Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cO15YOuhENJpB4BH4Yb_oJ5Ubis.roa
File:                     cO15YOuhENJpB4BH4Yb_oJ5Ubis.roa (raw, json)
Hash identifier:          myxzGjPgj+nPKqybHO0RIhV1TNaWbAdWdLBqHfZ8VAg=
Subject key identifier:   70:ED:79:60:EB:A1:10:D2:69:07:80:47:E1:86:FF:A0:9E:54:6E:2B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01999E39172C611529BEB798F27BA87EEF93
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cO15YOuhENJpB4BH4Yb_oJ5Ubis.roa
Signing time:             Wed 01 Oct 2025 05:22:45 +0000
ROA not before:           Wed 01 Oct 2025 05:22:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203758
IP address blocks:        151.242.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:39:17:2c:61:15:29:be:b7:98:f2:7b:a8:7e:ef:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct  1 05:22:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70ed7960eba110d269078047e186ffa09e546e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:af:5d:80:3e:8a:cd:f2:11:9b:1d:2d:5b:72:
                    a5:1f:0b:55:d2:e1:59:a2:70:36:de:8c:31:cc:a0:
                    5e:c2:93:19:93:46:b9:29:55:32:e5:26:43:02:8e:
                    5f:c1:00:f5:6a:21:af:78:bc:9b:ed:91:b6:2c:63:
                    64:e2:93:89:88:79:ef:c7:83:00:52:27:3f:0b:06:
                    48:cb:75:af:cf:72:f3:b3:a6:ce:63:9e:2b:48:3d:
                    b2:d2:6d:07:f8:c4:d2:df:e0:24:7f:e0:6c:03:28:
                    54:39:80:73:67:bc:66:e6:67:34:64:eb:07:70:38:
                    b7:ed:5e:92:53:cb:82:cc:c7:69:a7:ba:de:71:30:
                    a4:31:c4:61:f5:55:aa:c5:a2:36:79:d5:b8:e4:be:
                    f7:c3:18:60:25:6c:70:ea:2b:dd:0c:02:bf:39:0c:
                    1e:a3:de:b1:75:d7:42:c7:93:d8:8d:f8:fa:b8:d4:
                    d6:47:fa:0f:98:1b:88:c0:a3:31:ab:84:96:f8:e9:
                    9b:3d:67:45:69:db:53:83:78:8a:48:85:ad:11:b3:
                    df:29:72:f6:6a:83:19:4a:95:83:e1:60:8e:ba:11:
                    aa:40:2f:d6:1d:1d:1b:95:e9:53:58:f1:32:89:af:
                    b3:7f:b5:f1:c8:28:4a:55:4a:da:5b:78:23:8e:de:
                    c1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:ED:79:60:EB:A1:10:D2:69:07:80:47:E1:86:FF:A0:9E:54:6E:2B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cO15YOuhENJpB4BH4Yb_oJ5Ubis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:85:ab:d7:73:af:f9:fe:41:5c:75:b9:64:83:db:9c:4a:0a:
         72:9f:f6:c1:08:36:0b:2d:f6:0f:ab:46:01:48:a1:ff:24:88:
         80:34:10:26:93:36:2a:7a:c2:67:58:e7:1c:30:13:35:66:4b:
         a4:d7:cf:d6:4b:b9:f2:eb:1c:9b:62:3f:b0:c2:52:23:9e:e2:
         29:7d:c4:a6:62:0d:f2:86:33:f8:76:d0:d3:1b:fc:5e:37:3d:
         89:46:8d:87:25:13:2c:5e:80:35:d3:89:41:4e:b1:46:f4:3b:
         51:7b:d8:f5:ba:f2:b5:74:aa:25:06:ea:e4:a6:b2:76:7a:6a:
         9f:79:77:9e:93:1b:1b:e0:49:3d:29:5b:e4:9f:45:62:5a:b3:
         5b:90:74:13:61:1c:df:f0:a8:aa:f5:c0:53:56:fd:b5:07:64:
         0d:cb:c4:1b:dc:99:ec:72:3b:3d:b8:a4:d3:cc:bd:de:c7:02:
         f6:e4:a8:d6:01:1a:32:1f:48:67:58:08:6d:cf:41:b3:7c:ab:
         0b:1c:e7:b8:08:9a:a4:26:f1:c7:21:63:e2:62:3e:38:2b:8b:
         ff:46:8b:80:ef:4d:c2:bf:ce:63:35:c5:df:fb:11:a7:cb:87:
         5f:fb:87:24:c8:10:a6:cc:44:4c:ca:1c:20:3c:f5:85:af:de:
         e5:d7:a1:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmeORcsYRUpvreY8nuofu+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDAxMDUyMjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGVkNzk2MGViYTExMGQyNjkwNzgwNDdlMTg2ZmZhMDllNTQ2ZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq9dgD6KzfIRmx0tW3KlHwtV0uFZ
onA23owxzKBewpMZk0a5KVUy5SZDAo5fwQD1aiGveLyb7ZG2LGNk4pOJiHnvx4MA
Uic/CwZIy3Wvz3Lzs6bOY54rSD2y0m0H+MTS3+Akf+BsAyhUOYBzZ7xm5mc0ZOsH
cDi37V6SU8uCzMdpp7recTCkMcRh9VWqxaI2edW45L73wxhgJWxw6ivdDAK/OQwe
o96xdddCx5PYjfj6uNTWR/oPmBuIwKMxq4SW+OmbPWdFadtTg3iKSIWtEbPfKXL2
aoMZSpWD4WCOuhGqQC/WHR0blelTWPEyia+zf7XxyChKVUraW3gjjt7BgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDteWDroRDSaQeAR+GG/6CeVG4rMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvY08xNVlPdWhFTkpwQjRCSDRZYl9vSjVVYmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/J/MA0G
CSqGSIb3DQEBCwUAA4IBAQCJhavXc6/5/kFcdblkg9ucSgpyn/bBCDYLLfYPq0YB
SKH/JIiANBAmkzYqesJnWOccMBM1Zkuk18/WS7ny6xybYj+wwlIjnuIpfcSmYg3y
hjP4dtDTG/xeNz2JRo2HJRMsXoA104lBTrFG9DtRe9j1uvK1dKolBurkprJ2emqf
eXeekxsb4Ek9KVvkn0ViWrNbkHQTYRzf8Kiq9cBTVv21B2QNy8Qb3Jnscjs9uKTT
zL3exwL25KjWARoyH0hnWAhtz0GzfKsLHOe4CJqkJvHHIWPiYj44K4v/RouA703C
v85jNcXf+xGny4df+4ckyBCmzERMyhwgPPWFr97l16Ew
-----END CERTIFICATE-----