Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QzcfeauTAz2p_FjrOYvc0qWlYss.roa
File:                     QzcfeauTAz2p_FjrOYvc0qWlYss.roa (raw, json)
Hash identifier:          stYSod2D9nWjz41bwgY9xiPQocShMKvGKUChN5RcDe0=
Subject key identifier:   43:37:1F:79:AB:93:03:3D:A9:FC:58:EB:39:8B:DC:D2:A5:A5:62:CB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D13E1D224A853BF2EAB774589C215957
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QzcfeauTAz2p_FjrOYvc0qWlYss.roa
Signing time:             Fri 22 Aug 2025 10:06:05 +0000
ROA not before:           Fri 22 Aug 2025 10:06:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15510
IP address blocks:        151.246.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:3e:1d:22:4a:85:3b:f2:ea:b7:74:58:9c:21:59:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 22 10:06:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43371f79ab93033da9fc58eb398bdcd2a5a562cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6c:a3:33:49:6f:ab:f1:d3:2d:18:69:ac:6b:
                    55:f2:ed:65:ec:8c:eb:29:bb:e8:2a:ae:b0:61:a8:
                    00:f4:49:15:67:a3:07:49:65:ef:d6:d4:a0:4d:21:
                    a0:26:c7:e8:27:43:2d:c8:9c:23:68:5d:68:ea:49:
                    fa:70:5b:43:77:aa:c2:ca:3c:ff:07:b6:0f:d6:d1:
                    aa:de:6e:f8:b8:c2:96:7f:db:04:46:78:60:1d:48:
                    e0:2d:ce:e8:1f:ee:8b:11:71:87:2c:57:41:88:4f:
                    06:4c:01:af:36:33:75:ce:70:74:20:6c:5f:f1:8f:
                    49:e0:d7:30:08:d1:55:56:a6:57:4c:79:c1:60:a3:
                    5f:56:c7:90:5a:52:98:dd:1a:75:f5:58:ee:fe:70:
                    92:29:17:fe:b0:3b:fb:6c:f0:fa:ff:e7:b6:00:db:
                    7d:5c:f1:75:ab:c0:c0:f0:86:cb:3c:54:66:74:96:
                    2e:e7:89:65:76:8b:7c:a1:65:7a:05:92:37:5e:3c:
                    4e:db:ba:2c:f0:72:22:d5:1c:19:8b:67:ac:41:92:
                    24:b6:a4:a7:b9:cf:39:ac:31:38:46:c6:e9:8a:0e:
                    ea:12:29:13:b0:97:89:b6:f2:20:82:c1:c2:0e:1f:
                    6a:6e:74:d3:9c:f8:92:7e:96:3f:ad:33:8a:d8:84:
                    06:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:37:1F:79:AB:93:03:3D:A9:FC:58:EB:39:8B:DC:D2:A5:A5:62:CB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QzcfeauTAz2p_FjrOYvc0qWlYss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:bf:f2:47:af:c9:6f:a5:7a:d2:a9:89:b9:01:31:24:4f:9e:
         ea:7c:ca:ef:06:ff:6c:5a:8f:e0:28:1d:01:c6:49:81:4f:42:
         0f:28:92:a6:b9:63:53:a8:1a:d6:b8:82:6c:ad:90:f9:d5:87:
         a2:0c:d6:5d:11:64:50:11:61:70:52:91:17:02:ea:88:10:df:
         b0:2b:21:09:a5:82:22:b4:97:73:1b:6b:aa:5e:30:0d:6d:71:
         70:96:cd:76:7c:e0:63:e8:04:25:36:b0:46:61:21:09:47:22:
         5b:62:f7:ee:6d:79:a6:75:bf:91:8e:e5:b2:67:58:e2:05:04:
         ea:74:1f:99:60:5c:b3:b6:3e:ea:46:f2:bc:0e:99:9c:5b:a5:
         73:e9:f6:36:16:ac:e7:fe:57:e7:5d:b5:5a:4b:31:6f:7b:41:
         d7:24:84:90:bb:65:e8:73:33:8e:d7:9e:a9:8d:a7:e8:48:d2:
         7f:45:04:39:90:75:95:51:bc:37:95:94:87:11:e5:1a:bc:4d:
         56:a2:b7:00:67:7f:a6:3a:a4:b9:32:44:b6:25:d5:05:ef:44:
         21:c5:c5:57:b6:58:13:fc:60:2c:e7:57:fc:c9:f3:2c:b3:a7:
         f4:dc:fe:90:48:6c:76:a9:45:ae:e2:e0:52:ab:36:45:d8:88:
         bf:30:95:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRPh0iSoU78uq3dFicIVlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTAwNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM3MWY3OWFiOTMwMzNkYTlmYzU4ZWIzOThiZGNkMmE1YTU2MmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGyjM0lvq/HTLRhprGtV8u1l7Izr
KbvoKq6wYagA9EkVZ6MHSWXv1tSgTSGgJsfoJ0MtyJwjaF1o6kn6cFtDd6rCyjz/
B7YP1tGq3m74uMKWf9sERnhgHUjgLc7oH+6LEXGHLFdBiE8GTAGvNjN1znB0IGxf
8Y9J4NcwCNFVVqZXTHnBYKNfVseQWlKY3Rp19Vju/nCSKRf+sDv7bPD6/+e2ANt9
XPF1q8DA8IbLPFRmdJYu54lldot8oWV6BZI3XjxO27os8HIi1RwZi2esQZIktqSn
uc85rDE4Rsbpig7qEikTsJeJtvIggsHCDh9qbnTTnPiSfpY/rTOK2IQGQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM3H3mrkwM9qfxY6zmL3NKlpWLLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUXpjZmVhdVRBejJwX0Zqck9ZdmMwcVdsWXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/bSMA0G
CSqGSIb3DQEBCwUAA4IBAQByv/JHr8lvpXrSqYm5ATEkT57qfMrvBv9sWo/gKB0B
xkmBT0IPKJKmuWNTqBrWuIJsrZD51YeiDNZdEWRQEWFwUpEXAuqIEN+wKyEJpYIi
tJdzG2uqXjANbXFwls12fOBj6AQlNrBGYSEJRyJbYvfubXmmdb+RjuWyZ1jiBQTq
dB+ZYFyztj7qRvK8DpmcW6Vz6fY2Fqzn/lfnXbVaSzFve0HXJISQu2XoczOO156p
jafoSNJ/RQQ5kHWVUbw3lZSHEeUavE1WorcAZ3+mOqS5MkS2JdUF70QhxcVXtlgT
/GAs51f8yfMss6f03P6QSGx2qUWu4uBSqzZF2Ii/MJVu
-----END CERTIFICATE-----