Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/k_1yiuLgmMTWYomFk53jCm84CV0.roa
File:                     k_1yiuLgmMTWYomFk53jCm84CV0.roa (raw, json)
Hash identifier:          Y8S36nm/uBKsC01jw1/MRBuIMCF9j3pWKV3KDM4f8RA=
Subject key identifier:   93:FD:72:8A:E2:E0:98:C4:D6:62:89:85:93:9D:E3:0A:6F:38:09:5D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01971156924ED343A3CAF96D90FF7C4116BE
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/k_1yiuLgmMTWYomFk53jCm84CV0.roa
Signing time:             Tue 27 May 2025 10:42:55 +0000
ROA not before:           Tue 27 May 2025 10:42:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199707
IP address blocks:        151.241.88.0/24 maxlen: 24
                          151.242.11.0/24 maxlen: 24
                          151.242.188.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:56:92:4e:d3:43:a3:ca:f9:6d:90:ff:7c:41:16:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 27 10:42:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93fd728ae2e098c4d6628985939de30a6f38095d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:82:3f:2f:db:e9:7b:b7:50:9a:44:ff:f4:bf:
                    f9:db:bf:79:8d:b1:7f:ac:5c:e0:d9:ac:62:37:9b:
                    1f:5e:c8:de:37:cb:38:b0:29:36:1b:13:35:8d:f0:
                    f0:66:01:23:2b:f7:34:99:d7:dd:55:2a:2b:5b:39:
                    9a:c8:99:35:11:47:15:68:7d:d0:dc:7a:8c:6c:31:
                    20:21:aa:c7:49:df:55:cb:4c:0b:e9:21:b4:5b:f7:
                    7f:44:b1:29:9f:ea:90:c2:5b:a2:5f:b4:fb:6e:77:
                    6e:68:a0:7a:75:a9:95:1a:dc:ed:06:94:9b:b4:4c:
                    e8:9d:6e:40:0b:12:a1:2f:dd:64:c1:7c:62:6f:f2:
                    28:6c:93:7d:86:64:67:6a:29:1b:c5:50:4f:2c:b1:
                    42:ca:3b:28:6b:21:0c:e9:ed:93:09:4c:86:48:c3:
                    90:85:fd:c8:1a:6b:e4:17:10:99:f1:98:3f:08:38:
                    52:7a:a3:8e:8e:25:9f:fd:17:94:73:74:84:4d:53:
                    1b:89:64:57:36:75:cb:2e:77:56:f7:48:1c:e5:28:
                    ff:d6:62:a7:3b:4e:19:4f:5a:05:58:e9:ae:0a:e1:
                    d5:4c:1e:0c:a0:f7:d1:e1:58:a6:34:b5:53:af:68:
                    5e:8e:e3:9d:c9:4a:63:d2:c4:a6:18:23:cb:5d:aa:
                    5e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:FD:72:8A:E2:E0:98:C4:D6:62:89:85:93:9D:E3:0A:6F:38:09:5D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/k_1yiuLgmMTWYomFk53jCm84CV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.88.0/24
                  151.242.11.0/24
                  151.242.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:c9:91:bd:fd:e4:d1:ec:98:a1:71:67:29:f9:23:29:19:77:
         5c:b7:3a:0d:81:27:f4:b6:e4:9c:74:e4:e4:88:76:36:ba:8b:
         c6:2d:71:9f:e6:ad:3e:0d:7a:0c:ad:b8:b8:37:71:fe:c0:6a:
         11:55:2f:10:4f:a9:06:fe:37:58:ed:7c:46:5a:c8:f2:1e:61:
         c2:97:da:9e:ec:51:94:7f:9c:4a:77:6f:f8:2a:25:4d:d9:f8:
         ba:8c:70:e6:91:41:49:70:2c:2f:ff:31:60:60:db:f9:31:50:
         83:d1:a5:54:fc:73:c7:fa:cd:9d:2a:d0:3b:0a:e7:0e:41:21:
         20:a0:ab:e2:59:9a:4d:75:30:9f:49:cc:7f:ab:34:88:3a:e8:
         f5:c8:ff:6c:c9:c6:40:3f:ed:bc:48:8b:d4:0d:ca:7c:55:4b:
         3d:b1:cd:9e:1d:3d:ea:bf:3c:2b:81:c9:98:1d:0e:07:46:a6:
         ff:a0:88:19:d7:51:f1:51:9a:13:bc:11:aa:a6:86:3d:f9:fd:
         1a:55:d6:3e:11:de:10:04:3c:63:a4:83:d2:55:5a:5e:c5:75:
         07:c0:af:58:6a:97:9f:63:38:38:0f:6a:24:1a:1b:18:56:51:
         3d:d0:ad:c7:1b:05:79:bf:ba:59:e3:68:ea:02:ae:94:33:d0:
         19:61:bb:5a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZcRVpJO00OjyvltkP98QRa+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTI3MTA0MjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2ZkNzI4YWUyZTA5OGM0ZDY2Mjg5ODU5MzlkZTMwYTZmMzgwOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oI/L9vpe7dQmkT/9L/52795jbF/
rFzg2axiN5sfXsjeN8s4sCk2GxM1jfDwZgEjK/c0mdfdVSorWzmayJk1EUcVaH3Q
3HqMbDEgIarHSd9Vy0wL6SG0W/d/RLEpn+qQwluiX7T7bnduaKB6damVGtztBpSb
tEzonW5ACxKhL91kwXxib/IobJN9hmRnaikbxVBPLLFCyjsoayEM6e2TCUyGSMOQ
hf3IGmvkFxCZ8Zg/CDhSeqOOjiWf/ReUc3SETVMbiWRXNnXLLndW90gc5Sj/1mKn
O04ZT1oFWOmuCuHVTB4MoPfR4VimNLVTr2hejuOdyUpj0sSmGCPLXape5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJP9cori4JjE1mKJhZOd4wpvOAldMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEva18xeWl1TGdtTVRXWW9tRms1M2pDbTg0Q1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/FYAwQA
l/ILAwQBl/K8MA0GCSqGSIb3DQEBCwUAA4IBAQAvyZG9/eTR7JihcWcp+SMpGXdc
tzoNgSf0tuScdOTkiHY2uovGLXGf5q0+DXoMrbi4N3H+wGoRVS8QT6kG/jdY7XxG
WsjyHmHCl9qe7FGUf5xKd2/4KiVN2fi6jHDmkUFJcCwv/zFgYNv5MVCD0aVU/HPH
+s2dKtA7CucOQSEgoKviWZpNdTCfScx/qzSIOuj1yP9sycZAP+28SIvUDcp8VUs9
sc2eHT3qvzwrgcmYHQ4HRqb/oIgZ11HxUZoTvBGqpoY9+f0aVdY+Ed4QBDxjpIPS
VVpexXUHwK9YapefYzg4D2okGhsYVlE90K3HGwV5v7pZ42jqAq6UM9AZYbta
-----END CERTIFICATE-----
Generated at Mon Jun 9 11:32:49 2025 by rpki-client