Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0yxaAVQq_HDFnrxig7tGUSA7yZk.roa
File:                     0yxaAVQq_HDFnrxig7tGUSA7yZk.roa (raw, json)
Hash identifier:          D6SnHsjDDLI1dhzmBicKQgsaqZQAsGamOLAwkw1XHeM=
Subject key identifier:   D3:2C:5A:01:54:2A:FC:70:C5:9E:BC:62:83:BB:46:51:20:3B:C9:99
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01994168EF2869376BD4539B8CB781C47317
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0yxaAVQq_HDFnrxig7tGUSA7yZk.roa
Signing time:             Sat 13 Sep 2025 04:50:19 +0000
ROA not before:           Sat 13 Sep 2025 04:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209274
IP address blocks:        151.243.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:41:68:ef:28:69:37:6b:d4:53:9b:8c:b7:81:c4:73:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 13 04:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d32c5a01542afc70c59ebc6283bb4651203bc999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e8:61:a1:e7:c5:14:33:ae:94:cf:ed:64:e5:
                    cb:fb:3a:17:20:d3:d9:1f:ae:db:f3:fd:2b:ec:48:
                    89:62:26:57:38:55:9d:36:61:5f:1e:b4:ff:33:50:
                    db:54:e3:b7:13:1e:59:11:53:6a:78:6b:1f:dc:65:
                    90:1c:e6:61:bf:89:db:83:d3:9a:37:ed:e4:3c:34:
                    8a:d2:d1:44:59:e1:a1:5a:eb:bf:2f:c0:0c:5f:eb:
                    55:cd:25:9e:24:8a:e4:ee:c2:c0:9e:c9:ff:c0:c1:
                    83:6a:48:f9:2a:d6:33:82:c2:5d:c1:01:46:83:58:
                    cd:c6:cb:ec:ad:03:e7:d2:62:76:0f:22:d8:19:c2:
                    07:49:6a:78:c9:15:eb:f0:70:e2:0c:33:75:ee:bb:
                    70:4f:44:a4:a0:e7:e7:3e:da:82:dc:e0:43:d9:a2:
                    d4:45:2c:f8:92:91:da:4b:2c:5e:c1:ea:4c:02:fb:
                    21:12:f3:2c:c3:ef:f7:c0:3c:d4:8a:41:99:4f:99:
                    43:82:f1:e5:83:fa:92:c2:97:70:78:cb:69:e7:76:
                    c1:86:cb:39:7e:9f:c5:5b:2d:01:25:2b:18:ec:17:
                    3d:e1:fc:43:40:8d:a2:00:7a:92:bc:1b:7f:ec:ba:
                    9a:b1:a2:21:4e:ac:ab:31:34:49:60:93:30:f0:32:
                    28:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2C:5A:01:54:2A:FC:70:C5:9E:BC:62:83:BB:46:51:20:3B:C9:99
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0yxaAVQq_HDFnrxig7tGUSA7yZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:32:e5:6d:3e:29:72:30:04:9f:ba:68:97:5e:eb:37:e3:79:
         16:e0:05:be:f8:99:12:ec:79:78:6c:d1:46:f8:9d:fd:01:f8:
         5a:5b:c1:29:9f:99:df:c3:aa:21:7a:b0:4f:10:da:f6:9e:d4:
         f7:05:76:1f:a2:b1:53:7b:53:a6:8a:1a:6b:77:2c:d8:9a:33:
         4a:4c:ac:69:06:ce:80:d1:0f:df:13:57:a1:6d:6f:7c:76:b5:
         3e:1d:b8:c1:5b:4f:cf:e9:cd:03:46:0b:f2:7d:93:86:a8:96:
         a3:1d:5d:ee:c9:13:f8:ee:a0:e8:23:eb:8d:44:3b:18:28:f0:
         06:36:8a:48:a7:ef:a8:41:48:65:1a:d0:0e:30:08:d5:bb:fc:
         4e:82:b2:0c:c5:3b:10:dd:c1:6c:6a:40:b9:33:df:cb:19:5b:
         5d:aa:26:e0:2d:78:49:9c:80:4d:63:0a:1b:12:53:85:51:6f:
         8b:75:f9:ab:38:7d:fc:87:60:2e:43:13:77:d8:28:39:85:d0:
         4a:b3:04:04:ec:1e:98:63:90:01:27:4c:5e:e9:46:77:07:da:
         27:e9:94:9a:5f:e9:7c:fd:fd:b9:0c:d9:6a:7e:1c:b7:1a:dc:
         ad:2f:bc:00:03:13:f4:5e:fe:ed:6c:bd:0f:04:06:ed:59:19:
         02:62:23:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlBaO8oaTdr1FObjLeBxHMXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTEzMDQ1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzJjNWEwMTU0MmFmYzcwYzU5ZWJjNjI4M2JiNDY1MTIwM2JjOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuhhoefFFDOulM/tZOXL+zoXINPZ
H67b8/0r7EiJYiZXOFWdNmFfHrT/M1DbVOO3Ex5ZEVNqeGsf3GWQHOZhv4nbg9Oa
N+3kPDSK0tFEWeGhWuu/L8AMX+tVzSWeJIrk7sLAnsn/wMGDakj5KtYzgsJdwQFG
g1jNxsvsrQPn0mJ2DyLYGcIHSWp4yRXr8HDiDDN17rtwT0SkoOfnPtqC3OBD2aLU
RSz4kpHaSyxewepMAvshEvMsw+/3wDzUikGZT5lDgvHlg/qSwpdweMtp53bBhss5
fp/FWy0BJSsY7Bc94fxDQI2iAHqSvBt/7LqasaIhTqyrMTRJYJMw8DIoWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMsWgFUKvxwxZ68YoO7RlEgO8mZMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMHl4YUFWUXFfSERGbnJ4aWc3dEdVU0E3eVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NtMA0G
CSqGSIb3DQEBCwUAA4IBAQCsMuVtPilyMASfumiXXus343kW4AW++JkS7Hl4bNFG
+J39AfhaW8Epn5nfw6oherBPENr2ntT3BXYforFTe1OmihprdyzYmjNKTKxpBs6A
0Q/fE1ehbW98drU+HbjBW0/P6c0DRgvyfZOGqJajHV3uyRP47qDoI+uNRDsYKPAG
NopIp++oQUhlGtAOMAjVu/xOgrIMxTsQ3cFsakC5M9/LGVtdqibgLXhJnIBNYwob
ElOFUW+LdfmrOH38h2AuQxN32Cg5hdBKswQE7B6YY5ABJ0xe6UZ3B9on6ZSaX+l8
/f25DNlqfhy3GtytL7wAAxP0Xv7tbL0PBAbtWRkCYiMV
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:19 2025 by rpki-client