Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OHmx74tu-CXSUmJDQQKgT7EPjvk.roa
File:                     OHmx74tu-CXSUmJDQQKgT7EPjvk.roa (raw, json)
Hash identifier:          O6fzcfRMNxoZDT3DRW8WOO3r7uWNnaAbD1N3ivlY/9s=
Subject key identifier:   38:79:B1:EF:8B:6E:F8:25:D2:52:62:43:41:02:A0:4F:B1:0F:8E:F9
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199DD2A44D2E7DBE592D7162DC9E58CE058
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OHmx74tu-CXSUmJDQQKgT7EPjvk.roa
Signing time:             Mon 13 Oct 2025 10:42:38 +0000
ROA not before:           Mon 13 Oct 2025 10:42:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        151.242.89.0/24 maxlen: 24
                          151.244.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:2a:44:d2:e7:db:e5:92:d7:16:2d:c9:e5:8c:e0:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 13 10:42:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3879b1ef8b6ef825d25262434102a04fb10f8ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f5:d1:83:cf:4f:28:4c:94:fa:65:f7:34:25:
                    c1:1f:47:0a:d6:91:d3:18:9d:e6:61:f6:f1:08:d0:
                    ae:f8:18:24:eb:0d:48:00:1c:be:a2:dc:06:ce:00:
                    39:e9:33:c8:c7:67:47:29:98:b7:52:a6:26:9d:cb:
                    8c:18:5d:57:b7:4f:be:32:63:21:cd:20:23:3d:a6:
                    68:82:5e:1c:04:ba:a5:4b:f9:81:7b:c2:18:c1:b6:
                    a5:2d:2b:7b:16:8c:26:c6:ea:c8:fb:65:68:14:cb:
                    7b:a5:64:03:ad:6c:7a:7c:68:28:95:0d:cd:b2:0b:
                    15:19:66:f7:c9:21:44:5f:72:52:87:34:5a:d3:94:
                    51:bd:ef:5f:a2:07:12:61:fa:2c:c4:24:ce:71:19:
                    7e:59:05:de:1c:09:ee:67:63:49:ff:70:a5:c8:e4:
                    35:2d:e8:7c:12:85:4f:e0:54:9e:7c:bb:b5:b6:4b:
                    06:fa:4d:a1:f9:0f:7b:ee:cb:90:72:2f:3e:28:4f:
                    e7:04:ab:c2:26:2b:0b:9e:a2:8c:77:90:e3:6c:f3:
                    16:2c:b7:84:d7:2d:e0:95:9f:91:fa:40:75:e1:c5:
                    0e:0c:b7:ab:17:41:ba:2c:49:4c:ca:03:9a:97:3b:
                    f2:59:32:43:cb:70:17:d5:dd:e0:a6:15:e0:43:08:
                    da:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:79:B1:EF:8B:6E:F8:25:D2:52:62:43:41:02:A0:4F:B1:0F:8E:F9
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OHmx74tu-CXSUmJDQQKgT7EPjvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.89.0/24
                  151.244.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:c2:88:14:80:59:1a:26:3e:9d:48:07:2c:ab:35:84:3f:9b:
         1f:bf:bd:d7:42:da:f9:a9:94:ae:5d:2a:6f:f7:ed:90:bf:99:
         a4:29:91:2d:c7:10:4c:e6:5f:8f:8a:be:a9:5e:16:84:e9:94:
         0e:5b:34:2f:28:6e:84:12:7c:9c:49:54:a0:a8:1a:6f:25:f1:
         31:00:e5:7f:06:49:4e:83:9d:8a:10:cd:6c:70:f8:85:35:3c:
         e8:96:2b:a5:55:c5:95:2d:b1:55:96:74:b3:7d:7d:fa:9c:c8:
         c0:78:86:59:21:19:d1:8b:62:74:0f:d8:0f:ea:0a:f8:c2:c1:
         16:b0:d7:09:f9:06:05:d2:af:10:67:86:99:d8:78:6d:e1:e8:
         e3:d1:bb:e6:56:9e:fd:6f:64:b2:a1:31:38:b7:25:3f:09:f1:
         94:b4:00:10:0f:53:cb:c3:50:78:78:d4:49:f2:e4:aa:80:d1:
         97:4f:22:3c:40:c8:ab:24:6b:dd:4f:01:40:29:8a:fe:81:72:
         84:31:d7:09:bc:75:97:a9:35:d8:b6:a4:2a:70:bd:ca:8d:b8:
         b3:68:7e:da:0a:70:e7:65:ee:71:0d:31:06:3d:c4:30:ef:1d:
         de:3b:06:2b:8b:74:88:7f:de:fc:82:01:eb:d4:78:40:55:53:
         7d:e0:09:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZndKkTS59vlktcWLcnljOBYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDEzMTA0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODc5YjFlZjhiNmVmODI1ZDI1MjYyNDM0MTAyYTA0ZmIxMGY4ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fXRg89PKEyU+mX3NCXBH0cK1pHT
GJ3mYfbxCNCu+Bgk6w1IABy+otwGzgA56TPIx2dHKZi3UqYmncuMGF1Xt0++MmMh
zSAjPaZogl4cBLqlS/mBe8IYwbalLSt7FowmxurI+2VoFMt7pWQDrWx6fGgolQ3N
sgsVGWb3ySFEX3JShzRa05RRve9fogcSYfosxCTOcRl+WQXeHAnuZ2NJ/3ClyOQ1
Leh8EoVP4FSefLu1tksG+k2h+Q977suQci8+KE/nBKvCJisLnqKMd5DjbPMWLLeE
1y3glZ+R+kB14cUODLerF0G6LElMygOalzvyWTJDy3AX1d3gphXgQwjaxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDh5se+Lbvgl0lJiQ0ECoE+xD475MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvT0hteDc0dHUtQ1hTVW1KRFFRS2dUN0VQanZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/JZAwQA
l/THMA0GCSqGSIb3DQEBCwUAA4IBAQCBwogUgFkaJj6dSAcsqzWEP5sfv73XQtr5
qZSuXSpv9+2Qv5mkKZEtxxBM5l+Pir6pXhaE6ZQOWzQvKG6EEnycSVSgqBpvJfEx
AOV/BklOg52KEM1scPiFNTzoliulVcWVLbFVlnSzfX36nMjAeIZZIRnRi2J0D9gP
6gr4wsEWsNcJ+QYF0q8QZ4aZ2Hht4ejj0bvmVp79b2SyoTE4tyU/CfGUtAAQD1PL
w1B4eNRJ8uSqgNGXTyI8QMirJGvdTwFAKYr+gXKEMdcJvHWXqTXYtqQqcL3Kjbiz
aH7aCnDnZe5xDTEGPcQw7x3eOwYri3SIf978ggHr1HhAVVN94AlW
-----END CERTIFICATE-----