Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9_kMyzv1gw9xOX0nEG-V_BufZwc.roa
File:                     9_kMyzv1gw9xOX0nEG-V_BufZwc.roa (raw, json)
Hash identifier:          xJzhLl4s/KCjatvah/Nq56oRCiwzbYplJHeqmjqxHao=
Subject key identifier:   F7:F9:0C:CB:3B:F5:83:0F:71:39:7D:27:10:6F:95:FC:1B:9F:67:07
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019660DE1B5F06627C08C37263610EFD82BB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9_kMyzv1gw9xOX0nEG-V_BufZwc.roa
Signing time:             Wed 23 Apr 2025 04:18:10 +0000
ROA not before:           Wed 23 Apr 2025 04:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153787
IP address blocks:        151.242.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:60:de:1b:5f:06:62:7c:08:c3:72:63:61:0e:fd:82:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 23 04:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7f90ccb3bf5830f71397d27106f95fc1b9f6707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:61:e3:29:e2:f4:20:ae:67:4c:e1:78:d6:b2:
                    92:f8:dd:33:7f:3f:b0:68:6f:94:8c:24:3e:14:09:
                    ad:fd:7f:32:58:38:30:fb:f3:fd:1e:6d:96:38:cd:
                    34:29:65:fc:e6:14:cb:b8:94:02:34:38:a6:07:49:
                    57:ca:0f:9c:3e:8b:9f:29:9c:e5:5f:8a:f3:28:9e:
                    b9:72:79:c0:ff:3d:79:33:89:7a:f9:93:a5:82:78:
                    7b:89:79:ac:6c:bc:1c:91:04:07:1f:a0:81:09:da:
                    be:b6:d1:cd:e2:7e:20:76:36:74:ea:37:7a:27:e2:
                    12:52:dd:2b:ea:05:7c:63:a7:a3:2c:e7:5a:6d:2f:
                    20:c3:01:95:49:ce:8f:20:c5:ff:1a:f2:17:c0:e7:
                    ab:15:0d:7e:21:bc:c6:84:f9:db:b9:cb:40:9d:16:
                    e6:2b:c4:f1:82:80:87:39:fb:53:26:60:d3:fb:07:
                    5b:6a:98:37:ca:e3:b7:90:ff:29:3d:de:bd:fc:44:
                    8d:16:ac:68:27:82:be:4e:76:5e:af:e1:7a:a4:eb:
                    68:74:5f:8c:a4:e2:12:a9:1b:eb:74:b6:b0:e4:1c:
                    4a:2d:15:cb:ae:f3:49:88:4f:52:8f:75:d2:f0:af:
                    a3:b9:25:d8:b0:f0:25:00:18:0e:c2:47:aa:6c:fd:
                    7c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F9:0C:CB:3B:F5:83:0F:71:39:7D:27:10:6F:95:FC:1B:9F:67:07
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9_kMyzv1gw9xOX0nEG-V_BufZwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:e7:21:4b:e6:a1:f1:68:cf:60:d7:2a:08:8f:72:86:20:06:
         0b:e5:ee:94:cd:e4:53:51:d6:46:06:1a:7c:f8:50:5f:5a:a5:
         ac:f0:e2:1c:5c:5f:94:df:0c:26:98:1c:df:f6:fb:31:c2:3a:
         a1:df:cd:cc:6e:b8:6f:9a:cc:a8:78:d2:8c:c0:55:40:ce:28:
         0a:52:cb:5c:53:99:fe:e8:42:b0:8f:cd:bc:d4:62:40:72:80:
         e1:fd:f7:b6:03:91:10:28:fd:fd:48:1e:93:f6:95:46:ef:16:
         df:c8:3e:dd:35:9f:c9:af:b0:a1:1a:cc:80:27:1e:e0:08:23:
         06:8c:9b:4f:82:ad:ec:43:03:82:14:1c:2f:5d:49:90:46:63:
         df:87:88:03:cd:32:32:7a:33:35:87:e4:bf:10:aa:28:8c:dc:
         33:b0:5f:e0:d4:68:5a:02:61:be:5a:68:58:22:99:ef:3c:1f:
         8f:60:17:32:c8:fa:88:63:83:8d:1e:63:be:d5:55:8a:7b:a3:
         0c:8c:87:9c:b1:b0:5c:e5:fd:b4:3f:4c:fb:a3:1a:c6:10:54:
         51:a6:a5:af:67:8b:4e:ca:12:a4:a7:1f:ef:e0:36:3b:c0:e9:
         27:1e:bb:e1:2f:ab:ca:28:7c:6e:51:e5:3f:85:a5:bb:42:4d:
         94:ac:04:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZg3htfBmJ8CMNyY2EO/YK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDIzMDQxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Y5MGNjYjNiZjU4MzBmNzEzOTdkMjcxMDZmOTVmYzFiOWY2NzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2HjKeL0IK5nTOF41rKS+N0zfz+w
aG+UjCQ+FAmt/X8yWDgw+/P9Hm2WOM00KWX85hTLuJQCNDimB0lXyg+cPoufKZzl
X4rzKJ65cnnA/z15M4l6+ZOlgnh7iXmsbLwckQQHH6CBCdq+ttHN4n4gdjZ06jd6
J+ISUt0r6gV8Y6ejLOdabS8gwwGVSc6PIMX/GvIXwOerFQ1+IbzGhPnbuctAnRbm
K8TxgoCHOftTJmDT+wdbapg3yuO3kP8pPd69/ESNFqxoJ4K+TnZer+F6pOtodF+M
pOISqRvrdLaw5BxKLRXLrvNJiE9Sj3XS8K+juSXYsPAlABgOwkeqbP18KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPf5DMs79YMPcTl9JxBvlfwbn2cHMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOV9rTXl6djFndzl4T1gwbkVHLVZfQnVmWndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IiMA0G
CSqGSIb3DQEBCwUAA4IBAQA55yFL5qHxaM9g1yoIj3KGIAYL5e6UzeRTUdZGBhp8
+FBfWqWs8OIcXF+U3wwmmBzf9vsxwjqh383MbrhvmsyoeNKMwFVAzigKUstcU5n+
6EKwj8281GJAcoDh/fe2A5EQKP39SB6T9pVG7xbfyD7dNZ/Jr7ChGsyAJx7gCCMG
jJtPgq3sQwOCFBwvXUmQRmPfh4gDzTIyejM1h+S/EKoojNwzsF/g1GhaAmG+WmhY
IpnvPB+PYBcyyPqIY4ONHmO+1VWKe6MMjIecsbBc5f20P0z7oxrGEFRRpqWvZ4tO
yhKkpx/v4DY7wOknHrvhL6vKKHxuUeU/haW7Qk2UrARF
-----END CERTIFICATE-----
Generated at Sat Jun 14 08:49:07 2025 by rpki-client