Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rTjDIDHjbM9mwtWSmP35qch8D0U.roa
File:                     rTjDIDHjbM9mwtWSmP35qch8D0U.roa (raw, json)
Hash identifier:          ERNMtUZ3sWRkCWgXYJOR12CY9e3ST6WzW8U4b8X2OPg=
Subject key identifier:   AD:38:C3:20:31:E3:6C:CF:66:C2:D5:92:98:FD:F9:A9:C8:7C:0F:45
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194A69B5A32C027AF1A3F72923396AD0508
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rTjDIDHjbM9mwtWSmP35qch8D0U.roa
Signing time:             Mon 27 Jan 2025 07:13:06 +0000
ROA not before:           Mon 27 Jan 2025 07:13:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        151.243.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a6:9b:5a:32:c0:27:af:1a:3f:72:92:33:96:ad:05:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 27 07:13:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad38c32031e36ccf66c2d59298fdf9a9c87c0f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:25:6d:d0:ac:01:36:6e:ad:d4:0f:b7:89:
                    68:57:cb:8a:dd:70:bf:ab:9a:60:24:ff:b5:95:03:
                    b1:60:e1:67:1c:8b:f6:fa:2d:fb:59:40:d9:d9:53:
                    0f:47:f6:ae:52:72:35:54:42:44:86:45:09:c5:cc:
                    75:d9:65:4f:69:6d:0d:53:5e:0e:38:f4:0f:1e:78:
                    e2:79:f5:3b:01:87:49:3e:fb:b5:b9:8b:2e:a4:cd:
                    18:37:f1:fb:8c:c2:82:08:46:c0:9d:38:07:50:06:
                    fc:71:02:ec:47:de:25:46:ed:7a:8a:5c:d0:aa:f6:
                    52:ea:b1:1a:ad:3a:bf:5d:d9:4f:83:9c:04:38:1c:
                    e1:6b:58:b2:e3:b2:e0:94:d9:18:46:89:3a:13:13:
                    4c:4e:d5:62:5d:82:7f:c4:e8:73:80:b9:6c:2b:3b:
                    25:d4:44:57:08:0d:2a:94:97:b3:bc:e9:97:b5:66:
                    0d:e8:b1:4e:97:b5:6a:83:7c:05:88:8c:53:ea:ed:
                    49:b5:5a:c3:c1:f5:ef:cc:cb:67:5d:e3:e3:ce:0f:
                    f3:c6:3a:9d:38:e4:1d:8b:b0:1b:3b:2c:d9:87:09:
                    a4:59:a3:68:64:66:85:b7:0b:78:6d:08:7b:bb:b3:
                    fe:b0:8e:e6:b7:89:13:8b:e8:64:4d:37:83:3a:43:
                    d9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:38:C3:20:31:E3:6C:CF:66:C2:D5:92:98:FD:F9:A9:C8:7C:0F:45
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rTjDIDHjbM9mwtWSmP35qch8D0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:58:ba:88:8c:7d:87:4a:46:f0:a1:08:42:10:fd:a3:0a:dd:
         18:25:e6:96:34:30:69:d4:bb:48:67:dd:10:10:54:94:4c:83:
         eb:82:16:73:71:a3:f7:e2:61:18:4b:fc:45:3b:72:4f:44:4f:
         46:3c:28:22:be:a2:f8:77:c6:db:f1:22:20:80:8f:5e:98:b7:
         ac:94:c8:93:84:45:ba:a0:d6:6d:a6:0d:95:ca:ef:a6:e2:10:
         77:ac:3f:2a:61:ae:ae:2f:ca:e9:1a:3a:46:60:11:06:cf:21:
         34:4b:1f:c4:55:08:fa:bc:99:f4:6b:57:33:9e:60:d1:f8:53:
         41:a4:71:24:45:d8:41:ba:84:d2:a7:72:78:07:87:7f:be:b9:
         d8:de:4f:fd:53:d0:60:a8:08:c9:39:12:bf:26:8b:da:ef:67:
         1e:c2:f6:dd:a0:96:e5:fc:8e:57:ce:47:24:49:e4:ee:89:56:
         fb:74:37:28:c9:38:86:65:7c:b8:93:c8:47:e4:c6:9d:0b:8c:
         87:60:ed:74:8a:fa:e5:9c:2f:ff:58:3a:a4:2c:14:ed:d3:c6:
         0b:a0:ff:08:db:01:a8:0e:5b:83:7d:fe:d9:54:39:e8:eb:c5:
         56:29:c6:69:96:5e:68:1d:77:68:f0:60:b9:e8:b0:af:d6:96:
         9c:dc:81:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSmm1oywCevGj9ykjOWrQUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTI3MDcxMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDM4YzMyMDMxZTM2Y2NmNjZjMmQ1OTI5OGZkZjlhOWM4N2MwZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjolbdCsATZurdQPt4loV8uK3XC/
q5pgJP+1lQOxYOFnHIv2+i37WUDZ2VMPR/auUnI1VEJEhkUJxcx12WVPaW0NU14O
OPQPHnjiefU7AYdJPvu1uYsupM0YN/H7jMKCCEbAnTgHUAb8cQLsR94lRu16ilzQ
qvZS6rEarTq/XdlPg5wEOBzha1iy47LglNkYRok6ExNMTtViXYJ/xOhzgLlsKzsl
1ERXCA0qlJezvOmXtWYN6LFOl7Vqg3wFiIxT6u1JtVrDwfXvzMtnXePjzg/zxjqd
OOQdi7AbOyzZhwmkWaNoZGaFtwt4bQh7u7P+sI7mt4kTi+hkTTeDOkPZqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK04wyAx42zPZsLVkpj9+anIfA9FMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvclRqRElESGpiTTltd3RXU21QMzVxY2g4RDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NXMA0G
CSqGSIb3DQEBCwUAA4IBAQB8WLqIjH2HSkbwoQhCEP2jCt0YJeaWNDBp1LtIZ90Q
EFSUTIPrghZzcaP34mEYS/xFO3JPRE9GPCgivqL4d8bb8SIggI9emLeslMiThEW6
oNZtpg2Vyu+m4hB3rD8qYa6uL8rpGjpGYBEGzyE0Sx/EVQj6vJn0a1cznmDR+FNB
pHEkRdhBuoTSp3J4B4d/vrnY3k/9U9BgqAjJORK/Jova72cewvbdoJbl/I5Xzkck
SeTuiVb7dDcoyTiGZXy4k8hH5MadC4yHYO10ivrlnC//WDqkLBTt08YLoP8I2wGo
DluDff7ZVDno68VWKcZpll5oHXdo8GC56LCv1pac3IG3
-----END CERTIFICATE-----