Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EHnoxnkV6G0QrPGmE3r6AM5yxac.roa
File:                     EHnoxnkV6G0QrPGmE3r6AM5yxac.roa (raw, json)
Hash identifier:          r6EHO7Wxjdd37TW+Ql9i41Hqn1r7IHg7B5Da2u5L7GQ=
Subject key identifier:   10:79:E8:C6:79:15:E8:6D:10:AC:F1:A6:13:7A:FA:00:CE:72:C5:A7
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196F92E2D91BE9BA132B37BD7503B61491B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EHnoxnkV6G0QrPGmE3r6AM5yxac.roa
Signing time:             Thu 22 May 2025 18:07:55 +0000
ROA not before:           Thu 22 May 2025 18:07:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22427
IP address blocks:        151.242.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f9:2e:2d:91:be:9b:a1:32:b3:7b:d7:50:3b:61:49:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 22 18:07:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1079e8c67915e86d10acf1a6137afa00ce72c5a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ec:42:38:98:a2:a1:99:f1:78:47:cd:1b:05:
                    65:53:88:17:4c:41:27:70:a2:b4:47:ee:a5:ab:a7:
                    6e:8c:dc:fa:1a:5e:b5:6e:9a:ba:72:10:6b:13:9d:
                    9c:dc:ae:fe:4d:d7:d6:f0:61:6f:a1:06:6c:89:dd:
                    64:c5:3f:74:2f:1a:61:42:ea:e4:56:d2:a1:2e:42:
                    0a:26:3e:d2:eb:a9:07:a0:19:99:df:d8:66:5f:e5:
                    be:00:98:eb:cc:29:11:7e:3a:e2:00:c0:b3:f9:28:
                    c7:a1:fc:5a:0d:b9:bf:03:ef:76:4c:6d:3a:1c:22:
                    e8:95:39:8c:b4:a4:ba:51:9e:29:c4:73:ac:2d:21:
                    a1:1c:a7:05:92:c6:c0:8f:e8:43:9e:e5:e5:c5:6a:
                    ff:f4:c9:ba:a1:f6:5a:a6:cb:9c:3b:e0:af:4b:b5:
                    7a:c5:b7:8a:a9:de:37:81:12:03:ed:7f:b7:5c:14:
                    94:e8:26:7f:13:71:a4:71:5c:2d:0f:ca:dc:1c:95:
                    a2:51:6f:54:7f:9b:69:97:63:4e:b5:22:f6:ad:ce:
                    a4:28:7f:9e:56:b0:dc:da:d6:ca:bf:ec:d4:f8:26:
                    a3:eb:f1:dc:b0:b6:4d:d6:0c:09:04:36:90:f2:a7:
                    b8:85:29:b0:28:7c:cb:76:4c:1d:4b:fa:a0:4e:10:
                    fb:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:79:E8:C6:79:15:E8:6D:10:AC:F1:A6:13:7A:FA:00:CE:72:C5:A7
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EHnoxnkV6G0QrPGmE3r6AM5yxac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:81:5b:a0:17:ad:74:5e:0e:20:f6:e7:f1:e2:7b:bc:64:97:
         47:eb:44:e2:d0:35:92:fb:20:42:ae:6f:03:ef:01:ee:32:ad:
         34:99:7a:76:29:f7:ed:7c:56:44:f2:4d:a0:49:bb:e2:fe:10:
         b9:01:e4:9b:1f:07:8a:a8:fa:66:58:03:bf:e4:3f:49:b9:a4:
         b4:79:a3:cd:64:7b:ab:b7:72:2c:f6:f3:d9:b2:d4:32:af:d5:
         8b:b5:c1:54:a4:8a:35:5b:e6:58:bd:12:b1:b2:7b:38:3a:c4:
         2d:85:43:42:de:2a:c4:38:91:3a:2d:20:ae:2e:e7:b0:88:ac:
         de:54:87:57:ef:e0:d8:8d:90:8d:73:cf:e5:f3:d3:e3:ad:a9:
         76:03:ea:81:0c:df:4b:3b:4a:ca:22:83:19:e4:34:da:da:96:
         a6:55:b0:f3:27:b6:3c:c5:91:f2:71:22:84:94:9a:73:ed:66:
         04:d3:90:25:46:02:ce:95:92:e7:63:99:90:1d:21:50:e2:31:
         2b:92:6b:1a:aa:9e:b2:ef:f4:3a:ba:e4:8a:3f:6a:37:79:db:
         c1:1f:9d:52:9e:33:6e:28:35:23:93:d2:82:d3:d7:6c:5c:f1:
         5a:33:00:4e:de:43:1a:d4:fc:85:8f:58:38:47:ae:1f:bc:c1:
         c4:06:07:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb5Li2RvpuhMrN711A7YUkbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIyMTgwNzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDc5ZThjNjc5MTVlODZkMTBhY2YxYTYxMzdhZmEwMGNlNzJjNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuxCOJiioZnxeEfNGwVlU4gXTEEn
cKK0R+6lq6dujNz6Gl61bpq6chBrE52c3K7+TdfW8GFvoQZsid1kxT90LxphQurk
VtKhLkIKJj7S66kHoBmZ39hmX+W+AJjrzCkRfjriAMCz+SjHofxaDbm/A+92TG06
HCLolTmMtKS6UZ4pxHOsLSGhHKcFksbAj+hDnuXlxWr/9Mm6ofZapsucO+CvS7V6
xbeKqd43gRID7X+3XBSU6CZ/E3GkcVwtD8rcHJWiUW9Uf5tpl2NOtSL2rc6kKH+e
VrDc2tbKv+zU+Caj6/HcsLZN1gwJBDaQ8qe4hSmwKHzLdkwdS/qgThD7GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBB56MZ5FehtEKzxphN6+gDOcsWnMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRUhub3hua1Y2RzBRclBHbUUzcjZBTTV5eGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/J9MA0G
CSqGSIb3DQEBCwUAA4IBAQBJgVugF610Xg4g9ufx4nu8ZJdH60Ti0DWS+yBCrm8D
7wHuMq00mXp2KfftfFZE8k2gSbvi/hC5AeSbHweKqPpmWAO/5D9JuaS0eaPNZHur
t3Is9vPZstQyr9WLtcFUpIo1W+ZYvRKxsns4OsQthUNC3irEOJE6LSCuLuewiKze
VIdX7+DYjZCNc8/l89Pjral2A+qBDN9LO0rKIoMZ5DTa2pamVbDzJ7Y8xZHycSKE
lJpz7WYE05AlRgLOlZLnY5mQHSFQ4jErkmsaqp6y7/Q6uuSKP2o3edvBH51SnjNu
KDUjk9KC09dsXPFaMwBO3kMa1PyFj1g4R64fvMHEBgfZ
-----END CERTIFICATE-----