Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5BFI6PoA3_f0TtY6gD0RYtyFKL8.roa
File:                     5BFI6PoA3_f0TtY6gD0RYtyFKL8.roa (raw, json)
Hash identifier:          tWuiK0ofs9Xw9NL7e0LL0ssdGfR5VF1+J+lyJCtrJ10=
Subject key identifier:   E4:11:48:E8:FA:00:DF:F7:F4:4E:D6:3A:80:3D:11:62:DC:85:28:BF
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197FDF96548E0A5DDE98487B26D5D3BC946
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5BFI6PoA3_f0TtY6gD0RYtyFKL8.roa
Signing time:             Sat 12 Jul 2025 09:31:09 +0000
ROA not before:           Sat 12 Jul 2025 09:31:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        151.243.162.0/24 maxlen: 24
                          151.243.168.0/24 maxlen: 24
                          151.243.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fd:f9:65:48:e0:a5:dd:e9:84:87:b2:6d:5d:3b:c9:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 12 09:31:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e41148e8fa00dff7f44ed63a803d1162dc8528bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:78:c5:b9:d8:d1:08:50:2b:e1:83:05:ea:14:
                    67:69:5d:bd:e6:bf:b3:47:77:c6:db:2b:23:c1:1f:
                    3f:c6:9c:db:5b:f2:d3:92:0d:14:62:ea:69:00:96:
                    17:ab:da:fe:9e:82:c3:73:d8:62:c2:75:1a:5e:df:
                    fc:db:6b:47:ab:d3:8b:c6:ad:b6:69:47:5e:be:5a:
                    77:36:f0:a9:f3:44:70:da:d7:62:0d:1a:91:9c:32:
                    8e:f8:7c:2b:08:8e:a3:64:56:fa:f0:d1:c9:76:a5:
                    68:e7:95:dd:80:ea:1a:f0:c8:34:6a:b5:4f:46:c3:
                    c0:ea:fb:a7:17:bb:53:7f:b2:ba:59:ff:35:6b:ff:
                    13:a3:3d:8b:7b:3d:4f:2d:e8:88:9f:8c:4a:86:28:
                    34:95:60:fd:73:b4:ea:25:23:a2:5f:0e:65:94:d3:
                    99:8b:e2:ef:62:1b:dc:87:a7:e9:62:ac:f2:dd:1a:
                    81:c7:59:41:42:cf:e2:6c:26:53:98:ad:7c:19:95:
                    4c:7e:6b:7f:8f:17:e1:e8:9a:47:09:b4:04:b1:21:
                    37:6f:e8:7e:83:98:71:fe:bc:38:2d:00:88:24:1c:
                    57:9d:11:e8:9b:c9:a3:2b:db:a4:dc:36:f4:fe:00:
                    3c:8a:ae:a8:5c:af:aa:72:c6:08:3a:56:3c:fd:12:
                    fc:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:11:48:E8:FA:00:DF:F7:F4:4E:D6:3A:80:3D:11:62:DC:85:28:BF
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5BFI6PoA3_f0TtY6gD0RYtyFKL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.162.0/24
                  151.243.168.0/24
                  151.243.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:63:9b:bd:a0:3c:13:9b:c6:51:ce:50:20:a2:93:2c:2f:2c:
         8b:14:ac:7c:43:ec:dc:7c:4a:80:d9:d6:60:ce:4b:f9:15:30:
         4e:df:77:10:2d:46:23:99:65:3b:14:0c:5e:0f:fc:5f:a2:e0:
         59:34:76:b8:e4:d3:4a:e1:27:5e:8c:49:6f:42:f9:01:ec:ce:
         0e:e5:17:f3:77:b6:d3:83:15:ce:d4:7d:d1:55:e8:7b:90:c6:
         7f:04:73:8b:53:65:3f:1b:ee:95:dc:35:82:53:1c:96:39:d5:
         6e:f9:b4:2f:a2:80:89:65:ee:31:d6:a7:96:4f:f4:7d:70:0c:
         06:28:35:5f:12:f4:86:d2:fd:02:96:f7:05:c8:0e:85:fe:7c:
         43:ae:a1:51:cc:c3:c5:d4:6f:b9:36:b7:10:1b:1a:6e:aa:3a:
         88:df:06:47:15:8e:55:63:ee:44:bf:aa:35:b7:2b:93:33:72:
         a2:ae:d8:c8:c6:7f:5a:ca:13:8b:04:08:ad:ad:52:fd:f7:f8:
         69:64:aa:bc:78:ac:36:f2:a0:83:48:a9:63:2a:83:89:b7:be:
         d9:b9:b3:7c:1e:c0:8e:dc:7f:ce:1c:ae:62:4f:36:bd:7b:fb:
         0c:45:4b:ac:49:f7:40:96:87:13:4b:d2:2b:b1:c9:03:30:90:
         e4:3c:0d:2c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZf9+WVI4KXd6YSHsm1dO8lGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzEyMDkzMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDExNDhlOGZhMDBkZmY3ZjQ0ZWQ2M2E4MDNkMTE2MmRjODUyOGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHjFudjRCFAr4YMF6hRnaV295r+z
R3fG2ysjwR8/xpzbW/LTkg0UYuppAJYXq9r+noLDc9hiwnUaXt/822tHq9OLxq22
aUdevlp3NvCp80Rw2tdiDRqRnDKO+HwrCI6jZFb68NHJdqVo55XdgOoa8Mg0arVP
RsPA6vunF7tTf7K6Wf81a/8Toz2Lez1PLeiIn4xKhig0lWD9c7TqJSOiXw5llNOZ
i+LvYhvch6fpYqzy3RqBx1lBQs/ibCZTmK18GZVMfmt/jxfh6JpHCbQEsSE3b+h+
g5hx/rw4LQCIJBxXnRHom8mjK9uk3Db0/gA8iq6oXK+qcsYIOlY8/RL8MwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOQRSOj6AN/39E7WOoA9EWLchSi/MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNUJGSTZQb0EzX2YwVHRZNmdEMFJZdHlGS0w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/OiAwQA
l/OoAwQAl/P+MA0GCSqGSIb3DQEBCwUAA4IBAQBoY5u9oDwTm8ZRzlAgopMsLyyL
FKx8Q+zcfEqA2dZgzkv5FTBO33cQLUYjmWU7FAxeD/xfouBZNHa45NNK4SdejElv
QvkB7M4O5Rfzd7bTgxXO1H3RVeh7kMZ/BHOLU2U/G+6V3DWCUxyWOdVu+bQvooCJ
Ze4x1qeWT/R9cAwGKDVfEvSG0v0ClvcFyA6F/nxDrqFRzMPF1G+5NrcQGxpuqjqI
3wZHFY5VY+5Ev6o1tyuTM3KirtjIxn9ayhOLBAitrVL99/hpZKq8eKw28qCDSKlj
KoOJt77ZubN8HsCO3H/OHK5iTza9e/sMRUusSfdAlocTS9IrsckDMJDkPA0s
-----END CERTIFICATE-----