Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cnLn2NGmIrcPfIecpyaem_QPBuY.roa
File:                     cnLn2NGmIrcPfIecpyaem_QPBuY.roa (raw, json)
Hash identifier:          JkMk2w4g7DtSOIdEYPEUZoEBMjiDiH9wDbys2MZ8hv0=
Subject key identifier:   72:72:E7:D8:D1:A6:22:B7:0F:7C:87:9C:A7:26:9E:9B:F4:0F:06:E6
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01973B5E3148C51C8E66AB1AB190614FA228
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cnLn2NGmIrcPfIecpyaem_QPBuY.roa
Signing time:             Wed 04 Jun 2025 14:35:18 +0000
ROA not before:           Wed 04 Jun 2025 14:35:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        151.240.45.0/24 maxlen: 24
                          151.242.45.0/24 maxlen: 24
                          151.242.57.0/24 maxlen: 24
                          151.242.158.0/24 maxlen: 24
                          151.242.204.0/22 maxlen: 22
                          151.243.2.0/24 maxlen: 24
                          151.243.105.0/24 maxlen: 24
                          151.243.159.0/24 maxlen: 24
                          151.243.248.0/22 maxlen: 22
                          151.244.57.0/24 maxlen: 24
                          151.244.111.0/24 maxlen: 24
                          151.244.115.0/24 maxlen: 24
                          151.245.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 04:08:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:5e:31:48:c5:1c:8e:66:ab:1a:b1:90:61:4f:a2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  4 14:35:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7272e7d8d1a622b70f7c879ca7269e9bf40f06e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d0:6c:55:69:32:69:b6:c8:52:32:70:c7:81:
                    0d:27:5b:44:4f:11:c8:a2:01:a2:06:aa:7e:ea:03:
                    70:2a:3d:15:28:20:6e:25:93:6b:6d:cc:45:b4:66:
                    93:3c:91:a4:a1:74:d1:c2:77:5a:67:a1:20:25:b6:
                    92:b2:65:52:b2:c4:64:d4:cd:72:09:71:1e:dc:ad:
                    3c:77:c0:ca:7a:e3:ae:8b:e5:c2:2e:e5:8e:e7:e2:
                    61:3a:9b:1c:8e:25:c4:bd:f8:7b:c9:ae:a3:33:28:
                    4b:4b:e4:55:42:bd:b6:de:fb:07:11:de:b6:19:06:
                    31:01:b8:02:60:8e:07:7b:4e:c5:65:5c:b6:57:dc:
                    a1:a8:b2:53:95:48:08:d4:62:7d:66:12:ea:fc:d6:
                    b3:e7:a0:43:a6:21:65:4c:c3:5e:72:64:48:98:9e:
                    a0:d4:5d:58:da:79:4f:f4:c3:10:96:02:0e:45:2b:
                    81:f4:1b:d3:71:72:7a:98:2b:e8:5d:68:74:69:e5:
                    cc:48:cf:30:9f:93:78:1b:5d:8f:40:8c:8e:0c:a6:
                    b6:76:9b:90:a7:4c:09:d1:de:4b:22:50:8f:7d:3a:
                    4c:cd:8f:b3:a5:9c:a7:31:88:b3:77:5f:39:bd:8b:
                    0b:21:c9:37:c0:0d:05:e7:61:2c:da:f8:6f:c8:6f:
                    b6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:72:E7:D8:D1:A6:22:B7:0F:7C:87:9C:A7:26:9E:9B:F4:0F:06:E6
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cnLn2NGmIrcPfIecpyaem_QPBuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.45.0/24
                  151.242.45.0/24
                  151.242.57.0/24
                  151.242.158.0/24
                  151.242.204.0/22
                  151.243.2.0/24
                  151.243.105.0/24
                  151.243.159.0/24
                  151.243.248.0/22
                  151.244.57.0/24
                  151.244.111.0/24
                  151.244.115.0/24
                  151.245.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:56:97:7a:29:88:f8:01:e3:e0:e2:5b:0e:2b:fa:53:aa:b0:
         02:98:43:2c:6b:66:68:83:0f:d6:fc:b3:b2:b3:8a:43:4f:8a:
         65:dc:71:71:c2:4a:3b:68:78:1b:1c:50:58:f1:44:c8:3c:5f:
         07:15:ff:db:0a:a5:f5:f0:61:3d:22:67:42:e9:81:f1:5c:9b:
         03:be:65:c6:71:16:bd:b6:79:01:84:f2:9c:89:bc:85:f9:45:
         9b:1c:d4:c6:49:7d:95:77:39:12:3c:e6:f4:e0:35:ac:aa:32:
         da:bd:2b:6c:e2:e6:1c:e0:1e:27:97:8a:6a:41:5e:15:cd:46:
         82:80:95:3e:c5:29:a1:97:8f:82:c8:85:56:93:cc:fa:86:60:
         23:78:41:e5:23:57:94:2f:32:55:79:40:58:51:b0:a3:6e:84:
         cf:88:40:6e:23:ee:40:84:38:cf:ba:25:10:78:c7:39:2e:59:
         05:92:49:a4:fa:c4:ea:ef:9a:99:15:1f:f0:8b:2d:5e:9a:5f:
         4d:35:a7:a1:55:1e:ce:9b:cc:18:d2:0e:e2:5c:8f:fe:e5:35:
         6d:a9:dd:30:f9:b4:4c:1d:0d:7c:26:26:e9:f4:8a:af:36:35:
         75:8a:a7:86:25:68:71:55:ba:3b:8e:16:69:d5:e3:0d:79:f0:
         34:5b:fb:c4
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZc7XjFIxRyOZqsasZBhT6IoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjA0MTQzNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjcyZTdkOGQxYTYyMmI3MGY3Yzg3OWNhNzI2OWU5YmY0MGYwNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptBsVWkyabbIUjJwx4ENJ1tETxHI
ogGiBqp+6gNwKj0VKCBuJZNrbcxFtGaTPJGkoXTRwndaZ6EgJbaSsmVSssRk1M1y
CXEe3K08d8DKeuOui+XCLuWO5+JhOpscjiXEvfh7ya6jMyhLS+RVQr223vsHEd62
GQYxAbgCYI4He07FZVy2V9yhqLJTlUgI1GJ9ZhLq/Naz56BDpiFlTMNecmRImJ6g
1F1Y2nlP9MMQlgIORSuB9BvTcXJ6mCvoXWh0aeXMSM8wn5N4G12PQIyODKa2dpuQ
p0wJ0d5LIlCPfTpMzY+zpZynMYizd185vYsLIck3wA0F52Es2vhvyG+2XwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFHJy59jRpiK3D3yHnKcmnpv0DwbmMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvY25MbjJOR21JcmNQZkllY3B5YWVtX1FQQnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAl/AtAwQA
l/ItAwQAl/I5AwQAl/KeAwQCl/LMAwQAl/MCAwQAl/NpAwQAl/OfAwQCl/P4AwQA
l/Q5AwQAl/RvAwQAl/RzAwQCl/V0MA0GCSqGSIb3DQEBCwUAA4IBAQCYVpd6KYj4
AePg4lsOK/pTqrACmEMsa2Zogw/W/LOys4pDT4pl3HFxwko7aHgbHFBY8UTIPF8H
Ff/bCqX18GE9ImdC6YHxXJsDvmXGcRa9tnkBhPKcibyF+UWbHNTGSX2VdzkSPOb0
4DWsqjLavSts4uYc4B4nl4pqQV4VzUaCgJU+xSmhl4+CyIVWk8z6hmAjeEHlI1eU
LzJVeUBYUbCjboTPiEBuI+5AhDjPuiUQeMc5LlkFkkmk+sTq75qZFR/wiy1eml9N
NaehVR7Om8wY0g7iXI/+5TVtqd0w+bRMHQ18Jibp9IqvNjV1iqeGJWhxVbo7jhZp
1eMNefA0W/vE
-----END CERTIFICATE-----
Generated at Mon Jun 9 14:38:31 2025 by rpki-client