Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/007tkEVVbeFdWC23lHAVlj7iq8w.roa
File:                     007tkEVVbeFdWC23lHAVlj7iq8w.roa (raw, json)
Hash identifier:          kSFF2+OZuHvMqh9IGxR+H46ZzCgGbLBZK6uLjGqAPsw=
Subject key identifier:   D3:4E:ED:90:45:55:6D:E1:5D:58:2D:B7:94:70:15:96:3E:E2:AB:CC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194B03A20F58711C5B9681AFF9679EFF10D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/007tkEVVbeFdWC23lHAVlj7iq8w.roa
Signing time:             Wed 29 Jan 2025 04:03:07 +0000
ROA not before:           Wed 29 Jan 2025 04:03:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400941
IP address blocks:        151.243.90.0/24 maxlen: 24
                          151.243.91.0/24 maxlen: 24
                          151.243.92.0/24 maxlen: 24
                          151.243.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 06:39:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b0:3a:20:f5:87:11:c5:b9:68:1a:ff:96:79:ef:f1:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 29 04:03:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d34eed9045556de15d582db7947015963ee2abcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e7:d4:09:4d:40:53:47:16:4f:78:2d:25:41:
                    7c:08:56:53:c5:8b:fd:d9:d4:84:f5:53:31:14:05:
                    1e:8d:e7:e5:43:c0:32:ae:ef:e6:9e:88:7b:90:93:
                    92:3f:33:35:5a:d4:70:8b:43:de:6c:83:9b:71:6a:
                    3f:79:cb:ef:7a:48:ec:8f:6d:5a:60:cd:b7:9d:bd:
                    44:b6:1d:97:6b:be:b6:96:17:e4:67:69:ce:a0:c9:
                    95:f2:46:b5:ce:f7:73:93:78:f8:d0:e6:7f:ca:fa:
                    19:62:9d:f1:13:71:b9:14:e0:1e:cf:ae:63:f5:6e:
                    f9:0d:04:3f:cb:93:42:ff:99:f6:86:d8:57:6f:ac:
                    72:20:8f:b8:48:76:70:ab:37:f6:29:f5:7f:94:13:
                    78:18:e0:eb:38:e2:d5:80:49:a1:60:e1:06:79:84:
                    03:5d:f4:52:3b:18:38:5a:83:b8:90:cb:0e:b2:1f:
                    98:f5:26:74:d3:2c:40:2d:9a:91:3b:99:f5:49:14:
                    8b:22:ac:43:8e:aa:b7:c7:a1:75:9d:b9:c7:b4:70:
                    64:86:9f:78:13:41:be:93:e4:59:5b:b3:83:23:dc:
                    3f:2f:f8:40:61:0a:c1:7c:91:d8:c5:6c:9d:93:14:
                    c5:f1:fc:07:31:a7:b7:85:2c:dd:44:46:14:2e:8b:
                    b5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:4E:ED:90:45:55:6D:E1:5D:58:2D:B7:94:70:15:96:3E:E2:AB:CC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/007tkEVVbeFdWC23lHAVlj7iq8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.90.0-151.243.92.255
                  151.243.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:a3:bc:29:7c:47:c6:6e:f5:fb:66:f1:18:9a:fe:e8:d2:bf:
         2f:df:a0:16:e7:01:43:cb:af:40:be:42:d8:32:6e:1a:67:5d:
         d3:2e:82:3d:57:3d:c6:55:93:bc:8e:a5:39:09:81:93:88:3f:
         1b:e4:e9:95:17:51:69:14:eb:84:80:6e:9f:4f:8f:a5:5d:03:
         ff:e6:99:b5:a0:ef:0b:82:d7:db:e2:2c:76:64:ca:6a:0d:43:
         83:d3:59:12:c0:b5:34:6a:4e:1f:6f:89:53:e8:cf:0d:08:81:
         b7:b6:0f:81:69:85:6b:44:ba:c3:c0:ab:74:e7:67:09:50:20:
         13:60:c6:4e:a5:be:2c:00:e6:33:b7:4c:7b:b0:1d:40:43:34:
         3b:88:f7:61:77:e6:09:1c:1b:8f:15:fa:b7:45:14:5c:46:28:
         25:e0:10:0e:f7:db:7e:64:cb:c2:d7:77:68:bf:c3:b9:9d:24:
         42:99:12:2b:7b:d6:83:b4:30:76:da:92:6f:a0:3e:e8:01:81:
         f7:a7:2d:ef:89:8c:17:d4:64:09:2e:87:5e:50:3c:43:41:91:
         49:5a:2d:70:c4:e1:10:ea:22:4f:a2:ce:53:3d:57:93:de:86:
         60:47:49:c1:fa:06:22:61:15:f4:eb:88:9d:c2:ea:8c:bc:4a:
         70:fc:28:72
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZSwOiD1hxHFuWga/5Z57/ENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTI5MDQwMzA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzRlZWQ5MDQ1NTU2ZGUxNWQ1ODJkYjc5NDcwMTU5NjNlZTJhYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoufUCU1AU0cWT3gtJUF8CFZTxYv9
2dSE9VMxFAUejeflQ8Ayru/mnoh7kJOSPzM1WtRwi0PebIObcWo/ecvvekjsj21a
YM23nb1Eth2Xa762lhfkZ2nOoMmV8ka1zvdzk3j40OZ/yvoZYp3xE3G5FOAez65j
9W75DQQ/y5NC/5n2hthXb6xyII+4SHZwqzf2KfV/lBN4GODrOOLVgEmhYOEGeYQD
XfRSOxg4WoO4kMsOsh+Y9SZ00yxALZqRO5n1SRSLIqxDjqq3x6F1nbnHtHBkhp94
E0G+k+RZW7ODI9w/L/hAYQrBfJHYxWydkxTF8fwHMae3hSzdREYULou1jwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNNO7ZBFVW3hXVgtt5RwFZY+4qvMMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMDA3dGtFVlZiZUZkV0MyM2xIQVZsajdpcTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAGX81oD
BACX81wDBACX814wDQYJKoZIhvcNAQELBQADggEBAFujvCl8R8Zu9ftm8Ria/ujS
vy/foBbnAUPLr0C+QtgybhpnXdMugj1XPcZVk7yOpTkJgZOIPxvk6ZUXUWkU64SA
bp9Pj6VdA//mmbWg7wuC19viLHZkymoNQ4PTWRLAtTRqTh9viVPozw0Igbe2D4Fp
hWtEusPAq3TnZwlQIBNgxk6lviwA5jO3THuwHUBDNDuI92F35gkcG48V+rdFFFxG
KCXgEA73235ky8LXd2i/w7mdJEKZEit71oO0MHbakm+gPugBgfenLe+JjBfUZAku
h15QPENBkUlaLXDE4RDqIk+izlM9V5PehmBHScH6BiJhFfTriJ3C6oy8SnD8KHI=
-----END CERTIFICATE-----