Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/07h8wJ2uQsS0t2QoBvmZFVrEWiw.roa
File:                     07h8wJ2uQsS0t2QoBvmZFVrEWiw.roa (raw, json)
Hash identifier:          QQmFfYzNBMJrZp5ehRce4wIdWo3QyEajgudMV+ejU9M=
Subject key identifier:   D3:B8:7C:C0:9D:AE:42:C4:B4:B7:64:28:06:F9:99:15:5A:C4:5A:2C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199D1DF07563ACFE80798BD3B5AB124A0C0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/07h8wJ2uQsS0t2QoBvmZFVrEWiw.roa
Signing time:             Sat 11 Oct 2025 06:04:38 +0000
ROA not before:           Sat 11 Oct 2025 06:04:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        151.240.2.0/24 maxlen: 24
                          151.240.169.0/24 maxlen: 24
                          151.241.33.0/24 maxlen: 24
                          151.241.43.0/24 maxlen: 24
                          151.241.48.0/24 maxlen: 24
                          151.241.51.0/24 maxlen: 24
                          151.241.164.0/24 maxlen: 24
                          151.242.26.0/24 maxlen: 24
                          151.243.26.0/24 maxlen: 24
                          151.244.42.0/24 maxlen: 24
                          151.244.240.0/24 maxlen: 24
                          151.245.69.0/24 maxlen: 24
                          151.247.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d1:df:07:56:3a:cf:e8:07:98:bd:3b:5a:b1:24:a0:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 11 06:04:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3b87cc09dae42c4b4b7642806f999155ac45a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0b:16:83:94:ff:3d:25:fb:e5:fa:c2:71:78:
                    fc:e1:c0:bb:95:54:88:50:38:25:19:eb:c1:45:ed:
                    8f:d9:17:af:2d:f3:14:29:a2:62:31:c5:a1:f8:e3:
                    db:65:8d:d9:08:ee:3c:3c:ab:5d:a3:18:cd:04:24:
                    a3:29:60:b7:25:7d:d6:d3:4a:d9:5b:80:f0:7e:1d:
                    02:25:9d:6e:2b:75:51:75:ed:9b:51:3f:81:61:13:
                    e8:77:31:11:c3:82:a3:30:d7:0a:8c:b3:86:4e:82:
                    e3:b4:22:94:43:a9:f4:74:e2:00:c9:af:c5:96:3b:
                    1c:08:f7:66:4c:e6:ef:88:5a:f3:00:f4:84:49:55:
                    c9:5d:00:89:41:46:5e:c1:8d:50:13:16:f6:54:a8:
                    f5:ef:95:e7:65:c7:6c:40:d7:5e:a9:5d:16:a8:2b:
                    af:46:d1:c0:52:c5:da:bb:03:d4:23:10:08:d4:f2:
                    e8:6d:3c:ac:51:89:07:38:64:8b:db:02:b5:e6:6c:
                    2d:fe:6e:30:37:50:0f:24:0a:c4:93:9d:31:01:92:
                    94:cd:ec:b4:46:1c:dc:15:fa:c6:bc:ac:98:7a:2f:
                    aa:67:97:05:e0:68:cb:ec:6c:0d:e9:fd:04:b2:fb:
                    6b:72:d3:b8:f1:80:f5:d4:ba:55:4b:b0:e1:13:dc:
                    a8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B8:7C:C0:9D:AE:42:C4:B4:B7:64:28:06:F9:99:15:5A:C4:5A:2C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/07h8wJ2uQsS0t2QoBvmZFVrEWiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.2.0/24
                  151.240.169.0/24
                  151.241.33.0/24
                  151.241.43.0/24
                  151.241.48.0/24
                  151.241.51.0/24
                  151.241.164.0/24
                  151.242.26.0/24
                  151.243.26.0/24
                  151.244.42.0/24
                  151.244.240.0/24
                  151.245.69.0/24
                  151.247.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:3e:65:91:4b:ce:7a:0b:55:dc:62:b5:d6:b5:3d:27:16:68:
         a7:77:c4:8b:be:fb:f4:57:c5:ed:31:7f:53:26:5e:73:37:2b:
         7a:27:cb:8f:da:1c:1b:08:2a:dc:6b:16:f5:80:44:79:82:20:
         1e:59:e9:0b:02:80:92:c4:00:8e:c4:aa:7f:9c:99:da:d7:58:
         c0:b4:c7:c6:8a:6f:9e:b6:aa:d8:13:51:3f:ab:ab:9e:c1:c6:
         3a:68:d8:cb:90:2c:6e:8e:06:42:46:bc:ce:fd:73:a3:3e:e7:
         2d:cc:b2:e1:e0:d6:08:7c:e0:ca:e2:fc:98:2f:f3:77:a2:ee:
         8a:12:85:ba:70:c0:da:67:aa:31:0b:32:00:a1:81:63:3b:43:
         01:19:3b:ca:cf:13:38:96:77:c8:aa:2a:63:e5:4a:7c:b4:b7:
         d7:8b:e1:d6:e7:b5:b8:d5:31:c7:a8:97:d8:16:da:43:ca:d6:
         7d:09:c2:8e:56:af:02:23:fc:8c:b4:1d:c7:73:66:a4:fe:c7:
         dd:0c:9b:34:34:e3:91:8f:96:07:b0:c7:e5:f8:91:3e:85:da:
         b0:98:87:35:3a:75:28:24:23:a0:57:a1:8d:a1:2f:fc:1e:5e:
         6d:d4:0f:49:c8:f8:5b:4f:61:cd:60:92:4f:1c:62:ce:be:61:
         cc:fa:16:e7
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZnR3wdWOs/oB5i9O1qxJKDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDExMDYwNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I4N2NjMDlkYWU0MmM0YjRiNzY0MjgwNmY5OTkxNTVhYzQ1YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgsWg5T/PSX75frCcXj84cC7lVSI
UDglGevBRe2P2RevLfMUKaJiMcWh+OPbZY3ZCO48PKtdoxjNBCSjKWC3JX3W00rZ
W4Dwfh0CJZ1uK3VRde2bUT+BYRPodzERw4KjMNcKjLOGToLjtCKUQ6n0dOIAya/F
ljscCPdmTObviFrzAPSESVXJXQCJQUZewY1QExb2VKj175XnZcdsQNdeqV0WqCuv
RtHAUsXauwPUIxAI1PLobTysUYkHOGSL2wK15mwt/m4wN1APJArEk50xAZKUzey0
RhzcFfrGvKyYei+qZ5cF4GjL7GwN6f0EsvtrctO48YD11LpVS7DhE9yoVwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFNO4fMCdrkLEtLdkKAb5mRVaxFosMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMDdoOHdKMnVRc1MwdDJRb0J2bVpGVnJFV2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAl/ACAwQA
l/CpAwQAl/EhAwQAl/ErAwQAl/EwAwQAl/EzAwQAl/GkAwQAl/IaAwQAl/MaAwQA
l/QqAwQAl/TwAwQAl/VFAwQAl/f2MA0GCSqGSIb3DQEBCwUAA4IBAQCiPmWRS856
C1XcYrXWtT0nFmind8SLvvv0V8XtMX9TJl5zNyt6J8uP2hwbCCrcaxb1gER5giAe
WekLAoCSxACOxKp/nJna11jAtMfGim+etqrYE1E/q6uewcY6aNjLkCxujgZCRrzO
/XOjPuctzLLh4NYIfODK4vyYL/N3ou6KEoW6cMDaZ6oxCzIAoYFjO0MBGTvKzxM4
lnfIqipj5Up8tLfXi+HW57W41THHqJfYFtpDytZ9CcKOVq8CI/yMtB3Hc2ak/sfd
DJs0NOORj5YHsMfl+JE+hdqwmIc1OnUoJCOgV6GNoS/8Hl5t1A9JyPhbT2HNYJJP
HGLOvmHM+hbn
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:17 2025 by rpki-client