Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/iIOT18WIVxvJf3PNocT5g276T-o.roa
File:                     iIOT18WIVxvJf3PNocT5g276T-o.roa (raw, json)
Hash identifier:          gctE3aer3h1daT3R0ndwabbQVDuXf4+EO1O2NA7Betw=
Subject key identifier:   88:83:93:D7:C5:88:57:1B:C9:7F:73:CD:A1:C4:F9:83:6E:FA:4F:EA
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01978C4332F904A6F5696202A7A672F36D0B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/iIOT18WIVxvJf3PNocT5g276T-o.roa
Signing time:             Fri 20 Jun 2025 07:35:03 +0000
ROA not before:           Fri 20 Jun 2025 07:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        151.240.113.0/24 maxlen: 24
                          151.240.114.0/24 maxlen: 24
                          151.242.72.0/24 maxlen: 24
                          151.242.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:43:32:f9:04:a6:f5:69:62:02:a7:a6:72:f3:6d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 20 07:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=888393d7c588571bc97f73cda1c4f9836efa4fea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2a:a9:3e:3e:e3:6c:64:ae:e1:67:1a:c9:e1:
                    d9:7a:84:37:42:e5:f7:9c:06:58:cb:b3:4c:30:0b:
                    a5:3d:f7:61:da:03:46:76:75:6c:47:76:cf:15:86:
                    27:f8:bb:89:04:26:d6:aa:95:bc:c8:a0:e7:55:06:
                    e8:47:a5:a6:6a:6f:ca:af:5d:d7:57:fe:a8:39:a2:
                    64:71:cf:21:16:fe:ed:63:9b:f6:8c:1f:f9:61:05:
                    ee:b2:c7:62:c8:cf:e5:02:d5:a2:13:41:cb:67:df:
                    d5:af:34:fe:7d:26:d8:91:d1:15:01:48:e9:00:00:
                    0f:62:09:02:07:92:66:dc:00:69:f0:2a:3a:9d:cc:
                    e8:50:70:e2:78:6f:ed:bd:4b:db:ba:9f:1c:c4:a1:
                    37:ca:0a:48:be:74:07:50:7f:bb:10:d1:ac:c5:4d:
                    43:d4:ab:f9:fd:86:c6:89:91:b8:a1:af:17:6d:d7:
                    0b:26:f9:62:7b:f7:40:b9:df:2a:3b:3e:b3:c7:eb:
                    ec:17:b7:f8:53:cc:14:61:d4:57:ea:a8:90:97:3d:
                    d3:c8:6b:85:19:18:7b:e7:7c:67:b6:e6:17:4a:2e:
                    97:66:24:9f:e1:5b:d1:d6:aa:06:74:e6:56:ab:5f:
                    a6:7b:78:86:f0:e4:76:9b:40:09:95:8f:a4:4a:51:
                    eb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:83:93:D7:C5:88:57:1B:C9:7F:73:CD:A1:C4:F9:83:6E:FA:4F:EA
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/iIOT18WIVxvJf3PNocT5g276T-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.113.0-151.240.114.255
                  151.242.72.0/24
                  151.242.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:16:7f:a5:fb:e5:b3:01:63:e8:13:d0:a0:51:cf:b1:70:80:
         92:71:b7:37:f3:0b:f8:d1:ad:50:76:9a:c9:70:c5:42:85:b1:
         35:ef:c9:43:0c:30:f8:4a:a2:aa:ec:3c:e9:05:25:a6:73:58:
         64:b8:2e:37:27:f0:a2:05:4a:ff:f5:bb:68:f9:24:44:50:2f:
         91:fe:93:a6:9d:e9:50:8c:80:9c:83:35:5f:97:8b:0e:2d:f4:
         91:d9:07:9c:7e:a5:bd:8c:e0:ca:ba:98:2f:45:9c:86:26:dd:
         30:e3:c6:32:81:35:ed:fc:b8:9f:cb:b9:47:7f:de:1a:49:c2:
         24:88:f7:fe:78:3f:ea:a4:f7:9d:c6:7c:a9:be:82:47:17:4c:
         77:18:24:02:f5:b6:04:41:42:cd:ae:2b:fa:76:ff:a5:0e:fd:
         c0:16:0e:f0:e5:70:fd:9e:56:ab:e5:86:ba:84:56:b4:fe:0b:
         ca:5c:20:32:8c:7e:f0:70:ea:d5:fe:99:7c:38:38:4c:f6:e0:
         3a:ea:d2:82:e8:1e:16:da:5a:64:41:1f:51:d4:cb:49:71:2b:
         e7:8c:9d:cf:e1:07:58:e4:f8:67:97:2c:10:9e:5a:d0:1b:6c:
         cd:7c:21:68:74:c6:37:3b:c2:5e:2c:39:3c:18:65:35:8d:a3:
         9c:3b:08:42
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZeMQzL5BKb1aWICp6Zy820LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIwMDczNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODgzOTNkN2M1ODg1NzFiYzk3ZjczY2RhMWM0Zjk4MzZlZmE0ZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriqpPj7jbGSu4WcayeHZeoQ3QuX3
nAZYy7NMMAulPfdh2gNGdnVsR3bPFYYn+LuJBCbWqpW8yKDnVQboR6Wmam/Kr13X
V/6oOaJkcc8hFv7tY5v2jB/5YQXussdiyM/lAtWiE0HLZ9/VrzT+fSbYkdEVAUjp
AAAPYgkCB5Jm3ABp8Co6nczoUHDieG/tvUvbup8cxKE3ygpIvnQHUH+7ENGsxU1D
1Kv5/YbGiZG4oa8XbdcLJvlie/dAud8qOz6zx+vsF7f4U8wUYdRX6qiQlz3TyGuF
GRh753xntuYXSi6XZiSf4VvR1qoGdOZWq1+me3iG8OR2m0AJlY+kSlHrOQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIiDk9fFiFcbyX9zzaHE+YNu+k/qMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvaUlPVDE4V0lWeHZKZjNQTm9jVDVnMjc2VC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBACX8HED
BACX8HIDBACX8kgDBACX8s8wDQYJKoZIhvcNAQELBQADggEBAGMWf6X75bMBY+gT
0KBRz7FwgJJxtzfzC/jRrVB2mslwxUKFsTXvyUMMMPhKoqrsPOkFJaZzWGS4Ljcn
8KIFSv/1u2j5JERQL5H+k6ad6VCMgJyDNV+Xiw4t9JHZB5x+pb2M4Mq6mC9FnIYm
3TDjxjKBNe38uJ/LuUd/3hpJwiSI9/54P+qk953GfKm+gkcXTHcYJAL1tgRBQs2u
K/p2/6UO/cAWDvDlcP2eVqvlhrqEVrT+C8pcIDKMfvBw6tX+mXw4OEz24Drq0oLo
HhbaWmRBH1HUy0lxK+eMnc/hB1jk+GeXLBCeWtAbbM18IWh0xjc7wl4sOTwYZTWN
o5w7CEI=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:10:23 2025 by rpki-client