Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/q0pMWj8dJOSGJzubmONrvQOeKsE.roa
File:                     q0pMWj8dJOSGJzubmONrvQOeKsE.roa (raw, json)
Hash identifier:          INqYTrVWgVVc1D7C/Xhs/17BnimSwb8N3cydAN6AFDI=
Subject key identifier:   AB:4A:4C:5A:3F:1D:24:E4:86:27:3B:9B:98:E3:6B:BD:03:9E:2A:C1
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019724CA1E2C3D41B355C00415F40C297982
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/q0pMWj8dJOSGJzubmONrvQOeKsE.roa
Signing time:             Sat 31 May 2025 05:21:55 +0000
ROA not before:           Sat 31 May 2025 05:21:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206264
IP address blocks:        151.245.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 14:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:24:ca:1e:2c:3d:41:b3:55:c0:04:15:f4:0c:29:79:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 31 05:21:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab4a4c5a3f1d24e486273b9b98e36bbd039e2ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d5:a3:46:13:6a:70:e2:6a:1b:7c:2f:4e:01:
                    e4:e6:9f:67:20:cc:b8:35:2f:d9:71:b5:2e:7d:4f:
                    73:06:e0:c1:58:de:04:39:72:ff:87:9a:e2:f4:12:
                    f2:c7:ec:0a:78:6d:2c:62:86:d7:06:4e:77:d9:6c:
                    49:d3:ec:8b:5c:ea:2d:a3:58:07:99:ac:17:df:46:
                    ad:52:6c:68:c0:17:da:48:36:ca:c6:a4:59:20:f1:
                    a3:9e:32:bc:36:d9:22:f2:89:e8:21:6a:c4:9c:f9:
                    fd:4a:e2:b9:19:29:b8:66:ee:9c:5a:2c:84:6b:97:
                    28:86:a5:b9:19:3c:be:19:8d:d3:2b:bf:cf:b6:c8:
                    54:b7:de:35:0a:d1:cd:40:25:de:fe:b8:90:97:09:
                    cb:46:54:95:35:01:b5:b5:41:b1:39:c9:e1:b4:76:
                    c0:ad:2a:c7:83:dd:78:c2:11:82:c8:e2:af:94:fb:
                    3b:94:1d:c0:80:e4:12:93:3e:1b:80:9c:a5:1b:0c:
                    17:eb:b3:e4:5a:0e:d0:bc:5f:e0:39:4d:fa:1a:c0:
                    d2:a6:c3:9d:09:28:69:94:99:35:e4:02:d0:de:93:
                    be:fc:95:07:69:9e:ce:5d:37:1e:eb:d1:47:fd:89:
                    e4:e3:79:1a:8e:6c:88:4c:89:de:45:57:43:7e:96:
                    5e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:4A:4C:5A:3F:1D:24:E4:86:27:3B:9B:98:E3:6B:BD:03:9E:2A:C1
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/q0pMWj8dJOSGJzubmONrvQOeKsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:b6:8f:62:7c:95:16:13:53:f1:0a:07:ee:84:78:3b:e4:15:
         5d:b7:5e:27:d2:5d:2d:88:1c:f3:b6:be:3a:62:77:6e:00:01:
         dc:26:07:56:2c:05:f0:4b:18:32:05:82:8a:5a:e3:6b:87:9f:
         6f:35:d3:4f:a8:85:8d:5e:17:ea:89:55:68:a8:8b:49:da:a5:
         b2:ad:59:f1:da:5d:2a:cd:57:8c:68:82:d2:09:f4:6b:13:fd:
         50:e1:ee:ba:db:16:30:13:d4:85:ed:27:a0:0c:8e:df:be:7b:
         83:7d:72:ed:7f:01:c8:e3:98:82:4d:0e:6b:b4:ab:c3:c4:1c:
         ca:bb:6f:4f:a5:e6:61:7e:fe:4d:26:3c:97:db:20:e2:44:56:
         1a:b3:db:e6:31:67:9a:2b:d7:9b:d6:e1:93:68:32:3c:bb:83:
         01:86:38:fd:fa:32:68:b6:9a:8d:a9:78:bd:8c:e4:d3:1d:f9:
         0e:26:8e:df:11:87:7c:e4:f7:9c:a9:7b:fd:6a:76:93:b0:51:
         5f:a7:89:1c:59:54:34:c0:b0:67:e4:97:4d:dd:b6:1a:08:8b:
         ef:2c:d1:87:b3:ba:b9:ae:7a:32:82:e8:7a:23:0c:81:0b:74:
         71:84:e9:a6:7c:bf:ce:a4:4d:2b:48:30:09:b7:28:b4:b0:6c:
         c4:bd:7a:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZckyh4sPUGzVcAEFfQMKXmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTMxMDUyMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjRhNGM1YTNmMWQyNGU0ODYyNzNiOWI5OGUzNmJiZDAzOWUyYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NWjRhNqcOJqG3wvTgHk5p9nIMy4
NS/ZcbUufU9zBuDBWN4EOXL/h5ri9BLyx+wKeG0sYobXBk532WxJ0+yLXOoto1gH
mawX30atUmxowBfaSDbKxqRZIPGjnjK8Ntki8onoIWrEnPn9SuK5GSm4Zu6cWiyE
a5cohqW5GTy+GY3TK7/PtshUt941CtHNQCXe/riQlwnLRlSVNQG1tUGxOcnhtHbA
rSrHg914whGCyOKvlPs7lB3AgOQSkz4bgJylGwwX67PkWg7QvF/gOU36GsDSpsOd
CShplJk15ALQ3pO+/JUHaZ7OXTce69FH/Ynk43kajmyITIneRVdDfpZekwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtKTFo/HSTkhic7m5jja70DnirBMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcTBwTVdqOGRKT1NHSnp1Ym1PTnJ2UU9lS3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/VYMA0G
CSqGSIb3DQEBCwUAA4IBAQAtto9ifJUWE1PxCgfuhHg75BVdt14n0l0tiBzztr46
YnduAAHcJgdWLAXwSxgyBYKKWuNrh59vNdNPqIWNXhfqiVVoqItJ2qWyrVnx2l0q
zVeMaILSCfRrE/1Q4e662xYwE9SF7SegDI7fvnuDfXLtfwHI45iCTQ5rtKvDxBzK
u29PpeZhfv5NJjyX2yDiRFYas9vmMWeaK9eb1uGTaDI8u4MBhjj9+jJotpqNqXi9
jOTTHfkOJo7fEYd85PecqXv9anaTsFFfp4kcWVQ0wLBn5JdN3bYaCIvvLNGHs7q5
rnoyguh6IwyBC3RxhOmmfL/OpE0rSDAJtyi0sGzEvXqQ
-----END CERTIFICATE-----
Generated at Wed Jun 11 00:43:26 2025 by rpki-client