Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R2Jw8qAIkVZrNNZXm6csMlM5v_M.roa
File:                     R2Jw8qAIkVZrNNZXm6csMlM5v_M.roa (raw, json)
Hash identifier:          ahfRbOOPEbC6TDbLU4Xqk9l7y76ezVUFE7dWzMwbubg=
Subject key identifier:   47:62:70:F2:A0:08:91:56:6B:34:D6:57:9B:A7:2C:32:53:39:BF:F3
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199D1A0C63CA494D6D1C30A99B99C517CF0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R2Jw8qAIkVZrNNZXm6csMlM5v_M.roa
Signing time:             Sat 11 Oct 2025 04:56:38 +0000
ROA not before:           Sat 11 Oct 2025 04:56:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273478
IP address blocks:        151.244.241.0/24 maxlen: 24
                          151.244.245.0/24 maxlen: 24
                          151.245.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d1:a0:c6:3c:a4:94:d6:d1:c3:0a:99:b9:9c:51:7c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 11 04:56:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=476270f2a00891566b34d6579ba72c325339bff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:93:95:6f:41:ab:3c:32:5c:e5:63:49:ba:fc:
                    03:e2:2c:bf:19:3a:7b:a7:f5:7b:e4:0a:df:85:60:
                    43:93:e3:fd:2a:f7:32:77:e0:de:65:77:42:be:f9:
                    c2:4a:cb:c4:d8:cf:55:9c:81:f7:d1:42:0d:a4:81:
                    7f:f6:36:27:20:a4:02:86:d4:a5:aa:01:cc:64:9c:
                    ba:4a:a5:a5:62:50:0b:12:14:9d:43:e1:98:45:f9:
                    89:d3:ea:1e:7f:3e:c1:28:15:1e:07:8b:64:07:22:
                    ff:1c:c2:f5:6b:de:25:71:82:7c:5e:11:4a:25:8f:
                    62:e7:eb:83:5a:be:7b:86:84:66:c0:2e:34:4e:08:
                    b4:bd:7c:8f:a9:4a:cc:45:9b:87:0c:34:c0:84:55:
                    18:01:03:9c:7a:73:dc:9e:d2:e0:4d:05:f1:51:46:
                    64:8f:30:3b:8b:55:1e:d0:ca:d5:30:0f:61:d3:a0:
                    2a:ed:ee:19:e7:26:af:15:91:bc:80:b0:a2:74:e9:
                    11:54:0b:5f:b7:87:9b:cf:1c:cf:6f:df:a8:45:c4:
                    df:0a:a0:63:b8:95:39:7e:18:8a:9e:09:76:0a:42:
                    cd:fa:eb:e1:d9:40:75:24:21:1d:cf:89:66:bb:ec:
                    9d:aa:89:95:c0:14:51:90:aa:93:9f:77:dc:0b:b2:
                    70:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:62:70:F2:A0:08:91:56:6B:34:D6:57:9B:A7:2C:32:53:39:BF:F3
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R2Jw8qAIkVZrNNZXm6csMlM5v_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.241.0/24
                  151.244.245.0/24
                  151.245.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:e6:94:83:41:e9:fa:5e:4a:92:31:e1:52:9b:5b:4d:59:9e:
         44:eb:d1:8a:6f:2d:3c:03:61:87:b3:0a:82:03:a3:da:01:96:
         35:cc:f4:7d:7d:8d:f5:e2:e8:e0:a6:3f:0b:e3:5b:92:e6:ee:
         81:f8:1a:6a:16:93:76:93:5f:4a:b1:4b:33:9c:33:25:8c:fd:
         09:d5:99:6f:27:52:67:0a:32:a0:5d:99:02:63:9e:67:d6:4a:
         e5:78:9c:54:35:0e:6d:ff:f5:73:86:51:c9:dd:6b:cf:cf:09:
         b9:e8:ab:6f:47:01:f3:7c:e3:e8:91:87:27:93:5c:b1:06:d5:
         1b:1a:33:4a:28:9e:25:d1:08:c1:79:e4:e8:98:c8:8f:90:c7:
         95:72:73:35:d6:b2:1a:88:d4:27:aa:67:d0:de:ca:68:55:f7:
         ad:30:41:82:bb:e3:bf:5b:74:20:a5:a3:21:f7:12:b2:06:4a:
         20:92:51:4c:68:23:91:7e:31:93:a5:76:ba:88:bb:38:4b:07:
         25:11:10:ae:d6:bc:21:58:2a:02:79:97:93:66:31:52:e3:80:
         ee:c6:15:de:e1:c0:b7:19:61:62:ec:ad:6d:f5:0c:70:92:50:
         65:d2:3f:25:88:4b:5e:9e:4f:74:80:bb:ec:4e:c5:d7:6c:e0:
         45:78:c9:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnRoMY8pJTW0cMKmbmcUXzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDExMDQ1NjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzYyNzBmMmEwMDg5MTU2NmIzNGQ2NTc5YmE3MmMzMjUzMzliZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJOVb0GrPDJc5WNJuvwD4iy/GTp7
p/V75ArfhWBDk+P9Kvcyd+DeZXdCvvnCSsvE2M9VnIH30UINpIF/9jYnIKQChtSl
qgHMZJy6SqWlYlALEhSdQ+GYRfmJ0+oefz7BKBUeB4tkByL/HML1a94lcYJ8XhFK
JY9i5+uDWr57hoRmwC40Tgi0vXyPqUrMRZuHDDTAhFUYAQOcenPcntLgTQXxUUZk
jzA7i1Ue0MrVMA9h06Aq7e4Z5yavFZG8gLCidOkRVAtft4ebzxzPb9+oRcTfCqBj
uJU5fhiKngl2CkLN+uvh2UB1JCEdz4lmu+ydqomVwBRRkKqTn3fcC7JwtQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEdicPKgCJFWazTWV5unLDJTOb/zMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUjJKdzhxQUlrVlpyTk5aWG02Y3NNbE01dl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/TxAwQA
l/T1AwQBl/XyMA0GCSqGSIb3DQEBCwUAA4IBAQCb5pSDQen6XkqSMeFSm1tNWZ5E
69GKby08A2GHswqCA6PaAZY1zPR9fY314ujgpj8L41uS5u6B+BpqFpN2k19KsUsz
nDMljP0J1ZlvJ1JnCjKgXZkCY55n1krleJxUNQ5t//VzhlHJ3WvPzwm56KtvRwHz
fOPokYcnk1yxBtUbGjNKKJ4l0QjBeeTomMiPkMeVcnM11rIaiNQnqmfQ3spoVfet
MEGCu+O/W3QgpaMh9xKyBkogklFMaCORfjGTpXa6iLs4SwclERCu1rwhWCoCeZeT
ZjFS44DuxhXe4cC3GWFi7K1t9QxwklBl0j8liEtenk90gLvsTsXXbOBFeMml
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:16 2025 by rpki-client