Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/33sUwweowBSklmDUZCD4LMkQ5Ug.roa
File:                     33sUwweowBSklmDUZCD4LMkQ5Ug.roa (raw, json)
Hash identifier:          +777p9tnmP0ispcP+cY6G2jIGTbXp/5Z4g/RE9cbi+Y=
Subject key identifier:   DF:7B:14:C3:07:A8:C0:14:A4:96:60:D4:64:20:F8:2C:C9:10:E5:48
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019821C35426756BA709DCD84ADD2C595ADC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/33sUwweowBSklmDUZCD4LMkQ5Ug.roa
Signing time:             Sat 19 Jul 2025 08:18:25 +0000
ROA not before:           Sat 19 Jul 2025 08:18:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25846
IP address blocks:        151.241.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:21:c3:54:26:75:6b:a7:09:dc:d8:4a:dd:2c:59:5a:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 19 08:18:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df7b14c307a8c014a49660d46420f82cc910e548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:cc:2a:5b:65:9c:cd:29:68:06:c1:58:02:e2:
                    69:8f:ff:69:3b:53:ad:bc:29:4d:fc:c2:62:56:b9:
                    30:6c:92:4d:cc:24:87:51:f1:82:dc:dd:05:be:a9:
                    e1:c8:24:94:b2:f4:f5:05:5c:bf:d7:c2:26:d0:d0:
                    f7:1c:8e:06:c4:a0:7f:bb:7d:f2:f2:15:0e:9a:e6:
                    76:e3:49:9d:26:10:ff:e5:78:60:20:91:22:b7:1f:
                    ba:0d:58:b1:a9:44:90:ce:b2:83:69:bd:71:c2:98:
                    95:56:a0:e6:5b:b2:36:4a:35:e0:7b:c2:6a:86:46:
                    c2:9a:fd:82:7d:48:45:24:39:ec:be:5b:a8:ec:6d:
                    e3:48:d7:32:f0:c4:fa:8c:73:96:ae:9c:17:86:b9:
                    6b:5a:29:d6:b4:89:0c:be:2c:8a:e6:14:c9:5f:ec:
                    f7:d9:50:0a:8b:c2:a0:a6:9a:b2:ad:1e:41:f7:62:
                    40:57:9d:cf:6a:b2:7c:3c:b0:c0:38:e5:59:83:eb:
                    a2:7e:8b:97:a4:1f:aa:e2:32:ab:4b:8a:61:31:35:
                    3d:d8:a4:59:ee:3b:81:97:ac:e7:18:46:c1:77:d8:
                    fa:73:ee:ac:16:b3:7c:d4:33:2b:60:d6:66:2a:72:
                    03:c4:62:a7:ec:7e:e3:75:52:67:66:b3:ec:5b:6e:
                    00:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:7B:14:C3:07:A8:C0:14:A4:96:60:D4:64:20:F8:2C:C9:10:E5:48
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/33sUwweowBSklmDUZCD4LMkQ5Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:fb:dd:d5:61:fd:6a:91:f0:20:12:cb:b0:6e:5c:0c:3f:ac:
         c8:aa:58:87:1b:75:f8:e7:24:3f:10:6f:11:e4:21:2e:3e:3e:
         77:48:24:a8:6c:f1:8c:bc:ed:a5:c5:75:ab:85:92:37:f3:e6:
         6e:98:e7:cc:fc:16:eb:bc:13:63:a3:47:1d:8e:e2:1a:61:19:
         5d:ec:92:ed:ba:77:9f:66:7c:66:d9:3e:e6:fa:12:44:be:3e:
         8c:01:7b:10:6e:f0:56:47:53:d1:ac:42:bc:fa:8a:20:6d:13:
         dd:03:9e:99:b3:ee:01:e8:ba:46:b5:e7:73:21:ac:a4:30:75:
         84:d4:53:fb:4d:d4:b9:33:5a:61:3f:ec:b2:fe:50:34:29:ac:
         d2:14:d3:a7:b0:2a:80:cb:cf:15:9d:cb:96:bb:70:57:60:45:
         31:fc:8e:22:eb:52:10:77:f5:2c:b2:48:59:c3:03:43:77:ed:
         17:08:5f:78:4f:e7:be:89:52:11:19:c6:a5:4f:9b:42:d6:0c:
         e6:c0:03:56:05:55:89:8f:c8:93:ee:fe:74:b7:3c:ad:f5:77:
         a9:b0:00:96:5d:8d:87:04:3c:c1:0e:5c:ea:bb:f4:ea:7e:3a:
         96:49:65:59:f6:37:89:8e:be:23:12:7a:14:af:9e:7c:f6:c7:
         05:41:e2:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZghw1QmdWunCdzYSt0sWVrcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzE5MDgxODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjdiMTRjMzA3YThjMDE0YTQ5NjYwZDQ2NDIwZjgyY2M5MTBlNTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MwqW2WczSloBsFYAuJpj/9pO1Ot
vClN/MJiVrkwbJJNzCSHUfGC3N0FvqnhyCSUsvT1BVy/18Im0ND3HI4GxKB/u33y
8hUOmuZ240mdJhD/5XhgIJEitx+6DVixqUSQzrKDab1xwpiVVqDmW7I2SjXge8Jq
hkbCmv2CfUhFJDnsvluo7G3jSNcy8MT6jHOWrpwXhrlrWinWtIkMviyK5hTJX+z3
2VAKi8KgppqyrR5B92JAV53ParJ8PLDAOOVZg+uifouXpB+q4jKrS4phMTU92KRZ
7juBl6znGEbBd9j6c+6sFrN81DMrYNZmKnIDxGKn7H7jdVJnZrPsW24A7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN97FMMHqMAUpJZg1GQg+CzJEOVIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMzNzVXd3ZW93QlNrbG1EVVpDRDRMTWtRNVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/EBMA0G
CSqGSIb3DQEBCwUAA4IBAQCT+93VYf1qkfAgEsuwblwMP6zIqliHG3X45yQ/EG8R
5CEuPj53SCSobPGMvO2lxXWrhZI38+ZumOfM/BbrvBNjo0cdjuIaYRld7JLtunef
Znxm2T7m+hJEvj6MAXsQbvBWR1PRrEK8+oogbRPdA56Zs+4B6LpGtedzIaykMHWE
1FP7TdS5M1phP+yy/lA0KazSFNOnsCqAy88VncuWu3BXYEUx/I4i61IQd/UsskhZ
wwNDd+0XCF94T+e+iVIRGcalT5tC1gzmwANWBVWJj8iT7v50tzyt9XepsACWXY2H
BDzBDlzqu/TqfjqWSWVZ9jeJjr4jEnoUr5589scFQeLY
-----END CERTIFICATE-----