Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WzP70hRK0hb3DQDCXsdHPq-F51E.roa
File:                     WzP70hRK0hb3DQDCXsdHPq-F51E.roa (raw, json)
Hash identifier:          HdbYtN3gNJjTgKlsVuREc2FJX8rtCNDlR1dDdHQK4Hw=
Subject key identifier:   5B:33:FB:D2:14:4A:D2:16:F7:0D:00:C2:5E:C7:47:3E:AF:85:E7:51
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199E63FB51FB6D9870D722D4329467A31C6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WzP70hRK0hb3DQDCXsdHPq-F51E.roa
Signing time:             Wed 15 Oct 2025 05:02:38 +0000
ROA not before:           Wed 15 Oct 2025 05:02:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        151.245.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:3f:b5:1f:b6:d9:87:0d:72:2d:43:29:46:7a:31:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 15 05:02:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b33fbd2144ad216f70d00c25ec7473eaf85e751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:13:02:4f:55:12:45:39:c4:98:58:ba:85:96:
                    80:66:d2:81:af:1b:52:fc:b9:79:9c:1f:99:92:b6:
                    a5:be:42:d0:b5:14:10:c4:eb:1e:12:3d:44:08:3c:
                    fe:12:90:a0:18:b9:3c:17:43:21:42:54:b8:32:bf:
                    f5:c4:82:e5:50:ab:f7:4e:a4:a7:c2:95:3b:a0:f6:
                    94:9c:eb:9a:1c:be:91:2b:d0:a2:91:0c:a0:bb:fd:
                    c6:cc:7d:fd:a5:cf:1e:2d:7e:82:0a:23:5c:b6:10:
                    90:16:9a:9a:91:d0:17:df:88:87:df:b2:d6:3c:aa:
                    c5:a0:9a:01:df:19:4d:46:17:77:b9:70:b5:6d:13:
                    0f:ab:5d:90:5a:16:ad:80:9e:09:a2:45:57:29:03:
                    bf:76:06:d0:db:14:fb:6d:18:b6:06:0d:bc:a1:b5:
                    d2:be:bd:f5:2d:78:f7:6a:07:b0:2f:1e:2e:a5:70:
                    b7:fe:7b:d3:64:b5:b9:73:f5:3d:54:80:75:1f:e9:
                    35:e1:5c:d1:42:7b:f9:b3:c0:06:94:5c:ea:ba:f5:
                    ba:bb:48:00:94:b9:dc:fa:44:97:0f:8a:dc:bc:94:
                    66:e1:37:7c:eb:e4:ff:c6:6f:8e:3c:fd:52:68:b9:
                    c7:fe:b2:d4:fb:0b:ad:15:f3:4d:8d:7e:77:33:59:
                    21:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:33:FB:D2:14:4A:D2:16:F7:0D:00:C2:5E:C7:47:3E:AF:85:E7:51
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WzP70hRK0hb3DQDCXsdHPq-F51E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b6:14:c6:c9:fb:60:76:aa:40:d0:76:de:71:49:f2:2b:66:
         d9:75:f1:79:90:85:a2:e8:f8:79:34:8c:97:7c:5e:0a:a7:84:
         66:54:e3:df:af:28:fb:87:64:f2:b7:2f:96:cc:79:d5:a4:74:
         be:02:5a:98:0e:ee:56:34:17:9a:5d:98:c0:17:c9:e1:0d:ba:
         ef:0d:b4:e7:07:20:1d:29:7e:14:fe:c5:46:4b:10:3f:14:c8:
         6b:85:bf:1d:63:7e:26:36:f0:f9:21:fc:59:09:f5:44:8b:7a:
         5a:83:4c:68:5a:55:b6:9b:2f:b6:53:f2:fd:06:e0:4b:38:7e:
         e7:2b:f6:34:02:43:85:6d:02:ea:79:f5:db:c1:1d:6b:de:a9:
         8b:af:3c:1b:c9:d9:98:aa:ad:05:2c:ba:36:c7:68:19:83:af:
         58:71:63:f0:18:ed:43:7b:6c:79:d2:71:7d:ab:ef:a2:97:61:
         a1:4a:8a:e7:1c:3a:1c:df:8d:f3:79:69:f4:d9:5b:1d:27:fa:
         12:07:0d:fc:3d:ce:cc:fa:d8:26:3e:d5:f1:99:47:6b:b5:03:
         1d:bc:37:81:fe:5b:3f:b1:0c:15:40:ce:3c:38:c4:cc:30:37:
         2d:d7:f4:17:41:03:fe:f3:00:e9:d5:f0:f8:cd:1e:5b:b1:60:
         f2:1f:63:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnmP7UfttmHDXItQylGejHGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDE1MDUwMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjMzZmJkMjE0NGFkMjE2ZjcwZDAwYzI1ZWM3NDczZWFmODVlNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRMCT1USRTnEmFi6hZaAZtKBrxtS
/Ll5nB+ZkralvkLQtRQQxOseEj1ECDz+EpCgGLk8F0MhQlS4Mr/1xILlUKv3TqSn
wpU7oPaUnOuaHL6RK9CikQygu/3GzH39pc8eLX6CCiNcthCQFpqakdAX34iH37LW
PKrFoJoB3xlNRhd3uXC1bRMPq12QWhatgJ4JokVXKQO/dgbQ2xT7bRi2Bg28obXS
vr31LXj3agewLx4upXC3/nvTZLW5c/U9VIB1H+k14VzRQnv5s8AGlFzquvW6u0gA
lLnc+kSXD4rcvJRm4Td86+T/xm+OPP1SaLnH/rLU+wutFfNNjX53M1kh/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsz+9IUStIW9w0Awl7HRz6vhedRMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvV3pQNzBoUkswaGIzRFFEQ1hzZEhQcS1GNTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/WzMA0G
CSqGSIb3DQEBCwUAA4IBAQAAthTGyftgdqpA0HbecUnyK2bZdfF5kIWi6Ph5NIyX
fF4Kp4RmVOPfryj7h2Tyty+WzHnVpHS+AlqYDu5WNBeaXZjAF8nhDbrvDbTnByAd
KX4U/sVGSxA/FMhrhb8dY34mNvD5IfxZCfVEi3pag0xoWlW2my+2U/L9BuBLOH7n
K/Y0AkOFbQLqefXbwR1r3qmLrzwbydmYqq0FLLo2x2gZg69YcWPwGO1De2x50nF9
q++il2GhSornHDoc343zeWn02VsdJ/oSBw38Pc7M+tgmPtXxmUdrtQMdvDeB/ls/
sQwVQM48OMTMMDct1/QXQQP+8wDp1fD4zR5bsWDyH2Ou
-----END CERTIFICATE-----