Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6xQpdVW8pFdThc3U1h0CYdj-hmQ.roa
File:                     6xQpdVW8pFdThc3U1h0CYdj-hmQ.roa (raw, json)
Hash identifier:          tNiVYrEpm/jWhDRhQXKFwm2mYaVtEN0X1kPQ5vKDt1A=
Subject key identifier:   EB:14:29:75:55:BC:A4:57:53:85:CD:D4:D6:1D:02:61:D8:FE:86:64
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0195D8FE27F56AA89FDD43C72034D5CF1AB7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6xQpdVW8pFdThc3U1h0CYdj-hmQ.roa
Signing time:             Thu 27 Mar 2025 19:04:49 +0000
ROA not before:           Thu 27 Mar 2025 19:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59642
IP address blocks:        151.242.252.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d8:fe:27:f5:6a:a8:9f:dd:43:c7:20:34:d5:cf:1a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 27 19:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb14297555bca4575385cdd4d61d0261d8fe8664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:38:d4:63:2d:2c:db:e4:e8:bb:e1:dc:62:6a:
                    09:de:5f:51:de:3f:12:5e:24:5f:7f:00:23:68:ae:
                    39:de:e7:20:c2:b3:cb:d6:fa:fa:5f:8d:05:cb:ca:
                    c4:ac:07:ce:e4:50:6f:bd:45:56:c5:9f:95:93:c7:
                    99:94:3c:10:68:c3:bc:5d:db:fa:43:75:63:fa:9a:
                    2e:1c:44:47:fc:b6:cc:e1:a8:f4:2a:e1:09:07:9b:
                    62:3e:9d:ca:f3:74:7f:f9:2b:87:44:c3:c6:bb:75:
                    64:c3:d4:f0:48:0a:db:cd:6b:b8:0f:55:bc:06:5c:
                    fc:b9:bd:5c:f8:da:cc:12:64:83:16:eb:ea:11:10:
                    c2:93:7b:2c:96:89:d3:05:95:dc:25:47:0a:64:01:
                    23:99:98:1a:34:95:dc:9e:eb:64:61:c6:59:c7:56:
                    52:98:3d:59:6b:9a:a0:e4:7e:8b:fc:bc:0d:64:5c:
                    01:b3:95:44:ab:58:60:d2:28:50:5c:ab:2c:15:79:
                    11:fb:54:18:61:81:1a:0b:d7:e6:3d:73:f5:56:3c:
                    42:8f:9d:30:34:af:e5:1a:c7:57:f7:40:36:d1:31:
                    2b:b2:46:2f:54:8c:33:54:8e:db:47:36:f8:d6:82:
                    21:94:e0:66:0c:87:50:ca:7c:aa:e3:1b:91:3d:7b:
                    f6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:14:29:75:55:BC:A4:57:53:85:CD:D4:D6:1D:02:61:D8:FE:86:64
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6xQpdVW8pFdThc3U1h0CYdj-hmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:39:57:56:eb:55:8e:02:25:79:61:fb:68:82:0f:de:fb:bf:
         97:47:fc:7c:5b:35:2f:fe:47:04:fa:37:a3:4f:28:6d:0a:5f:
         62:ee:06:39:d3:96:cb:8f:cf:a0:f6:d8:08:9b:e9:85:27:91:
         f7:a6:65:a3:f0:a7:1a:d7:9b:e7:a4:20:41:c9:15:9d:18:39:
         7c:d1:6a:a8:ee:22:cc:00:fb:aa:2e:c1:ec:89:f8:9b:65:9f:
         71:47:d9:63:6f:52:b2:68:cf:25:23:15:02:17:9b:0c:28:eb:
         e3:23:14:eb:fb:21:f5:b0:c0:76:68:69:ad:96:8f:79:39:f7:
         c6:b5:2f:e3:71:a5:9f:bf:36:f0:1f:ab:98:36:d1:9c:17:1b:
         5d:cb:6a:08:cc:36:c8:5f:b0:58:be:04:4a:74:be:fc:f1:20:
         0d:49:9c:28:1f:ec:f1:e3:28:49:10:d9:4e:e9:38:d7:59:aa:
         df:c4:e2:78:c7:9d:7b:fe:03:a6:a2:d9:4b:ab:8b:0c:3e:62:
         e6:08:07:ce:5a:a8:cb:e4:57:d7:66:a0:7e:59:89:62:e6:10:
         b6:f9:ba:15:b0:df:20:c4:b4:d3:01:d6:18:ef:02:fa:89:4f:
         14:2b:92:d3:d4:95:09:18:3e:5a:b0:ab:0c:e2:da:ba:5f:c9:
         81:07:f8:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXY/if1aqif3UPHIDTVzxq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMzI3MTkwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjE0Mjk3NTU1YmNhNDU3NTM4NWNkZDRkNjFkMDI2MWQ4ZmU4NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzjUYy0s2+Tou+HcYmoJ3l9R3j8S
XiRffwAjaK453ucgwrPL1vr6X40Fy8rErAfO5FBvvUVWxZ+Vk8eZlDwQaMO8Xdv6
Q3Vj+pouHERH/LbM4aj0KuEJB5tiPp3K83R/+SuHRMPGu3Vkw9TwSArbzWu4D1W8
Blz8ub1c+NrMEmSDFuvqERDCk3sslonTBZXcJUcKZAEjmZgaNJXcnutkYcZZx1ZS
mD1Za5qg5H6L/LwNZFwBs5VEq1hg0ihQXKssFXkR+1QYYYEaC9fmPXP1VjxCj50w
NK/lGsdX90A20TErskYvVIwzVI7bRzb41oIhlOBmDIdQynyq4xuRPXv2KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsUKXVVvKRXU4XN1NYdAmHY/oZkMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNnhRcGRWVzhwRmRUaGMzVTFoMENZZGotaG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/L8MA0G
CSqGSIb3DQEBCwUAA4IBAQC4OVdW61WOAiV5Yftogg/e+7+XR/x8WzUv/kcE+jej
TyhtCl9i7gY505bLj8+g9tgIm+mFJ5H3pmWj8Kca15vnpCBByRWdGDl80Wqo7iLM
APuqLsHsifibZZ9xR9ljb1KyaM8lIxUCF5sMKOvjIxTr+yH1sMB2aGmtlo95OffG
tS/jcaWfvzbwH6uYNtGcFxtdy2oIzDbIX7BYvgRKdL788SANSZwoH+zx4yhJENlO
6TjXWarfxOJ4x517/gOmotlLq4sMPmLmCAfOWqjL5FfXZqB+WYli5hC2+boVsN8g
xLTTAdYY7wL6iU8UK5LT1JUJGD5asKsM4tq6X8mBB/ix
-----END CERTIFICATE-----