2WHJsdV1Wiluidtvgi9dVYPIzaw51+av
qx0dzhP6VNiO6+pYxxEb6vBuk/tzHn+mJZ5KttyAvWcOmeht2LIFvy4HG+utacEJ
3FFJXj9AFtjgsoi4Lsb9bbAGUNyag1FeZbGbYCLEAIkRisNpnjjveI0bJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMz1q6QwecHIFetyxcq6v6Jmc0dMMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvelBXcnBEQjV3Y2dWNjNMRnlycV9vbVp6UjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/JoAwQB
l/KoMA0GCSqGSIb3DQEBCwUAA4IBAQAlgGYojTJ2H1vhHoASMqN44XBKadJobD08
YrMZb7y0GIkf4ZUiJE4BAxnx49HS2OrIiFFLHaVqAxRE9f3SdqVeGeWAEkw0Wbwg
Zjz9foVoe6OWnfy44vSlVPqqlerL1H0JlgEsLn7SAf21qO2ARFnaxUMP8uyY57TN
/sOXksFdjob/bJHpLfuwCtxzupuW8KGI7VfkKFdOyHASslejjYwzJQhD0UGu4+R6
zwBfuXETIxIJafwiTMY0sGjsfrdS1WBSX6yasYuttz5+bGQ5Rzt8mbHUzFCyGpRh
cJoJ/UwLtDtC3U+hpitH0s7ATGIW5aU1DnthGAzuBnuPgqPS/xGF
-----END CERTIFICATE-----