Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WItjxiKbT3RGOMLQYHKMfj1JaKQ.roa
File:                     WItjxiKbT3RGOMLQYHKMfj1JaKQ.roa (raw, json)
Hash identifier:          asR8/OF3lQoeD7uIMkAtkLlPVvx3rND/BSqzGOI4gCY=
Subject key identifier:   58:8B:63:C6:22:9B:4F:74:46:38:C2:D0:60:72:8C:7E:3D:49:68:A4
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D57B0435522189E816E1D4C1F97FBABC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WItjxiKbT3RGOMLQYHKMfj1JaKQ.roa
Signing time:             Sat 23 Aug 2025 05:51:05 +0000
ROA not before:           Sat 23 Aug 2025 05:51:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211826
IP address blocks:        151.242.124.0/24 maxlen: 24
                          151.243.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d5:7b:04:35:52:21:89:e8:16:e1:d4:c1:f9:7f:ba:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 23 05:51:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=588b63c6229b4f744638c2d060728c7e3d4968a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dd:df:19:a8:d5:1e:45:43:7f:a3:01:30:47:
                    86:90:dc:5c:6b:dc:ba:5d:06:73:84:b6:27:5e:0d:
                    84:36:36:c2:e9:81:b8:df:c7:3a:bb:0e:7e:6b:49:
                    85:d1:a4:c9:23:de:16:94:ec:36:e8:97:6a:a6:05:
                    89:ff:2a:8a:00:aa:1f:fb:cd:d2:17:b4:c3:fe:8f:
                    94:ff:30:6f:31:d1:cb:d6:c3:d0:2a:dd:3f:81:c5:
                    f0:f1:2a:46:b6:11:65:a3:16:58:a6:77:ca:0b:fa:
                    95:dc:91:5a:43:bf:f9:40:00:ae:15:69:cd:aa:32:
                    63:b2:79:cc:54:5f:a9:28:be:fc:ba:66:c2:17:52:
                    1b:9e:0b:84:81:e4:85:cc:07:30:1e:8e:84:df:be:
                    12:49:1e:a6:ea:4c:d5:7d:a9:63:be:7a:b9:58:66:
                    24:15:cd:12:19:a2:13:63:46:64:25:92:4c:05:eb:
                    8f:e9:62:2a:cf:1d:30:ad:7e:87:ca:28:ad:56:b4:
                    95:65:29:69:4d:8b:55:dc:90:c9:be:a8:3d:51:a9:
                    f1:60:2e:a9:9f:cb:df:27:fa:78:ab:8f:67:af:c7:
                    51:56:74:b2:0d:60:54:36:1f:ea:5f:2f:b0:5a:53:
                    7e:4e:16:6f:38:49:e1:e5:72:3f:5a:6e:4b:8e:34:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:8B:63:C6:22:9B:4F:74:46:38:C2:D0:60:72:8C:7E:3D:49:68:A4
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WItjxiKbT3RGOMLQYHKMfj1JaKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.124.0/24
                  151.243.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:0c:f3:87:76:6f:12:b9:ee:fe:6a:41:c3:f0:a7:73:43:89:
         50:c9:48:2b:af:aa:92:26:a7:56:6e:59:11:a8:2c:70:3a:42:
         49:d1:d9:3f:2c:b7:32:71:5d:f4:9c:77:17:68:44:20:cc:ff:
         9c:3b:6a:fe:16:5d:26:81:a1:93:c6:d6:32:11:24:7b:da:c7:
         6c:7b:ba:38:9b:d9:71:a6:2a:45:80:0e:a5:74:b6:0d:92:0c:
         22:13:3e:3c:6a:5f:a8:3f:12:14:43:18:8e:52:08:02:79:34:
         e5:71:3b:99:f4:58:59:71:b2:b7:0a:65:e9:e1:b0:0a:b1:1f:
         0e:ad:88:9d:aa:5d:ac:f3:f6:21:34:84:b9:04:e8:6b:c2:2a:
         5d:fb:bf:70:80:11:3f:80:a4:75:53:30:a2:7f:a5:a4:7f:f9:
         ab:6f:85:63:02:68:cc:55:c1:60:91:a7:97:c8:f0:e8:5b:e1:
         23:95:81:8c:2a:01:2a:32:92:37:b5:cb:be:f5:10:bf:d1:f0:
         e3:54:02:c1:74:1d:96:31:1a:a0:a4:4a:79:25:10:e0:28:92:
         78:31:b1:67:9f:18:ca:14:75:d9:a6:5b:d3:6e:db:bc:84:17:
         ac:d7:ce:f2:b5:0b:9e:d8:e5:99:d4:3d:ff:bd:89:ea:53:8b:
         07:4d:87:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjVewQ1UiGJ6Bbh1MH5f7q8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIzMDU1MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODhiNjNjNjIyOWI0Zjc0NDYzOGMyZDA2MDcyOGM3ZTNkNDk2OGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst3fGajVHkVDf6MBMEeGkNxca9y6
XQZzhLYnXg2ENjbC6YG438c6uw5+a0mF0aTJI94WlOw26JdqpgWJ/yqKAKof+83S
F7TD/o+U/zBvMdHL1sPQKt0/gcXw8SpGthFloxZYpnfKC/qV3JFaQ7/5QACuFWnN
qjJjsnnMVF+pKL78umbCF1IbnguEgeSFzAcwHo6E374SSR6m6kzVfaljvnq5WGYk
Fc0SGaITY0ZkJZJMBeuP6WIqzx0wrX6HyiitVrSVZSlpTYtV3JDJvqg9UanxYC6p
n8vfJ/p4q49nr8dRVnSyDWBUNh/qXy+wWlN+ThZvOEnh5XI/Wm5LjjSOvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFiLY8Yim090RjjC0GByjH49SWikMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvV0l0anhpS2JUM1JHT01MUVlIS01majFKYUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/J8AwQA
l/NTMA0GCSqGSIb3DQEBCwUAA4IBAQCLDPOHdm8Sue7+akHD8KdzQ4lQyUgrr6qS
JqdWblkRqCxwOkJJ0dk/LLcycV30nHcXaEQgzP+cO2r+Fl0mgaGTxtYyESR72sds
e7o4m9lxpipFgA6ldLYNkgwiEz48al+oPxIUQxiOUggCeTTlcTuZ9FhZcbK3CmXp
4bAKsR8OrYidql2s8/YhNIS5BOhrwipd+79wgBE/gKR1UzCif6Wkf/mrb4VjAmjM
VcFgkaeXyPDoW+EjlYGMKgEqMpI3tcu+9RC/0fDjVALBdB2WMRqgpEp5JRDgKJJ4
MbFnnxjKFHXZplvTbtu8hBes187ytQue2OWZ1D3/vYnqU4sHTYf1
-----END CERTIFICATE-----