Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_GgZsaKEt2FdKLe56YTVFVLDWLE.roa
File:                     _GgZsaKEt2FdKLe56YTVFVLDWLE.roa (raw, json)
Hash identifier:          9OAgh9gKR4L1vX4XFB6U5zSV6QedEje+IpX5YQSkEGA=
Subject key identifier:   FC:68:19:B1:A2:84:B7:61:5D:28:B7:B9:E9:84:D5:15:52:C3:58:B1
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196A57B6BDCCAD15486F75F8A084174EDFE
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_GgZsaKEt2FdKLe56YTVFVLDWLE.roa
Signing time:             Tue 06 May 2025 12:04:11 +0000
ROA not before:           Tue 06 May 2025 12:04:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        151.242.129.0/24 maxlen: 24
                          151.242.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:7b:6b:dc:ca:d1:54:86:f7:5f:8a:08:41:74:ed:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  6 12:04:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc6819b1a284b7615d28b7b9e984d51552c358b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a9:33:30:77:9a:83:2a:3b:97:6d:f2:a9:68:
                    67:51:f2:3c:51:4d:e3:18:65:f3:0f:fd:84:87:5b:
                    7b:13:7e:be:01:d4:23:51:d8:aa:8b:a1:92:5c:47:
                    c0:f4:21:96:69:fb:a3:dc:60:bb:30:a9:08:30:46:
                    46:6a:9b:14:50:2f:78:d2:ce:7f:30:fa:3c:47:64:
                    93:5e:bd:82:15:88:9d:b3:6d:5e:a6:24:84:6b:34:
                    fd:03:f7:61:a6:f4:8d:0c:12:ff:91:3b:55:6f:88:
                    a4:d4:1a:4d:c0:10:1b:34:e1:62:87:62:ce:18:bb:
                    dc:cc:10:af:ea:1b:82:dd:2e:73:c0:b2:30:0a:7d:
                    f6:d4:f7:94:79:6a:f1:ee:f5:6b:02:df:e4:59:05:
                    f8:37:13:bf:39:44:b7:eb:b1:79:6a:b3:ca:7f:a1:
                    1d:39:45:c3:d0:88:0d:03:7e:f3:24:84:70:3a:59:
                    6c:8e:36:75:c5:c1:7f:5d:d4:be:95:96:78:da:53:
                    02:49:28:81:76:16:4f:65:0a:78:85:02:8e:63:a3:
                    ae:a8:2a:bd:de:c0:42:5b:be:c8:b2:a1:31:15:e5:
                    7e:7d:17:55:34:53:c0:d8:6f:cb:b6:e5:3b:93:f5:
                    1a:db:0b:80:16:e6:f2:37:62:2b:76:5a:fd:b7:d2:
                    62:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:68:19:B1:A2:84:B7:61:5D:28:B7:B9:E9:84:D5:15:52:C3:58:B1
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_GgZsaKEt2FdKLe56YTVFVLDWLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.129.0/24
                  151.242.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:16:c1:b6:4b:e3:ff:1d:2f:43:a4:85:e0:c1:62:a4:56:25:
         e8:0f:c7:40:fa:1b:58:92:88:a2:bb:6b:e3:f0:20:15:2b:9e:
         d0:4b:56:36:51:26:f8:a3:b0:12:aa:fe:d0:35:15:fa:61:4f:
         c6:45:84:89:03:34:5b:fa:72:1b:6a:8b:a8:a3:a6:d2:01:43:
         c4:7d:3c:49:2c:70:a6:1f:11:4e:3d:08:3d:c7:57:94:77:82:
         4b:39:3b:29:68:43:07:fb:9a:3f:06:90:73:82:45:95:a2:bf:
         88:eb:0f:cb:5c:21:fe:8c:7d:3c:ab:66:60:31:73:1b:e7:0d:
         d3:79:7a:b4:a0:95:dd:26:0e:30:63:87:d7:3c:78:25:bf:c8:
         0a:12:ad:75:81:c3:9b:a0:b9:e0:22:90:40:3e:aa:93:70:8a:
         6f:cf:2b:aa:c2:7d:35:17:93:83:a8:c0:ba:5b:42:c9:90:3e:
         84:11:63:19:e2:ff:2d:e2:f0:76:9b:d8:29:5d:ec:29:f3:60:
         4a:e2:46:92:a5:0b:e5:93:22:ed:c1:36:33:69:15:f2:cf:9a:
         a6:6d:f5:35:ef:3c:05:d9:db:b9:b7:27:2e:3e:8a:2c:73:6c:
         61:ec:0f:07:fb:76:3b:f2:25:4e:c6:4e:9e:a3:05:10:77:d7:
         32:31:2a:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZale2vcytFUhvdfighBdO3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTA2MTIwNDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzY4MTliMWEyODRiNzYxNWQyOGI3YjllOTg0ZDUxNTUyYzM1OGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKkzMHeagyo7l23yqWhnUfI8UU3j
GGXzD/2Eh1t7E36+AdQjUdiqi6GSXEfA9CGWafuj3GC7MKkIMEZGapsUUC940s5/
MPo8R2STXr2CFYids21epiSEazT9A/dhpvSNDBL/kTtVb4ik1BpNwBAbNOFih2LO
GLvczBCv6huC3S5zwLIwCn321PeUeWrx7vVrAt/kWQX4NxO/OUS367F5arPKf6Ed
OUXD0IgNA37zJIRwOllsjjZ1xcF/XdS+lZZ42lMCSSiBdhZPZQp4hQKOY6OuqCq9
3sBCW77IsqExFeV+fRdVNFPA2G/LtuU7k/Ua2wuAFubyN2Irdlr9t9Ji3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPxoGbGihLdhXSi3uemE1RVSw1ixMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvX0dnWnNhS0V0MkZkS0xlNTZZVFZGVkxEV0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/KBAwQA
l/KRMA0GCSqGSIb3DQEBCwUAA4IBAQAsFsG2S+P/HS9DpIXgwWKkViXoD8dA+htY
koiiu2vj8CAVK57QS1Y2USb4o7ASqv7QNRX6YU/GRYSJAzRb+nIbaouoo6bSAUPE
fTxJLHCmHxFOPQg9x1eUd4JLOTspaEMH+5o/BpBzgkWVor+I6w/LXCH+jH08q2Zg
MXMb5w3TeXq0oJXdJg4wY4fXPHglv8gKEq11gcOboLngIpBAPqqTcIpvzyuqwn01
F5ODqMC6W0LJkD6EEWMZ4v8t4vB2m9gpXewp82BK4kaSpQvlkyLtwTYzaRXyz5qm
bfU17zwF2du5tycuPoosc2xh7A8H+3Y78iVOxk6eowUQd9cyMSpD
-----END CERTIFICATE-----