Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/okJKED4SIh0OUqH_7UAXhsaAzgI.roa
File:                     okJKED4SIh0OUqH_7UAXhsaAzgI.roa (raw, json)
Hash identifier:          WzCXQ9SVVzlXPSsdbisZQAV2zxzoMWGtW/QWfc3NKrg=
Subject key identifier:   A2:42:4A:10:3E:12:22:1D:0E:52:A1:FF:ED:40:17:86:C6:80:CE:02
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0195D8FB20265447AEF8A5D86E135143DD3D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/okJKED4SIh0OUqH_7UAXhsaAzgI.roa
Signing time:             Thu 27 Mar 2025 19:01:31 +0000
ROA not before:           Thu 27 Mar 2025 19:01:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138195
IP address blocks:        151.242.22.0/24 maxlen: 24
                          151.243.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d8:fb:20:26:54:47:ae:f8:a5:d8:6e:13:51:43:dd:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 27 19:01:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2424a103e12221d0e52a1ffed401786c680ce02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:99:b2:27:c6:93:12:b6:0b:e0:16:2c:2d:44:
                    60:ca:47:62:9d:f9:58:4e:08:a2:21:93:71:75:4a:
                    f9:2e:94:73:6a:cf:a0:c5:42:ab:42:64:61:06:af:
                    1e:ba:8a:2e:f2:90:04:ee:05:58:82:cc:2e:94:ea:
                    a8:09:a0:67:00:ad:cd:42:8b:e6:58:84:d6:fb:d1:
                    21:fd:6c:af:68:55:09:f0:0b:63:a0:a1:d8:9e:2b:
                    2b:3f:20:92:cf:e4:74:92:d6:3e:f0:6f:d5:44:b0:
                    8d:ba:d0:ef:4f:14:e5:f1:37:d5:09:9e:ee:14:0a:
                    cf:a6:b1:bb:3c:59:34:df:2e:de:5d:b1:c8:5d:5a:
                    0a:45:86:47:46:31:78:1a:3d:4f:de:95:8d:a0:dc:
                    e2:28:f6:d9:12:95:8e:81:6d:90:0c:02:33:07:65:
                    ec:8b:71:11:41:59:ec:c4:01:f0:75:85:26:eb:9c:
                    12:29:a4:94:46:a8:04:f1:72:2a:b5:3b:8d:40:0e:
                    49:a2:96:15:f2:99:a6:47:95:f7:db:cd:a5:8d:d7:
                    ec:e2:d3:cb:01:dd:37:e8:84:d3:21:56:37:2d:0e:
                    fc:ae:6e:aa:61:01:1d:a0:98:77:30:ef:18:ad:48:
                    e7:55:61:07:7c:db:31:59:8b:05:1b:9e:ba:30:c0:
                    37:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:42:4A:10:3E:12:22:1D:0E:52:A1:FF:ED:40:17:86:C6:80:CE:02
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/okJKED4SIh0OUqH_7UAXhsaAzgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.22.0/24
                  151.243.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:bd:ce:05:14:9f:b4:c0:6a:df:5c:fb:40:b0:d2:a9:a2:d5:
         5a:f0:2e:9f:28:35:df:bb:8b:8c:99:f9:b2:06:b9:06:4d:8a:
         4c:95:42:6b:26:c0:83:de:ad:9b:f8:42:06:46:f7:a6:c4:a9:
         e5:f4:85:da:3e:bb:8c:cc:c5:2e:8a:aa:75:8e:ea:6c:f0:48:
         af:e7:5f:d3:3f:ff:62:e8:5f:63:73:85:4f:46:45:dd:43:21:
         13:34:2f:07:d6:04:de:bc:8e:24:ff:11:55:6f:bf:61:04:00:
         3c:55:e0:20:d6:6f:a2:5a:52:47:ec:32:25:13:24:e0:47:d8:
         49:3b:ce:44:a0:0a:27:6e:db:61:75:71:a2:51:5d:24:60:a8:
         62:1c:cd:e0:6d:17:59:d1:7f:3c:6a:f5:3f:ab:df:fb:70:52:
         5e:d1:1c:f1:94:da:df:a5:30:71:07:f4:e6:a3:f2:b8:9d:a0:
         c7:c7:b1:f4:af:48:a6:03:32:b1:8b:2c:f1:a1:f8:73:dd:c2:
         93:d2:d8:c7:18:89:c3:e7:52:16:34:10:a0:e0:a1:22:98:eb:
         e0:3b:4c:49:3f:09:63:e2:ad:6d:bb:db:44:d0:b0:f7:e7:3a:
         bc:aa:35:9e:9e:99:b1:25:54:7d:39:94:c2:3c:60:14:63:f7:
         c3:0d:0f:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXY+yAmVEeu+KXYbhNRQ909MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMzI3MTkwMTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQyNGExMDNlMTIyMjFkMGU1MmExZmZlZDQwMTc4NmM2ODBjZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5myJ8aTErYL4BYsLURgykdinflY
TgiiIZNxdUr5LpRzas+gxUKrQmRhBq8euoou8pAE7gVYgswulOqoCaBnAK3NQovm
WITW+9Eh/WyvaFUJ8AtjoKHYnisrPyCSz+R0ktY+8G/VRLCNutDvTxTl8TfVCZ7u
FArPprG7PFk03y7eXbHIXVoKRYZHRjF4Gj1P3pWNoNziKPbZEpWOgW2QDAIzB2Xs
i3ERQVnsxAHwdYUm65wSKaSURqgE8XIqtTuNQA5JopYV8pmmR5X3282ljdfs4tPL
Ad036ITTIVY3LQ78rm6qYQEdoJh3MO8YrUjnVWEHfNsxWYsFG566MMA3twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKJCShA+EiIdDlKh/+1AF4bGgM4CMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvb2tKS0VENFNJaDBPVXFIXzdVQVhoc2FBemdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/IWAwQA
l/OPMA0GCSqGSIb3DQEBCwUAA4IBAQBKvc4FFJ+0wGrfXPtAsNKpotVa8C6fKDXf
u4uMmfmyBrkGTYpMlUJrJsCD3q2b+EIGRvemxKnl9IXaPruMzMUuiqp1jups8Eiv
51/TP/9i6F9jc4VPRkXdQyETNC8H1gTevI4k/xFVb79hBAA8VeAg1m+iWlJH7DIl
EyTgR9hJO85EoAonbtthdXGiUV0kYKhiHM3gbRdZ0X88avU/q9/7cFJe0RzxlNrf
pTBxB/Tmo/K4naDHx7H0r0imAzKxiyzxofhz3cKT0tjHGInD51IWNBCg4KEimOvg
O0xJPwlj4q1tu9tE0LD35zq8qjWenpmxJVR9OZTCPGAUY/fDDQ8S
-----END CERTIFICATE-----