Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sFzxAsUN4jHBQF2o6zTcKi1k_zw.roa
File:                     sFzxAsUN4jHBQF2o6zTcKi1k_zw.roa (raw, json)
Hash identifier:          jWMiI8rt0OUFfbAQ+DEkfex8HZ+9L/LTjJy+34rGFcA=
Subject key identifier:   B0:5C:F1:02:C5:0D:E2:31:C1:40:5D:A8:EB:34:DC:2A:2D:64:FF:3C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196F930EC608CCEC4618BEC0578048E19F7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sFzxAsUN4jHBQF2o6zTcKi1k_zw.roa
Signing time:             Thu 22 May 2025 18:10:55 +0000
ROA not before:           Thu 22 May 2025 18:10:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214483
IP address blocks:        151.243.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f9:30:ec:60:8c:ce:c4:61:8b:ec:05:78:04:8e:19:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 22 18:10:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b05cf102c50de231c1405da8eb34dc2a2d64ff3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ed:ee:d8:66:e8:f4:40:8b:12:bb:d6:cc:b0:
                    e5:16:98:d1:8f:fc:a2:15:3e:64:4e:86:03:27:5f:
                    ee:4d:6d:1a:26:39:2a:91:3d:db:e9:dd:4e:ac:a7:
                    9f:21:33:25:3d:94:41:55:5a:db:13:76:bf:90:b0:
                    15:39:a5:2b:c5:ad:d6:09:d0:cd:1a:35:64:55:4d:
                    1a:b5:5e:9a:73:1e:d2:08:1d:bb:36:71:48:c7:2b:
                    78:6c:0c:b0:78:70:3b:dd:62:87:3f:e7:b8:8e:3b:
                    2a:71:41:48:e7:a0:5e:fb:74:f1:53:cb:be:c9:1d:
                    ee:7d:6e:8b:4d:22:e0:24:0e:f1:3e:a6:63:3b:a1:
                    b9:2d:bf:4f:9d:80:99:70:e0:b3:b2:55:ee:8b:38:
                    a0:19:e5:09:3f:c9:55:60:59:ec:3a:60:f0:c5:11:
                    61:c8:6a:02:3e:fa:c2:ab:95:91:de:33:3e:7c:f1:
                    71:e8:33:39:30:95:9a:00:fd:ae:15:bd:d7:cd:6b:
                    87:d3:aa:23:ff:8e:d4:19:19:89:fa:ec:cd:db:42:
                    75:65:27:d7:9f:b5:b1:16:4f:b4:19:74:2c:69:12:
                    74:f0:61:fd:60:87:a4:8b:b8:f7:b6:03:5e:dc:39:
                    25:a9:40:f7:57:ca:83:3f:18:e2:d3:d6:3f:c5:a6:
                    f1:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5C:F1:02:C5:0D:E2:31:C1:40:5D:A8:EB:34:DC:2A:2D:64:FF:3C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sFzxAsUN4jHBQF2o6zTcKi1k_zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c8:25:21:f1:80:f2:c3:11:7f:7d:fc:a1:82:18:40:44:db:
         b6:e9:63:6b:e9:c0:37:87:e5:45:02:39:d8:d6:d7:e4:de:e3:
         9d:a1:22:9a:66:63:92:0c:7c:5d:c8:c7:f7:cb:8a:7d:fe:f6:
         ca:ea:2d:35:8b:ff:2e:10:85:63:c0:54:28:26:cf:ea:83:28:
         f2:ef:ba:6f:4b:8b:a9:c5:10:39:b7:6b:8f:17:5a:e8:82:14:
         b7:f6:f1:02:ab:6d:1b:f0:1d:6b:da:3c:c8:fe:8c:c9:16:85:
         6d:d4:be:98:2c:25:ee:96:02:c0:78:cf:c5:6e:f5:18:2d:0b:
         94:f1:64:e1:d2:3f:50:dc:21:30:92:e6:f6:28:d9:f3:80:a7:
         7d:60:e6:c8:4f:12:19:2b:ff:50:e1:24:d1:3d:8d:ad:ec:b7:
         c4:f8:0b:49:ce:4d:8d:32:97:d4:88:85:dc:ee:08:11:23:71:
         9b:ef:7f:d6:f4:2b:94:67:60:da:73:25:0f:83:fa:fd:61:5f:
         35:f4:b2:60:6f:75:5c:cf:3f:c9:20:26:02:c9:54:fa:bb:57:
         d3:96:74:2e:eb:4f:23:65:19:80:6f:74:33:b5:70:e0:14:f6:
         3f:cf:c9:0a:21:ad:d2:47:7f:1a:d4:30:9b:d3:5d:73:3a:e8:
         84:57:f8:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb5MOxgjM7EYYvsBXgEjhn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIyMTgxMDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDVjZjEwMmM1MGRlMjMxYzE0MDVkYThlYjM0ZGMyYTJkNjRmZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+3u2Gbo9ECLErvWzLDlFpjRj/yi
FT5kToYDJ1/uTW0aJjkqkT3b6d1OrKefITMlPZRBVVrbE3a/kLAVOaUrxa3WCdDN
GjVkVU0atV6acx7SCB27NnFIxyt4bAyweHA73WKHP+e4jjsqcUFI56Be+3TxU8u+
yR3ufW6LTSLgJA7xPqZjO6G5Lb9PnYCZcOCzslXuizigGeUJP8lVYFnsOmDwxRFh
yGoCPvrCq5WR3jM+fPFx6DM5MJWaAP2uFb3XzWuH06oj/47UGRmJ+uzN20J1ZSfX
n7WxFk+0GXQsaRJ08GH9YIeki7j3tgNe3DklqUD3V8qDPxji09Y/xabxdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBc8QLFDeIxwUBdqOs03CotZP88MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvc0Z6eEFzVU40akhCUUYybzZ6VGNLaTFrX3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MzMA0G
CSqGSIb3DQEBCwUAA4IBAQAKyCUh8YDywxF/ffyhghhARNu26WNr6cA3h+VFAjnY
1tfk3uOdoSKaZmOSDHxdyMf3y4p9/vbK6i01i/8uEIVjwFQoJs/qgyjy77pvS4up
xRA5t2uPF1roghS39vECq20b8B1r2jzI/ozJFoVt1L6YLCXulgLAeM/FbvUYLQuU
8WTh0j9Q3CEwkub2KNnzgKd9YObITxIZK/9Q4STRPY2t7LfE+AtJzk2NMpfUiIXc
7ggRI3Gb73/W9CuUZ2DacyUPg/r9YV819LJgb3Vczz/JICYCyVT6u1fTlnQu608j
ZRmAb3QztXDgFPY/z8kKIa3SR38a1DCb011zOuiEV/h4
-----END CERTIFICATE-----