Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YPoVgmm0ZYmkp16eub6AitQBSew.roa
File:                     YPoVgmm0ZYmkp16eub6AitQBSew.roa (raw, json)
Hash identifier:          VFhRajuTlE9U2jxCzmX0axTOGJNgmlzetwWXrhm4fg0=
Subject key identifier:   60:FA:15:82:69:B4:65:89:A4:A7:5E:9E:B9:BE:80:8A:D4:01:49:EC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199A977C73F4F624AFF48F7B0DE3F73DB26
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YPoVgmm0ZYmkp16eub6AitQBSew.roa
Signing time:             Fri 03 Oct 2025 09:47:03 +0000
ROA not before:           Fri 03 Oct 2025 09:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        151.241.51.0/24 maxlen: 24
                          151.243.87.0/24 maxlen: 24
                          151.244.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:77:c7:3f:4f:62:4a:ff:48:f7:b0:de:3f:73:db:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct  3 09:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60fa158269b46589a4a75e9eb9be808ad40149ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:04:a0:28:25:1c:d3:ac:ba:d2:64:ec:96:1e:
                    19:da:0a:f0:0b:8c:3d:93:f7:79:a1:30:86:4f:e6:
                    be:0a:24:3b:9f:5e:12:f8:a9:c0:52:aa:4a:d6:af:
                    52:d6:02:05:57:aa:b7:bb:06:f5:55:e0:c5:12:6b:
                    68:02:d7:55:01:28:b0:0e:f2:bc:71:04:8a:7f:5c:
                    07:f8:ec:21:74:e9:c2:05:f1:61:c0:aa:38:d4:bb:
                    78:da:2d:27:cc:21:26:cf:e1:58:9d:0c:c0:02:ac:
                    55:6c:e6:45:b8:82:40:45:82:3e:89:4c:48:54:d3:
                    9f:11:39:ee:36:6f:1d:7d:f7:18:16:bf:e6:c5:20:
                    ce:44:a1:9b:08:cc:19:06:d8:52:33:15:ae:5a:fc:
                    95:2c:ce:f8:ac:3f:a3:a2:ef:5f:6c:9b:79:15:8c:
                    b8:7c:10:df:28:0f:e2:27:98:50:62:11:66:82:25:
                    a0:50:77:05:a5:08:e5:5d:c5:e3:21:c0:a3:9e:11:
                    a8:ab:34:8c:b7:08:f2:10:5b:57:ef:fb:ef:2b:2f:
                    85:65:9a:01:46:70:49:5c:c0:c8:92:9f:a1:f0:04:
                    54:f7:a0:4e:6f:ac:29:4c:b4:d3:5f:05:e7:f3:54:
                    71:3a:30:be:f7:93:a0:35:90:bd:e8:f7:39:7a:2d:
                    10:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:FA:15:82:69:B4:65:89:A4:A7:5E:9E:B9:BE:80:8A:D4:01:49:EC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YPoVgmm0ZYmkp16eub6AitQBSew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.51.0/24
                  151.243.87.0/24
                  151.244.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:08:d8:60:aa:85:21:c1:a0:b4:46:65:9d:f2:ae:dd:58:04:
         d8:ac:93:b2:b6:21:d4:65:ec:47:22:e2:bd:41:09:8e:a7:3e:
         01:f5:14:c7:be:d3:58:cc:9c:8b:a5:61:0a:da:6d:42:2b:ec:
         44:ad:18:72:eb:d3:cc:1b:4c:96:ad:a0:0f:2d:e7:87:f0:6a:
         35:c1:41:83:31:84:73:44:09:a9:cf:41:9e:8a:35:5d:24:3e:
         c3:ac:55:39:a3:23:77:04:f8:21:98:4d:33:46:a8:4f:62:12:
         3b:5b:1f:78:01:98:66:a1:62:57:87:41:d1:3f:05:16:55:1e:
         2a:15:2d:23:76:36:19:2c:e5:ba:8f:07:26:bb:00:06:5b:9e:
         42:ea:5d:56:e1:f5:19:4d:1c:f9:3b:54:b4:b6:d9:eb:f2:0c:
         f1:37:d8:58:7d:db:17:2f:dd:04:12:0c:60:e2:30:b9:da:71:
         6a:5e:07:85:af:bf:c0:4a:43:d7:19:56:b9:09:1b:4e:1f:6a:
         c6:cd:f4:72:93:21:7e:73:56:4e:ba:ec:52:63:36:e1:25:8d:
         2e:15:d9:0e:a6:80:9a:37:e0:af:6c:a3:db:3f:47:fe:18:b2:
         9d:1b:49:35:09:85:d4:9b:f0:a2:ac:ea:fc:b2:cc:38:58:8c:
         3d:d1:8f:93
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmpd8c/T2JK/0j3sN4/c9smMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDAzMDk0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGZhMTU4MjY5YjQ2NTg5YTRhNzVlOWViOWJlODA4YWQ0MDE0OWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwSgKCUc06y60mTslh4Z2grwC4w9
k/d5oTCGT+a+CiQ7n14S+KnAUqpK1q9S1gIFV6q3uwb1VeDFEmtoAtdVASiwDvK8
cQSKf1wH+OwhdOnCBfFhwKo41Lt42i0nzCEmz+FYnQzAAqxVbOZFuIJARYI+iUxI
VNOfETnuNm8dffcYFr/mxSDORKGbCMwZBthSMxWuWvyVLM74rD+jou9fbJt5FYy4
fBDfKA/iJ5hQYhFmgiWgUHcFpQjlXcXjIcCjnhGoqzSMtwjyEFtX7/vvKy+FZZoB
RnBJXMDIkp+h8ARU96BOb6wpTLTTXwXn81RxOjC+95OgNZC96Pc5ei0Q/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGD6FYJptGWJpKdenrm+gIrUAUnsMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWVBvVmdtbTBaWW1rcDE2ZXViNkFpdFFCU2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/EzAwQA
l/NXAwQAl/TAMA0GCSqGSIb3DQEBCwUAA4IBAQB6CNhgqoUhwaC0RmWd8q7dWATY
rJOytiHUZexHIuK9QQmOpz4B9RTHvtNYzJyLpWEK2m1CK+xErRhy69PMG0yWraAP
LeeH8Go1wUGDMYRzRAmpz0GeijVdJD7DrFU5oyN3BPghmE0zRqhPYhI7Wx94AZhm
oWJXh0HRPwUWVR4qFS0jdjYZLOW6jwcmuwAGW55C6l1W4fUZTRz5O1S0ttnr8gzx
N9hYfdsXL90EEgxg4jC52nFqXgeFr7/ASkPXGVa5CRtOH2rGzfRykyF+c1ZOuuxS
YzbhJY0uFdkOpoCaN+CvbKPbP0f+GLKdG0k1CYXUm/CirOr8ssw4WIw90Y+T
-----END CERTIFICATE-----