Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tlaQsGx4Jf6W0jCRvoKBShl4f7o.roa
File:                     tlaQsGx4Jf6W0jCRvoKBShl4f7o.roa (raw, json)
Hash identifier:          47XnscuHtnboKTz6b+bofJ0NgABH0tyifdFLIvObJSY=
Subject key identifier:   B6:56:90:B0:6C:78:25:FE:96:D2:30:91:BE:82:81:4A:19:78:7F:BA
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196F931D7AE862DDD6712C7315AA5F0CD8A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tlaQsGx4Jf6W0jCRvoKBShl4f7o.roa
Signing time:             Thu 22 May 2025 18:11:55 +0000
ROA not before:           Thu 22 May 2025 18:11:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208212
IP address blocks:        151.242.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 14:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f9:31:d7:ae:86:2d:dd:67:12:c7:31:5a:a5:f0:cd:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 22 18:11:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b65690b06c7825fe96d23091be82814a19787fba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e7:4e:db:f5:c5:09:35:4c:bc:8e:4a:5b:42:
                    b7:fc:90:c3:74:31:7a:d6:d6:d9:6b:2f:db:05:18:
                    11:7d:da:9a:04:00:1a:be:c9:f2:d6:dd:c9:2b:fd:
                    98:b8:92:29:34:61:f0:46:76:45:d4:fb:84:ac:bf:
                    a5:d1:75:30:30:9b:00:e2:01:0f:88:18:2d:ce:c6:
                    38:7c:f7:f7:07:be:ba:62:6d:93:8a:2a:9c:7a:cb:
                    e4:d7:51:30:8f:7c:61:40:0f:d2:17:b1:a5:dc:25:
                    0b:d4:d4:75:cb:7e:85:8e:83:95:4e:e9:c5:86:65:
                    9e:60:4e:92:78:a8:77:27:ee:dc:f2:a1:30:80:d8:
                    fa:e6:24:1c:02:84:4e:e2:c7:f7:5d:1d:e6:22:ef:
                    0c:40:a3:ee:6e:39:75:d0:d4:e3:85:9a:26:6e:fa:
                    b2:5f:1b:bb:12:cc:94:9a:59:ce:21:10:09:21:32:
                    39:56:1c:44:d8:4f:6f:08:ff:ab:8f:69:62:48:f4:
                    4d:d1:9c:75:bd:95:d2:20:cd:18:44:87:83:fc:90:
                    88:be:fc:26:30:b8:1e:47:22:bd:04:5e:be:ba:f3:
                    fe:b8:01:43:d6:69:7d:a5:24:72:81:55:f7:18:37:
                    b9:61:2b:08:ea:d5:72:4d:2a:a8:f4:81:3e:6e:83:
                    94:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:56:90:B0:6C:78:25:FE:96:D2:30:91:BE:82:81:4A:19:78:7F:BA
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/tlaQsGx4Jf6W0jCRvoKBShl4f7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:33:af:47:72:e6:ba:07:5c:e9:9e:f5:43:7d:4d:cf:db:32:
         72:8b:23:84:a3:f9:8c:ec:af:c1:ca:20:fc:31:73:1d:4c:88:
         d0:18:20:b1:87:dc:53:b6:3e:b0:1d:f0:f7:a4:89:8c:d6:37:
         02:6a:c3:95:6b:19:b2:c7:47:88:9d:e7:e9:e2:8f:80:a3:38:
         0a:ed:8c:a4:32:b6:20:ee:1c:07:ed:93:44:6c:d1:e3:87:94:
         44:be:4f:a2:3f:b6:8c:a2:50:97:19:d7:cf:fe:9a:f7:b0:d2:
         48:fd:7b:6d:99:b8:5a:0d:3a:7a:50:bf:29:32:d8:86:a3:fe:
         24:16:dc:c0:1f:79:f7:1a:07:d6:e5:d1:89:5e:ae:e5:3e:e4:
         5e:c1:23:bd:8b:24:b3:72:1e:52:0e:ae:8f:b1:60:67:38:e0:
         dc:42:ee:1e:58:09:4d:81:a5:51:49:e2:46:18:5d:b0:6d:c9:
         03:57:68:32:2e:9f:13:a9:98:1a:a5:ac:6b:af:78:85:d2:38:
         29:9c:d3:5a:c3:58:9c:f7:88:0d:53:16:6a:0f:aa:c3:f9:a9:
         d0:c3:fa:50:b0:a1:99:91:bf:46:43:33:81:05:d4:74:4e:62:
         6b:b1:75:53:f6:6a:8f:a5:07:cc:d0:c0:e4:fe:e0:54:93:c8:
         34:dc:1a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb5Mdeuhi3dZxLHMVql8M2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIyMTgxMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjU2OTBiMDZjNzgyNWZlOTZkMjMwOTFiZTgyODE0YTE5Nzg3ZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+dO2/XFCTVMvI5KW0K3/JDDdDF6
1tbZay/bBRgRfdqaBAAavsny1t3JK/2YuJIpNGHwRnZF1PuErL+l0XUwMJsA4gEP
iBgtzsY4fPf3B766Ym2Tiiqcesvk11Ewj3xhQA/SF7Gl3CUL1NR1y36FjoOVTunF
hmWeYE6SeKh3J+7c8qEwgNj65iQcAoRO4sf3XR3mIu8MQKPubjl10NTjhZombvqy
Xxu7EsyUmlnOIRAJITI5VhxE2E9vCP+rj2liSPRN0Zx1vZXSIM0YRIeD/JCIvvwm
MLgeRyK9BF6+uvP+uAFD1ml9pSRygVX3GDe5YSsI6tVyTSqo9IE+boOUWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZWkLBseCX+ltIwkb6CgUoZeH+6MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdGxhUXNHeDRKZjZXMGpDUnZvS0JTaGw0ZjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JTMA0G
CSqGSIb3DQEBCwUAA4IBAQBDM69Hcua6B1zpnvVDfU3P2zJyiyOEo/mM7K/ByiD8
MXMdTIjQGCCxh9xTtj6wHfD3pImM1jcCasOVaxmyx0eInefp4o+AozgK7YykMrYg
7hwH7ZNEbNHjh5REvk+iP7aMolCXGdfP/pr3sNJI/XttmbhaDTp6UL8pMtiGo/4k
FtzAH3n3GgfW5dGJXq7lPuRewSO9iySzch5SDq6PsWBnOODcQu4eWAlNgaVRSeJG
GF2wbckDV2gyLp8TqZgapaxrr3iF0jgpnNNaw1ic94gNUxZqD6rD+anQw/pQsKGZ
kb9GQzOBBdR0TmJrsXVT9mqPpQfM0MDk/uBUk8g03BqF
-----END CERTIFICATE-----
Generated at Tue Jun 10 23:12:45 2025 by rpki-client