Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RdmngjD4dxExsH-WjUYG4O_aPE8.roa
File:                     RdmngjD4dxExsH-WjUYG4O_aPE8.roa (raw, json)
Hash identifier:          sLxuo7OzPPP2vAWtLTrzLswi4SvVxwf/UF9JLPfohRw=
Subject key identifier:   45:D9:A7:82:30:F8:77:11:31:B0:7F:96:8D:46:06:E0:EF:DA:3C:4F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198FA59AA751360195105DE8A20393B991E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RdmngjD4dxExsH-WjUYG4O_aPE8.roa
Signing time:             Sat 30 Aug 2025 09:40:37 +0000
ROA not before:           Sat 30 Aug 2025 09:40:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215638
IP address blocks:        151.243.216.0/24 maxlen: 24
                          151.247.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Sep 2025 13:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fa:59:aa:75:13:60:19:51:05:de:8a:20:39:3b:99:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 30 09:40:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45d9a78230f8771131b07f968d4606e0efda3c4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7a:aa:42:ba:c2:29:7b:33:34:8f:8e:ee:fe:
                    0f:8d:71:b0:a3:12:77:74:70:22:cb:ad:9d:c8:b3:
                    8a:e1:e4:0f:cd:f9:1c:94:7c:6f:02:16:6a:60:94:
                    1a:59:98:e7:e1:66:82:ae:4f:69:64:cd:90:16:34:
                    bd:e4:53:df:6a:b1:f5:36:76:a1:16:38:70:65:8d:
                    53:64:02:a9:c4:62:cb:97:29:0f:70:cf:a1:b6:f6:
                    f8:3d:f3:d1:64:c1:f7:bc:a0:69:f4:0e:2d:33:e9:
                    ce:55:72:76:f3:b3:10:29:21:d6:a0:2e:4c:b3:f3:
                    36:68:09:d2:6c:9f:37:fb:b4:78:1e:b4:94:eb:46:
                    d7:6f:e6:d7:19:1e:ce:7e:17:85:bf:36:50:66:28:
                    cf:5c:52:18:a6:1f:b6:c7:1d:a2:03:08:bc:20:7e:
                    cd:6e:b0:04:be:e5:06:94:8e:0f:fe:f2:45:51:66:
                    3b:1d:bb:65:c2:34:e6:22:15:d8:76:ba:7a:b6:e1:
                    c5:02:0b:5c:0c:ab:d7:80:f4:28:ba:43:88:f3:df:
                    c6:55:11:01:70:37:a5:a7:5e:e9:8f:f1:0c:5d:2f:
                    84:82:01:00:16:4f:fd:90:42:c7:c7:51:47:25:07:
                    3e:d9:f6:68:e7:d3:97:9f:db:d9:33:2b:6a:f7:c7:
                    28:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D9:A7:82:30:F8:77:11:31:B0:7F:96:8D:46:06:E0:EF:DA:3C:4F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RdmngjD4dxExsH-WjUYG4O_aPE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.216.0/24
                  151.247.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:07:12:5c:60:b2:7b:03:90:ab:39:79:3b:16:83:28:82:03:
         3a:0b:3a:6a:7e:b8:a6:20:db:ac:af:22:cc:26:0b:be:34:7c:
         a6:bd:b8:3b:37:17:4d:46:b1:2c:54:55:1a:5e:50:40:35:e4:
         d8:b9:bc:01:47:54:8a:b9:fe:85:78:c3:6d:22:d3:fd:3b:40:
         a0:3d:9c:8c:95:a4:42:a8:4e:f4:1f:3b:e1:b3:33:89:94:3a:
         de:f7:53:05:99:03:21:18:73:c5:0f:18:4a:a7:1a:22:37:f5:
         4e:71:28:c5:f5:a3:e9:41:af:26:10:7d:96:b3:9f:a0:e4:c3:
         49:4d:56:60:bc:e3:55:51:41:07:f1:6c:38:07:a2:39:54:9c:
         f1:0c:fd:a1:de:1e:85:b7:82:01:b5:8d:c6:41:7f:ee:81:4b:
         8e:66:1f:3e:d0:9b:6b:67:b9:ce:61:c9:16:32:d5:31:18:d5:
         6a:30:f2:fc:23:57:da:7a:2f:4e:08:9b:92:57:84:25:00:f7:
         d0:20:93:8d:dd:28:0e:e3:d5:d6:10:25:5b:ea:e1:4d:34:fb:
         35:c0:1a:fd:e1:cc:cd:e8:9c:22:55:95:da:46:3f:3c:f0:b1:
         91:4c:5b:f2:d1:3d:68:23:a5:d8:08:9b:0a:0b:82:d5:93:17:
         c7:d0:c0:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZj6Wap1E2AZUQXeiiA5O5keMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODMwMDk0MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWQ5YTc4MjMwZjg3NzExMzFiMDdmOTY4ZDQ2MDZlMGVmZGEzYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XqqQrrCKXszNI+O7v4PjXGwoxJ3
dHAiy62dyLOK4eQPzfkclHxvAhZqYJQaWZjn4WaCrk9pZM2QFjS95FPfarH1Nnah
FjhwZY1TZAKpxGLLlykPcM+htvb4PfPRZMH3vKBp9A4tM+nOVXJ287MQKSHWoC5M
s/M2aAnSbJ83+7R4HrSU60bXb+bXGR7OfheFvzZQZijPXFIYph+2xx2iAwi8IH7N
brAEvuUGlI4P/vJFUWY7HbtlwjTmIhXYdrp6tuHFAgtcDKvXgPQoukOI89/GVREB
cDelp17pj/EMXS+EggEAFk/9kELHx1FHJQc+2fZo59OXn9vZMytq98coRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEXZp4Iw+HcRMbB/lo1GBuDv2jxPMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUmRtbmdqRDRkeEV4c0gtV2pVWUc0T19hUEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/PYAwQA
l/fTMA0GCSqGSIb3DQEBCwUAA4IBAQB3BxJcYLJ7A5CrOXk7FoMoggM6Czpqfrim
INusryLMJgu+NHymvbg7NxdNRrEsVFUaXlBANeTYubwBR1SKuf6FeMNtItP9O0Cg
PZyMlaRCqE70HzvhszOJlDre91MFmQMhGHPFDxhKpxoiN/VOcSjF9aPpQa8mEH2W
s5+g5MNJTVZgvONVUUEH8Ww4B6I5VJzxDP2h3h6Ft4IBtY3GQX/ugUuOZh8+0Jtr
Z7nOYckWMtUxGNVqMPL8I1faei9OCJuSV4QlAPfQIJON3SgO49XWECVb6uFNNPs1
wBr94czN6JwiVZXaRj888LGRTFvy0T1oI6XYCJsKC4LVkxfH0MBI
-----END CERTIFICATE-----