Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/Dhf6hENKCgBPWn0_8VTvdh6jIC8.roa
File:                     Dhf6hENKCgBPWn0_8VTvdh6jIC8.roa (raw, json)
Hash identifier:          UxIh0PHla0uv66zOqrUpZ+0yVSengq0mJp9xGwF6Rb4=
Subject key identifier:   0E:17:FA:84:43:4A:0A:00:4F:5A:7D:3F:F1:54:EF:76:1E:A3:20:2F
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       0196A9F96D0E7EF10FA91EF9E53C784F88BC
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/Dhf6hENKCgBPWn0_8VTvdh6jIC8.roa
Signing time:             Wed 07 May 2025 09:00:17 +0000
ROA not before:           Wed 07 May 2025 09:00:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41663
IP address blocks:        151.251.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a9:f9:6d:0e:7e:f1:0f:a9:1e:f9:e5:3c:78:4f:88:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: May  7 09:00:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e17fa84434a0a004f5a7d3ff154ef761ea3202f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:d8:27:71:56:bf:af:f7:59:53:53:1f:18:76:
                    1a:43:c8:fd:3f:fe:67:ba:b9:9b:38:b1:ab:92:78:
                    e8:69:32:25:81:33:53:e3:dc:4d:62:5a:37:7a:7d:
                    75:d1:22:37:b9:8b:d1:a4:09:33:52:3f:47:56:d4:
                    24:6f:04:3c:e7:80:5a:7b:6a:ee:ce:e1:af:35:89:
                    8b:2f:44:60:d3:d1:33:14:30:78:bd:4e:08:96:c2:
                    75:ea:22:cf:76:37:71:ff:d2:7a:a6:87:41:7c:96:
                    f1:c9:f3:7f:e6:69:96:c4:12:91:44:ee:d5:3a:88:
                    bd:a2:9e:29:79:22:2a:36:19:4d:e4:39:79:ad:2f:
                    76:30:c8:7e:e2:c4:9a:46:ec:34:85:64:cf:d9:fb:
                    96:67:52:e7:33:48:ca:b7:0e:cb:8f:d4:9f:92:16:
                    66:25:ae:9b:27:18:f0:23:d5:81:9e:0d:6a:90:3e:
                    a6:35:f4:d3:45:23:9e:d6:2c:23:62:4b:28:93:20:
                    d1:92:47:5b:7c:c7:60:a7:a7:e0:34:55:39:bd:81:
                    e1:5b:3d:53:45:b2:55:cb:40:96:ad:4e:be:98:b7:
                    0b:39:ad:98:79:64:f7:bf:ed:0d:3d:a6:aa:99:f4:
                    6e:4f:57:3e:27:cf:fe:01:cf:e0:9c:7a:23:b5:76:
                    48:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:17:FA:84:43:4A:0A:00:4F:5A:7D:3F:F1:54:EF:76:1E:A3:20:2F
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/Dhf6hENKCgBPWn0_8VTvdh6jIC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.251.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:bf:d0:5a:f9:51:1a:d5:47:d1:62:b3:b0:b6:c1:c6:ef:ad:
         91:68:02:01:72:74:35:de:d8:95:28:ee:48:7e:88:93:64:b7:
         6c:b4:d4:99:3e:0d:eb:9f:b4:ee:29:1a:15:f0:5f:a9:40:e3:
         0e:0a:ff:7e:7b:61:b8:20:68:ab:87:b5:9c:09:2f:c7:24:32:
         af:34:4c:ba:e4:d1:4c:41:14:86:de:a8:7f:68:85:f3:a5:5b:
         83:67:ba:1f:bc:6c:7d:6a:16:b2:7d:71:e0:e0:64:f5:aa:8c:
         b5:d1:4c:e6:02:bc:87:2e:fa:a8:11:91:37:72:e8:db:fe:a8:
         5c:e7:69:45:c3:e6:a0:44:c6:9e:67:8a:8b:f3:0f:79:3c:7f:
         b5:99:38:6c:ad:4a:29:6d:29:8e:b7:2c:48:86:e4:3a:a1:26:
         f4:f4:4a:b3:11:6d:02:cb:c8:86:98:e7:d2:a0:20:09:a7:59:
         b1:4c:14:de:e6:68:29:13:bd:54:2a:06:8d:8c:4c:e0:54:80:
         cb:2d:4b:de:11:7a:8f:47:4b:27:b6:e5:0d:5e:e6:33:87:fe:
         48:fe:b3:e8:65:55:40:4d:b4:ed:5f:32:e6:d8:88:58:d3:84:
         ee:5f:1e:10:60:e1:ad:33:65:5e:b4:18:76:6a:7b:42:ca:89:
         bf:dc:22:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZap+W0OfvEPqR755Tx4T4i8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwNTA3MDkwMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE3ZmE4NDQzNGEwYTAwNGY1YTdkM2ZmMTU0ZWY3NjFlYTMyMDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NgncVa/r/dZU1MfGHYaQ8j9P/5n
urmbOLGrknjoaTIlgTNT49xNYlo3en110SI3uYvRpAkzUj9HVtQkbwQ854Bae2ru
zuGvNYmLL0Rg09EzFDB4vU4IlsJ16iLPdjdx/9J6podBfJbxyfN/5mmWxBKRRO7V
Ooi9op4peSIqNhlN5Dl5rS92MMh+4sSaRuw0hWTP2fuWZ1LnM0jKtw7Lj9SfkhZm
Ja6bJxjwI9WBng1qkD6mNfTTRSOe1iwjYksokyDRkkdbfMdgp6fgNFU5vYHhWz1T
RbJVy0CWrU6+mLcLOa2YeWT3v+0NPaaqmfRuT1c+J8/+Ac/gnHojtXZIAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4X+oRDSgoAT1p9P/FU73YeoyAvMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvRGhmNmhFTktDZ0JQV24wXzhWVHZkaDZqSUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/tIMA0G
CSqGSIb3DQEBCwUAA4IBAQBlv9Ba+VEa1UfRYrOwtsHG762RaAIBcnQ13tiVKO5I
foiTZLdstNSZPg3rn7TuKRoV8F+pQOMOCv9+e2G4IGirh7WcCS/HJDKvNEy65NFM
QRSG3qh/aIXzpVuDZ7ofvGx9ahayfXHg4GT1qoy10UzmAryHLvqoEZE3cujb/qhc
52lFw+agRMaeZ4qL8w95PH+1mThsrUopbSmOtyxIhuQ6oSb09EqzEW0Cy8iGmOfS
oCAJp1mxTBTe5mgpE71UKgaNjEzgVIDLLUveEXqPR0sntuUNXuYzh/5I/rPoZVVA
TbTtXzLm2IhY04TuXx4QYOGtM2VetBh2antCyom/3CLd
-----END CERTIFICATE-----