Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/Q9CRQZy3s0gtS_tA2FymWdsC4t4.roa
File:                     Q9CRQZy3s0gtS_tA2FymWdsC4t4.roa (raw, json)
Hash identifier:          9hBwRUtzjTqHG1Gie71trio1LQkRxaOtaflWu8/l7K4=
Subject key identifier:   43:D0:91:41:9C:B7:B3:48:2D:4B:FB:40:D8:5C:A6:59:DB:02:E2:DE
Certificate issuer:       /CN=e47e3c9a951f1b158113ab7c3df19dfc336d9eef
Certificate serial:       0196AE8B5B26AE4C5E116CDDF829B4999877
Authority key identifier: E4:7E:3C:9A:95:1F:1B:15:81:13:AB:7C:3D:F1:9D:FC:33:6D:9E:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5H48mpUfGxWBE6t8PfGd_DNtnu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/Q9CRQZy3s0gtS_tA2FymWdsC4t4.roa
Signing time:             Thu 08 May 2025 06:18:10 +0000
ROA not before:           Thu 08 May 2025 06:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205664
IP address blocks:        151.156.248.0/22 maxlen: 24
                          151.156.249.0/24 maxlen: 24
                          151.156.252.0/22 maxlen: 24
                          151.156.253.0/24 maxlen: 24
                          151.156.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/5H48mpUfGxWBE6t8PfGd_DNtnu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/5H48mpUfGxWBE6t8PfGd_DNtnu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5H48mpUfGxWBE6t8PfGd_DNtnu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ae:8b:5b:26:ae:4c:5e:11:6c:dd:f8:29:b4:99:98:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e47e3c9a951f1b158113ab7c3df19dfc336d9eef
        Validity
            Not Before: May  8 06:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43d091419cb7b3482d4bfb40d85ca659db02e2de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0f:17:cc:4a:cb:01:06:d8:8d:0c:84:96:8e:
                    94:b9:ce:b6:e9:a3:1f:88:76:c3:60:36:ba:8b:0d:
                    64:bc:8b:5b:7b:be:dd:42:5a:cd:f6:f2:ae:10:94:
                    32:6f:3b:a3:87:88:15:76:76:ac:79:a7:f1:4a:5c:
                    ca:d8:e3:8b:e2:8f:89:75:b7:a3:1e:f8:f8:aa:85:
                    2f:5c:e4:ce:3f:f9:e0:13:5e:7d:69:98:1f:3b:c0:
                    bc:c6:12:48:80:a3:e6:0b:ed:a0:30:02:03:4e:00:
                    3e:17:ea:99:f2:5a:95:3c:98:a6:f5:5a:8e:d9:37:
                    f9:9b:49:90:1a:4d:0c:e1:84:b6:76:ac:02:29:d3:
                    cf:c3:4b:0f:0c:22:06:1a:c3:6c:fb:80:ee:0c:ad:
                    b2:5c:6b:9a:87:db:6f:9b:ff:f7:ce:45:13:74:a9:
                    c6:f7:4c:f3:cb:8d:5e:3c:f6:16:14:9a:04:a2:e1:
                    57:89:03:b7:4a:e8:3a:7b:9f:4d:1a:b5:4a:6d:42:
                    24:cf:2d:a2:a3:0a:69:c5:5e:88:a3:e1:c3:f8:32:
                    15:fa:83:6a:b3:a5:0f:f1:b8:47:ba:07:00:6a:94:
                    75:ba:52:46:a1:0b:55:83:af:6c:72:a5:85:81:b1:
                    2c:90:28:af:bd:e3:5f:64:60:a9:76:d6:8e:a4:33:
                    8c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:D0:91:41:9C:B7:B3:48:2D:4B:FB:40:D8:5C:A6:59:DB:02:E2:DE
            X509v3 Authority Key Identifier:
                keyid:E4:7E:3C:9A:95:1F:1B:15:81:13:AB:7C:3D:F1:9D:FC:33:6D:9E:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5H48mpUfGxWBE6t8PfGd_DNtnu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/Q9CRQZy3s0gtS_tA2FymWdsC4t4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/5H48mpUfGxWBE6t8PfGd_DNtnu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.156.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         75:40:3d:38:5e:cf:2c:37:8a:e8:61:b0:e0:bc:f3:75:1d:06:
         29:a4:0a:bb:85:a4:cf:3e:74:70:64:8e:e4:dc:4e:dc:5a:d0:
         54:fb:3b:d8:47:9e:ff:c6:51:06:b1:95:c9:dd:c8:cb:dd:95:
         9a:35:02:44:35:93:cd:8f:d0:46:00:c0:53:49:8c:6b:a8:1b:
         a0:1c:f8:c9:cf:6e:08:e7:d6:cf:e1:4e:c1:11:76:30:30:e1:
         21:b4:43:cf:6a:42:dc:b8:61:ac:94:25:e4:53:a9:3b:9f:34:
         57:2f:9a:1e:66:ec:9c:ef:73:e9:d7:b6:e8:12:3a:07:96:f7:
         82:8b:9e:7d:12:46:e4:90:19:56:00:ce:e2:f3:e9:92:68:34:
         cc:d1:d3:fa:67:b6:63:1b:52:11:11:78:fa:98:e1:c0:ce:bb:
         6a:d8:9c:25:23:11:02:71:a3:b8:2a:11:da:62:69:13:c0:ac:
         70:3e:17:bd:16:f4:c3:1f:9f:fa:15:89:a7:cb:a4:8e:ed:9f:
         c8:8c:0d:6a:24:83:54:3e:45:5f:8c:2e:85:b3:9a:97:8a:bb:
         22:74:61:61:a8:9a:f3:19:c9:56:a7:17:57:c4:95:9a:5f:15:
         3c:2e:0e:f0:4a:2a:b3:02:b4:23:fd:1b:53:67:ba:c9:47:b3:
         73:c2:73:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaui1smrkxeEWzd+Cm0mZh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0N2UzYzlhOTUxZjFiMTU4MTEzYWI3YzNkZjE5ZGZjMzM2
ZDllZWYwHhcNMjUwNTA4MDYxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2QwOTE0MTljYjdiMzQ4MmQ0YmZiNDBkODVjYTY1OWRiMDJlMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtg8XzErLAQbYjQyElo6Uuc626aMf
iHbDYDa6iw1kvItbe77dQlrN9vKuEJQybzujh4gVdnaseafxSlzK2OOL4o+Jdbej
Hvj4qoUvXOTOP/ngE159aZgfO8C8xhJIgKPmC+2gMAIDTgA+F+qZ8lqVPJim9VqO
2Tf5m0mQGk0M4YS2dqwCKdPPw0sPDCIGGsNs+4DuDK2yXGuah9tvm//3zkUTdKnG
90zzy41ePPYWFJoEouFXiQO3Sug6e59NGrVKbUIkzy2iowppxV6Io+HD+DIV+oNq
s6UP8bhHugcAapR1ulJGoQtVg69scqWFgbEskCivveNfZGCpdtaOpDOMHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPQkUGct7NILUv7QNhcplnbAuLeMB8GA1UdIwQY
MBaAFOR+PJqVHxsVgROrfD3xnfwzbZ7vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUg0OG1wVWZHeFdCRTZ0OFBmR2RfRE50bnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MGFlZDEtNmY3NC00M2E5LTk3NmYt
N2VkNWUzMWFlNDRmLzEvUTlDUlFaeTNzMGd0U190QTJGeW1XZHNDNHQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MGFlZDEtNmY3NC00M2E5LTk3NmYtN2VkNWUzMWFlNDRm
LzEvNUg0OG1wVWZHeFdCRTZ0OFBmR2RfRE50bnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDl5z4MA0G
CSqGSIb3DQEBCwUAA4IBAQB1QD04Xs8sN4roYbDgvPN1HQYppAq7haTPPnRwZI7k
3E7cWtBU+zvYR57/xlEGsZXJ3cjL3ZWaNQJENZPNj9BGAMBTSYxrqBugHPjJz24I
59bP4U7BEXYwMOEhtEPPakLcuGGslCXkU6k7nzRXL5oeZuyc73Pp17boEjoHlveC
i559EkbkkBlWAM7i8+mSaDTM0dP6Z7ZjG1IREXj6mOHAzrtq2JwlIxECcaO4KhHa
YmkTwKxwPhe9FvTDH5/6FYmny6SO7Z/IjA1qJINUPkVfjC6Fs5qXirsidGFhqJrz
GclWpxdXxJWaXxU8Lg7wSiqzArQj/RtTZ7rJR7NzwnPg
-----END CERTIFICATE-----