Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fSjFAX05uvW5D4wls2H8uUzOpwM.roa
File:                     fSjFAX05uvW5D4wls2H8uUzOpwM.roa (raw, json)
Hash identifier:          E0q8uwtB8wI2Sv+ZkyK0P1dbMD1my9exhOuwbJ7WJXM=
Subject key identifier:   7D:28:C5:01:7D:39:BA:F5:B9:0F:8C:25:B3:61:FC:B9:4C:CE:A7:03
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0195B4C208A5643632F6FE9A715078F6D745
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fSjFAX05uvW5D4wls2H8uUzOpwM.roa
Signing time:             Thu 20 Mar 2025 18:12:49 +0000
ROA not before:           Thu 20 Mar 2025 18:12:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214652
IP address blocks:        151.242.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b4:c2:08:a5:64:36:32:f6:fe:9a:71:50:78:f6:d7:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 20 18:12:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d28c5017d39baf5b90f8c25b361fcb94ccea703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3a:9f:f3:5b:47:73:ed:23:8b:8d:d5:aa:93:
                    0c:f4:8b:11:47:14:a4:b5:43:ef:3f:14:ed:f8:80:
                    a0:f3:42:ce:d3:e2:a2:e1:ee:86:39:98:7a:75:c6:
                    27:c4:56:9b:6a:c5:ad:5b:84:45:f8:ed:89:49:8c:
                    11:23:3c:0d:35:03:77:96:a8:2a:81:95:38:e5:c8:
                    c5:8b:2d:70:dc:68:33:44:55:c0:42:76:3d:43:6f:
                    d9:34:5f:12:4a:5d:83:55:40:f2:69:09:ca:59:de:
                    49:1f:69:27:49:6d:0e:1e:b3:67:ab:ed:e9:af:a5:
                    0b:9e:54:f4:92:83:d3:8c:06:d7:ee:46:a5:37:31:
                    28:d6:72:4c:e7:30:4d:49:a7:33:cd:64:78:fe:5c:
                    57:e8:2a:79:2a:ba:f3:06:78:5d:e5:8e:c6:41:71:
                    1f:40:1f:c2:66:55:a1:04:af:d2:39:2f:54:13:30:
                    6c:c2:06:1e:c6:24:c9:be:ca:c2:5a:5e:55:a3:a3:
                    9a:61:d9:28:d6:05:36:7a:64:40:21:ab:e7:15:78:
                    ac:fa:6b:f5:2b:e8:3e:11:d0:a3:da:ce:b8:0e:79:
                    e8:b6:41:c6:b6:3d:61:84:35:9d:dc:66:3f:e3:4b:
                    e5:d5:63:fa:22:8f:38:fa:a7:04:7a:79:5c:4d:91:
                    f7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:28:C5:01:7D:39:BA:F5:B9:0F:8C:25:B3:61:FC:B9:4C:CE:A7:03
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fSjFAX05uvW5D4wls2H8uUzOpwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:7a:bb:0f:8c:5d:d8:63:83:0a:40:71:b9:a6:60:42:35:6d:
         f1:76:91:d3:ec:31:eb:a4:14:ae:de:10:2b:3d:d7:b7:9e:3c:
         0b:6f:b9:93:61:eb:1d:de:88:53:90:9c:7f:60:b4:fc:f3:4b:
         4c:3a:80:2c:fa:a0:2b:3d:e9:cb:31:67:bc:9e:b8:d0:d1:89:
         98:62:4e:3a:cb:52:6a:6d:86:6d:f5:6f:12:54:4a:82:de:31:
         d2:eb:6c:a5:35:5f:36:43:f8:7c:3d:36:22:17:aa:52:7e:4b:
         28:b2:75:48:78:31:d6:a4:4c:b1:d3:7e:bf:78:58:4c:a7:d4:
         49:41:66:5f:69:b2:24:00:6f:1c:17:1b:e7:eb:5c:8b:25:9a:
         0d:b0:09:70:bc:35:08:87:36:86:0b:12:f8:88:4c:78:a8:13:
         d4:f3:9a:8e:97:ae:f6:f6:bf:d3:fa:8c:86:fe:47:92:e3:ff:
         74:f1:d7:95:a5:df:ca:ed:61:35:28:0e:af:88:72:fd:7f:aa:
         51:bd:cc:85:a1:a7:f5:af:42:ed:49:d7:a4:95:34:7e:47:af:
         59:c2:f5:99:46:58:db:6b:18:a0:2f:dd:bb:64:10:d2:ec:76:
         52:3c:4f:63:fd:8b:a6:aa:a5:e5:7d:52:e1:ae:7f:32:00:5f:
         40:f7:95:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW0wgilZDYy9v6acVB49tdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMzIwMTgxMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDI4YzUwMTdkMzliYWY1YjkwZjhjMjViMzYxZmNiOTRjY2VhNzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjqf81tHc+0ji43VqpMM9IsRRxSk
tUPvPxTt+ICg80LO0+Ki4e6GOZh6dcYnxFabasWtW4RF+O2JSYwRIzwNNQN3lqgq
gZU45cjFiy1w3GgzRFXAQnY9Q2/ZNF8SSl2DVUDyaQnKWd5JH2knSW0OHrNnq+3p
r6ULnlT0koPTjAbX7kalNzEo1nJM5zBNSaczzWR4/lxX6Cp5KrrzBnhd5Y7GQXEf
QB/CZlWhBK/SOS9UEzBswgYexiTJvsrCWl5Vo6OaYdko1gU2emRAIavnFXis+mv1
K+g+EdCj2s64DnnotkHGtj1hhDWd3GY/40vl1WP6Io84+qcEenlcTZH3cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0oxQF9Obr1uQ+MJbNh/LlMzqcDMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZlNqRkFYMDV1dlc1RDR3bHMySDh1VXpPcHdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IjMA0G
CSqGSIb3DQEBCwUAA4IBAQCLersPjF3YY4MKQHG5pmBCNW3xdpHT7DHrpBSu3hAr
Pde3njwLb7mTYesd3ohTkJx/YLT880tMOoAs+qArPenLMWe8nrjQ0YmYYk46y1Jq
bYZt9W8SVEqC3jHS62ylNV82Q/h8PTYiF6pSfksosnVIeDHWpEyx036/eFhMp9RJ
QWZfabIkAG8cFxvn61yLJZoNsAlwvDUIhzaGCxL4iEx4qBPU85qOl6729r/T+oyG
/keS4/908deVpd/K7WE1KA6viHL9f6pRvcyFoaf1r0LtSdeklTR+R69ZwvWZRljb
axigL927ZBDS7HZSPE9j/YumqqXlfVLhrn8yAF9A95Wu
-----END CERTIFICATE-----