Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/T33Ri4PNpdTxYxNwO8xSaSwjngs.roa
File:                     T33Ri4PNpdTxYxNwO8xSaSwjngs.roa (raw, json)
Hash identifier:          ccCbLKEnl9cP70PY4mtDK97LWT2GNcO6CcQkvX2ab1c=
Subject key identifier:   4F:7D:D1:8B:83:CD:A5:D4:F1:63:13:70:3B:CC:52:69:2C:23:9E:0B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01990DEB6FEF055EBD761AA791D86CA06B49
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/T33Ri4PNpdTxYxNwO8xSaSwjngs.roa
Signing time:             Wed 03 Sep 2025 04:52:37 +0000
ROA not before:           Wed 03 Sep 2025 04:52:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30083
IP address blocks:        151.243.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Sep 2025 13:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0d:eb:6f:ef:05:5e:bd:76:1a:a7:91:d8:6c:a0:6b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep  3 04:52:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f7dd18b83cda5d4f16313703bcc52692c239e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:76:22:8d:c8:dc:c8:ea:ae:a5:e9:77:b6:fa:
                    3d:98:19:78:96:3c:b6:fb:c4:7f:4c:3b:ec:48:48:
                    0d:4c:24:75:8d:8f:7d:a2:bf:22:8b:02:54:65:62:
                    46:ea:7b:ae:45:0a:f5:19:0b:ef:6d:82:ed:1c:18:
                    cf:cd:80:c6:42:ce:7e:68:23:e1:8b:02:b2:40:a9:
                    bf:fc:28:2d:fc:2e:e2:4a:62:6b:04:85:c5:c3:ba:
                    d3:a1:59:b0:ea:bd:15:1e:72:be:c1:ec:df:64:8f:
                    82:28:5e:ab:f1:43:b4:7e:17:33:55:73:ac:73:de:
                    95:be:95:a0:1c:7d:4d:50:03:fc:bc:c9:02:a5:56:
                    e9:14:81:9c:4a:07:f7:bb:4c:ea:2a:34:63:4e:0e:
                    08:83:a5:49:56:25:aa:d7:39:d8:33:55:2e:53:f4:
                    1e:63:86:f6:ac:07:43:4f:bf:aa:ed:98:89:c3:b7:
                    a9:35:87:a8:7f:d2:4f:09:3b:97:db:c1:d4:2b:cd:
                    59:ba:9b:30:48:46:7e:7a:2e:5b:ad:ed:f3:87:9f:
                    7c:54:a1:85:8b:b7:f4:31:3b:51:a7:9c:1f:3f:f5:
                    dd:f3:c4:dd:94:bd:6e:6c:45:b7:67:b4:bf:30:fb:
                    24:75:07:9e:ce:4c:39:62:d4:48:40:04:d6:2c:c8:
                    cc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:7D:D1:8B:83:CD:A5:D4:F1:63:13:70:3B:CC:52:69:2C:23:9E:0B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/T33Ri4PNpdTxYxNwO8xSaSwjngs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:e7:af:6b:19:d6:2c:06:d9:4d:62:1a:db:1f:4f:a4:8e:c6:
         75:da:fc:3b:c4:06:31:84:af:05:6d:ed:fd:6d:c4:a5:53:93:
         24:6a:14:be:f1:4d:aa:e5:94:f4:13:4d:19:b7:e4:d4:64:4a:
         d6:1f:bf:9a:1a:00:54:e8:8e:51:47:3d:e0:46:0c:14:e9:c7:
         c9:e8:9b:cc:ca:13:16:20:72:d8:c5:97:a6:31:80:28:13:7f:
         78:57:01:39:fa:a4:de:ab:55:b5:07:5c:4d:88:13:c4:12:84:
         07:9c:f6:ff:f1:4c:81:74:79:4c:af:9d:96:d7:6a:80:f5:57:
         80:bc:29:30:59:78:86:1b:b1:5e:22:2d:c7:93:9f:68:a9:60:
         04:51:53:3f:1a:06:67:69:a1:23:d6:99:fc:3c:93:3c:e2:10:
         2f:36:cb:72:0f:33:c9:f4:fb:0b:f3:a4:2c:d1:2a:e7:7e:13:
         d6:ac:7b:c8:0e:5e:e8:a2:21:38:42:4c:0d:bc:65:20:ab:22:
         e3:83:e9:02:98:f1:e7:73:91:e7:d1:a1:61:0c:c3:52:ea:29:
         37:0d:8b:34:29:b9:b3:ee:33:8f:25:e5:a7:e5:fd:7c:4e:36:
         42:b4:ba:df:e4:16:a9:70:27:27:cc:dc:c4:4a:e4:3b:bd:9c:
         08:80:bd:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkN62/vBV69dhqnkdhsoGtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTAzMDQ1MjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjdkZDE4YjgzY2RhNWQ0ZjE2MzEzNzAzYmNjNTI2OTJjMjM5ZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXYijcjcyOqupel3tvo9mBl4ljy2
+8R/TDvsSEgNTCR1jY99or8iiwJUZWJG6nuuRQr1GQvvbYLtHBjPzYDGQs5+aCPh
iwKyQKm//Cgt/C7iSmJrBIXFw7rToVmw6r0VHnK+wezfZI+CKF6r8UO0fhczVXOs
c96VvpWgHH1NUAP8vMkCpVbpFIGcSgf3u0zqKjRjTg4Ig6VJViWq1znYM1UuU/Qe
Y4b2rAdDT7+q7ZiJw7epNYeof9JPCTuX28HUK81ZupswSEZ+ei5bre3zh598VKGF
i7f0MTtRp5wfP/Xd88TdlL1ubEW3Z7S/MPskdQeezkw5YtRIQATWLMjMwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE990YuDzaXU8WMTcDvMUmksI54LMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVDMzUmk0UE5wZFR4WXhOd084eFNhU3dqbmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/PJMA0G
CSqGSIb3DQEBCwUAA4IBAQC3569rGdYsBtlNYhrbH0+kjsZ12vw7xAYxhK8Fbe39
bcSlU5MkahS+8U2q5ZT0E00Zt+TUZErWH7+aGgBU6I5RRz3gRgwU6cfJ6JvMyhMW
IHLYxZemMYAoE394VwE5+qTeq1W1B1xNiBPEEoQHnPb/8UyBdHlMr52W12qA9VeA
vCkwWXiGG7FeIi3Hk59oqWAEUVM/GgZnaaEj1pn8PJM84hAvNstyDzPJ9PsL86Qs
0SrnfhPWrHvIDl7ooiE4QkwNvGUgqyLjg+kCmPHnc5Hn0aFhDMNS6ik3DYs0Kbmz
7jOPJeWn5f18TjZCtLrf5BapcCcnzNzESuQ7vZwIgL3f
-----END CERTIFICATE-----