Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/ltJZ2aR5x60TKWiWAmS0-oj2c_k.roa
File:                     ltJZ2aR5x60TKWiWAmS0-oj2c_k.roa (raw, json)
Hash identifier:          34pWAkD5QJ94abRhTwOLQbh2Aksu0yZZqkvvoYsDUsI=
Subject key identifier:   96:D2:59:D9:A4:79:C7:AD:13:29:68:96:02:64:B4:FA:88:F6:73:F9
Certificate issuer:       /CN=159ba29a75ae1325c0382fb484b321d68d154384
Certificate serial:       0198FD84CF215527F99AB33AF992AFBB99AE
Authority key identifier: 15:9B:A2:9A:75:AE:13:25:C0:38:2F:B4:84:B3:21:D6:8D:15:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/ltJZ2aR5x60TKWiWAmS0-oj2c_k.roa
Signing time:             Sun 31 Aug 2025 00:26:36 +0000
ROA not before:           Sun 31 Aug 2025 00:26:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64236
IP address blocks:        217.61.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 21:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fd:84:cf:21:55:27:f9:9a:b3:3a:f9:92:af:bb:99:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=159ba29a75ae1325c0382fb484b321d68d154384
        Validity
            Not Before: Aug 31 00:26:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96d259d9a479c7ad132968960264b4fa88f673f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:20:2e:af:c4:9f:93:d4:cf:23:38:aa:56:7b:
                    84:e0:40:b2:72:d7:e8:05:12:af:1f:a8:90:0f:56:
                    33:26:73:ec:3e:c3:e7:4e:b7:61:4b:e7:b5:ef:bb:
                    38:35:35:b3:40:f0:78:f6:53:65:b7:57:25:95:28:
                    16:f6:9f:68:8d:7a:9a:59:54:69:f3:4b:28:ce:9d:
                    4a:3b:27:75:d5:89:6e:6a:1c:0f:7f:3a:80:74:16:
                    da:cb:23:e0:6c:f5:5e:24:11:0b:1f:06:58:f1:1d:
                    3c:0b:27:b4:9e:d4:5d:99:ce:02:e5:d8:d6:89:8c:
                    4d:81:35:4d:77:73:66:36:8c:79:41:d7:5e:fc:43:
                    79:da:f7:e7:2d:65:8c:aa:60:9d:15:8b:c0:47:3a:
                    e3:e2:e6:57:f2:a3:8a:36:02:af:c9:b3:a0:30:45:
                    bb:88:6e:8a:30:34:cf:37:09:01:70:63:c3:76:c5:
                    9b:dd:70:71:24:12:1f:83:3a:f6:a2:90:30:72:f7:
                    03:35:b9:3d:66:f9:d3:6c:41:af:97:f8:69:da:7f:
                    3f:b7:c4:eb:a4:85:b1:4a:ab:6c:11:55:82:b8:fc:
                    86:fd:e7:fa:c3:d7:58:bb:a3:04:0f:13:1f:41:5e:
                    ad:9d:b8:15:e9:6d:a8:41:0c:3f:8c:af:38:91:63:
                    68:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D2:59:D9:A4:79:C7:AD:13:29:68:96:02:64:B4:FA:88:F6:73:F9
            X509v3 Authority Key Identifier:
                keyid:15:9B:A2:9A:75:AE:13:25:C0:38:2F:B4:84:B3:21:D6:8D:15:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/ltJZ2aR5x60TKWiWAmS0-oj2c_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:03:a0:8c:da:31:c9:f8:81:35:de:64:91:e7:7f:c0:3e:d3:
         4c:49:a0:d0:ac:a5:a8:db:81:12:40:6a:69:1a:ac:e7:5a:67:
         b5:12:26:24:f8:d3:7d:5a:e9:8e:28:13:98:09:4b:1b:c2:e5:
         c9:27:07:31:af:de:66:de:d0:d8:87:4b:fc:fc:ff:47:7f:a1:
         63:fd:ef:c4:6c:57:9d:7b:f3:73:73:40:46:4a:75:22:23:68:
         51:6f:f0:0e:11:b7:66:e5:40:79:67:12:43:cd:6b:6c:43:a9:
         d6:5f:77:c7:56:38:cc:3e:70:84:bf:59:2b:ed:80:68:5b:0f:
         b1:90:df:7b:95:ee:d9:dd:c6:06:81:4b:a0:7f:45:fa:70:ef:
         21:fa:4b:2c:25:f8:d5:52:e4:ee:bc:92:37:f3:61:03:3c:93:
         55:5f:4b:66:58:22:a4:46:ef:83:e4:2e:a9:88:e7:62:a8:00:
         39:39:f9:5b:ea:9e:c7:b8:49:98:2a:60:37:4d:6a:ce:13:d1:
         f0:cb:2e:cd:2a:c5:d0:bf:bd:93:37:05:92:a0:2f:ea:d3:69:
         5c:a5:1d:c3:17:9d:ee:0c:98:09:da:64:1a:86:22:2b:a2:4e:
         ed:d1:d8:d2:df:1c:0a:47:a4:11:b2:8d:43:7d:8c:a6:a3:6a:
         a7:65:d1:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj9hM8hVSf5mrM6+ZKvu5muMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OWJhMjlhNzVhZTEzMjVjMDM4MmZiNDg0YjMyMWQ2OGQx
NTQzODQwHhcNMjUwODMxMDAyNjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQyNTlkOWE0NzljN2FkMTMyOTY4OTYwMjY0YjRmYTg4ZjY3M2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCAur8Sfk9TPIziqVnuE4ECyctfo
BRKvH6iQD1YzJnPsPsPnTrdhS+e177s4NTWzQPB49lNlt1cllSgW9p9ojXqaWVRp
80sozp1KOyd11YluahwPfzqAdBbayyPgbPVeJBELHwZY8R08Cye0ntRdmc4C5djW
iYxNgTVNd3NmNox5Qdde/EN52vfnLWWMqmCdFYvARzrj4uZX8qOKNgKvybOgMEW7
iG6KMDTPNwkBcGPDdsWb3XBxJBIfgzr2opAwcvcDNbk9ZvnTbEGvl/hp2n8/t8Tr
pIWxSqtsEVWCuPyG/ef6w9dYu6MEDxMfQV6tnbgV6W2oQQw/jK84kWNoxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbSWdmkecetEylolgJktPqI9nP5MB8GA1UdIwQY
MBaAFBWbopp1rhMlwDgvtISzIdaNFUOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlp1aW1uV3VFeVhBT0MtMGhMTWgxbzBWUTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zMDAxOTUtN2U3Yi00ZTk5LWE1MmQt
Y2FmNGZhMDcyNjgyLzEvbHRKWjJhUjV4NjBUS1dpV0FtUzAtb2oyY19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zMDAxOTUtN2U3Yi00ZTk5LWE1MmQtY2FmNGZhMDcyNjgy
LzEvRlp1aW1uV3VFeVhBT0MtMGhMTWgxbzBWUTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2T3wMA0G
CSqGSIb3DQEBCwUAA4IBAQBCA6CM2jHJ+IE13mSR53/APtNMSaDQrKWo24ESQGpp
GqznWme1EiYk+NN9WumOKBOYCUsbwuXJJwcxr95m3tDYh0v8/P9Hf6Fj/e/EbFed
e/Nzc0BGSnUiI2hRb/AOEbdm5UB5ZxJDzWtsQ6nWX3fHVjjMPnCEv1kr7YBoWw+x
kN97le7Z3cYGgUugf0X6cO8h+kssJfjVUuTuvJI382EDPJNVX0tmWCKkRu+D5C6p
iOdiqAA5Oflb6p7HuEmYKmA3TWrOE9Hwyy7NKsXQv72TNwWSoC/q02lcpR3DF53u
DJgJ2mQahiIrok7t0djS3xwKR6QRso1DfYymo2qnZdGd
-----END CERTIFICATE-----