Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/M2xOJ7kXIlOEwcmcNjjJu7zYZzE.roa
File:                     M2xOJ7kXIlOEwcmcNjjJu7zYZzE.roa (raw, json)
Hash identifier:          vHQ3yCxQOasyqACMukPBGQ3v2C9MjJ22/vE4IGj+lm4=
Subject key identifier:   33:6C:4E:27:B9:17:22:53:84:C1:C9:9C:36:38:C9:BB:BC:D8:67:31
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0197DF76A1F19753A3958E6AFFDEE5B6C01C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/M2xOJ7kXIlOEwcmcNjjJu7zYZzE.roa
Signing time:             Sun 06 Jul 2025 11:19:43 +0000
ROA not before:           Sun 06 Jul 2025 11:19:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152918
IP address blocks:        151.243.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:76:a1:f1:97:53:a3:95:8e:6a:ff:de:e5:b6:c0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  6 11:19:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=336c4e27b917225384c1c99c3638c9bbbcd86731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:63:b8:cb:d2:15:87:28:cb:61:63:00:9d:
                    6c:85:42:4a:bd:1f:c1:69:15:1e:ed:21:b9:6f:e8:
                    b0:99:f3:6d:2f:17:4d:6d:75:23:39:9d:af:b4:f0:
                    fb:46:b3:fb:1b:06:81:47:41:5f:8e:58:2c:91:19:
                    7a:a4:4a:77:d3:57:87:b0:31:85:c2:ae:a2:db:68:
                    9c:0d:7e:74:e0:e6:38:d8:1f:f1:c6:98:8c:d1:16:
                    53:e3:f5:42:42:d5:6a:59:40:6b:a8:11:18:ae:83:
                    27:94:67:86:a4:93:ba:34:3f:a8:44:f9:0c:db:1a:
                    18:8a:f8:a4:07:88:fb:9a:65:55:1f:9a:e4:bc:d5:
                    e5:07:a2:38:1c:82:b2:e6:19:3b:e2:0c:0d:d1:71:
                    e5:10:75:18:5b:9b:ff:cc:5f:ea:78:ec:98:e1:49:
                    3d:2d:0d:dc:66:4a:0c:2d:27:8f:85:44:ea:1f:39:
                    87:bc:90:ab:c9:c9:2e:ca:47:1e:0e:56:32:cc:ef:
                    aa:03:bf:6b:99:da:a9:93:5d:ba:0a:66:69:a4:49:
                    c2:96:64:67:15:98:62:cd:81:c7:00:dc:e6:47:57:
                    cb:a3:3e:5d:02:1f:3a:6a:b4:cb:a1:6b:15:53:ff:
                    da:e1:94:4c:8b:cf:7b:d5:bd:0a:0b:12:bb:9a:1a:
                    17:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6C:4E:27:B9:17:22:53:84:C1:C9:9C:36:38:C9:BB:BC:D8:67:31
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/M2xOJ7kXIlOEwcmcNjjJu7zYZzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:32:a0:e7:03:b0:d0:43:c6:7f:d3:75:2b:c2:05:7d:25:45:
         bd:0d:72:b0:79:19:82:aa:02:30:bb:7b:58:13:c1:11:1a:86:
         a3:f0:81:77:40:fc:a9:37:6e:89:13:f3:31:c2:55:a9:a5:65:
         29:3c:06:e9:cc:90:74:fe:f9:44:a8:c0:09:38:bf:6b:f7:ea:
         a7:9d:a0:b4:b2:a5:99:2c:83:da:21:44:4b:1a:e8:c1:14:ec:
         3b:8b:2b:4a:cb:a7:7f:67:75:b9:a9:61:df:47:39:c9:b7:85:
         93:54:68:fd:f0:de:93:72:ca:fa:63:eb:05:e6:3f:c3:87:6b:
         cc:b7:cb:28:9d:17:1f:ed:16:92:35:d6:cb:87:89:e3:cb:3c:
         2f:a1:da:15:6f:9c:f4:18:69:21:fc:4c:71:0e:8b:53:1d:a8:
         85:ce:b3:73:3a:59:9b:54:f1:09:72:5c:bf:fc:0e:7e:55:68:
         b4:4b:dc:27:25:20:54:e4:5a:30:d2:6e:91:e9:42:c4:1d:cb:
         2d:dc:27:fe:de:79:12:05:0a:9c:12:4f:a4:8d:08:a2:0d:39:
         2d:81:bc:68:1c:d2:7b:c7:ea:a0:78:ea:95:b0:78:8f:a2:d9:
         fb:f8:be:e2:5e:e2:ed:d2:a8:a2:d5:fb:b8:95:40:ff:9f:06:
         f3:08:c1:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZffdqHxl1OjlY5q/97ltsAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA2MTExOTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzZjNGUyN2I5MTcyMjUzODRjMWM5OWMzNjM4YzliYmJjZDg2NzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWBjuMvSFYcoy2FjAJ1shUJKvR/B
aRUe7SG5b+iwmfNtLxdNbXUjOZ2vtPD7RrP7GwaBR0FfjlgskRl6pEp301eHsDGF
wq6i22icDX504OY42B/xxpiM0RZT4/VCQtVqWUBrqBEYroMnlGeGpJO6ND+oRPkM
2xoYivikB4j7mmVVH5rkvNXlB6I4HIKy5hk74gwN0XHlEHUYW5v/zF/qeOyY4Uk9
LQ3cZkoMLSePhUTqHzmHvJCryckuykceDlYyzO+qA79rmdqpk126CmZppEnClmRn
FZhizYHHANzmR1fLoz5dAh86arTLoWsVU//a4ZRMi8971b0KCxK7mhoXDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNsTie5FyJThMHJnDY4ybu82GcxMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTTJ4T0o3a1hJbE9Fd2NtY05qakp1N3pZWnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/M8MA0G
CSqGSIb3DQEBCwUAA4IBAQAsMqDnA7DQQ8Z/03UrwgV9JUW9DXKweRmCqgIwu3tY
E8ERGoaj8IF3QPypN26JE/MxwlWppWUpPAbpzJB0/vlEqMAJOL9r9+qnnaC0sqWZ
LIPaIURLGujBFOw7iytKy6d/Z3W5qWHfRznJt4WTVGj98N6Tcsr6Y+sF5j/Dh2vM
t8sonRcf7RaSNdbLh4njyzwvodoVb5z0GGkh/ExxDotTHaiFzrNzOlmbVPEJcly/
/A5+VWi0S9wnJSBU5Fow0m6R6ULEHcst3Cf+3nkSBQqcEk+kjQiiDTktgbxoHNJ7
x+qgeOqVsHiPotn7+L7iXuLt0qii1fu4lUD/nwbzCMGF
-----END CERTIFICATE-----