Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jMDRRc1vG-ZPXytiQfZ5v744s9k.roa
File:                     jMDRRc1vG-ZPXytiQfZ5v744s9k.roa (raw, json)
Hash identifier:          LeEa2Xl+rCvq7JI+evjqcVFY3W96ODQhRFjoThcdSes=
Subject key identifier:   8C:C0:D1:45:CD:6F:1B:E6:4F:5F:2B:62:41:F6:79:BF:BE:38:B3:D9
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019791A33D2A5233C7B0E91B7683564890EB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jMDRRc1vG-ZPXytiQfZ5v744s9k.roa
Signing time:             Sat 21 Jun 2025 08:38:03 +0000
ROA not before:           Sat 21 Jun 2025 08:38:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214305
IP address blocks:        151.240.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 19:11:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:91:a3:3d:2a:52:33:c7:b0:e9:1b:76:83:56:48:90:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 21 08:38:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cc0d145cd6f1be64f5f2b6241f679bfbe38b3d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3d:b6:03:28:66:99:a4:fe:30:04:49:25:64:
                    5d:dd:6c:09:9f:02:2c:cc:7e:ba:33:84:a0:27:57:
                    2b:75:f1:db:8a:5d:11:28:c0:7d:ef:c9:01:15:ae:
                    9c:5f:5e:b5:50:cb:d2:34:15:55:19:b3:93:2e:5b:
                    53:80:50:92:60:e8:ae:02:1f:38:fb:f8:c6:e3:06:
                    ea:80:56:99:4f:8a:51:32:e3:dd:82:9e:ef:76:95:
                    79:ab:24:b5:a3:a3:78:25:72:9d:6b:55:17:5b:79:
                    ba:8a:f6:0a:92:e8:08:0d:72:0b:b3:bb:a0:a4:fb:
                    9a:33:a3:8f:35:d2:3b:3a:65:11:6b:cb:2b:b1:cb:
                    b6:52:c0:b9:57:c5:9a:a9:06:45:70:aa:c4:4b:36:
                    91:82:e5:6e:86:9f:0a:5e:67:ff:ec:81:ee:e4:42:
                    4b:10:b1:57:64:d2:e0:a4:68:d4:f7:ac:f7:cc:59:
                    35:c1:64:63:13:25:30:c6:6d:78:39:c7:69:04:b9:
                    a8:9c:4c:27:32:40:12:0b:fc:fd:13:29:6e:79:8a:
                    e3:40:e6:8b:f2:3a:62:f2:a2:24:83:eb:f1:52:f9:
                    36:99:03:82:99:e0:73:06:a7:b5:6d:66:1e:90:f4:
                    0e:1d:f7:18:7c:fe:b6:19:32:51:b9:31:1d:2b:6d:
                    0a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:C0:D1:45:CD:6F:1B:E6:4F:5F:2B:62:41:F6:79:BF:BE:38:B3:D9
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jMDRRc1vG-ZPXytiQfZ5v744s9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:85:1b:da:b0:04:17:9d:2b:51:af:51:ba:5e:4c:2a:54:ee:
         58:b8:b8:b3:e1:bd:66:25:b5:3e:96:7c:91:97:50:b2:fa:0e:
         e8:3c:89:ee:eb:08:ae:16:e0:a9:1e:ab:69:81:57:4f:18:24:
         78:2f:02:f7:78:5a:35:dd:d8:5d:2f:d1:18:b5:f8:fb:be:3c:
         cd:19:99:9a:6b:b0:e0:1a:8a:95:6d:31:78:d1:b0:e6:2d:d2:
         74:e5:d0:be:69:79:4f:f1:65:02:ee:d7:d5:94:ff:08:0f:17:
         d1:c2:98:be:36:5a:e6:48:47:f4:d4:ec:fb:41:d1:8a:af:96:
         cc:f7:6f:7d:38:c2:f3:45:95:99:3d:6a:8a:4e:6a:b5:08:e0:
         61:5a:7f:5a:56:b5:77:1e:c8:c4:2a:a8:98:8b:6d:8b:26:07:
         a8:87:00:3f:0f:d2:82:b3:bb:0a:3c:59:d5:10:cd:25:af:77:
         0f:05:5d:17:b0:d7:74:d0:73:d5:9b:b1:b3:2a:d0:96:58:30:
         2b:ca:02:05:6f:e8:aa:08:e8:a3:ba:33:94:8b:ed:55:5f:c5:
         ee:ff:17:b6:4c:0d:e3:27:88:01:f1:a5:0c:52:de:66:5d:2c:
         0f:ae:5c:79:ce:14:3e:18:81:53:91:58:a1:54:94:f2:15:56:
         ed:46:09:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeRoz0qUjPHsOkbdoNWSJDrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjIxMDgzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2MwZDE0NWNkNmYxYmU2NGY1ZjJiNjI0MWY2NzliZmJlMzhiM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtj22AyhmmaT+MARJJWRd3WwJnwIs
zH66M4SgJ1crdfHbil0RKMB978kBFa6cX161UMvSNBVVGbOTLltTgFCSYOiuAh84
+/jG4wbqgFaZT4pRMuPdgp7vdpV5qyS1o6N4JXKda1UXW3m6ivYKkugIDXILs7ug
pPuaM6OPNdI7OmURa8srscu2UsC5V8WaqQZFcKrESzaRguVuhp8KXmf/7IHu5EJL
ELFXZNLgpGjU96z3zFk1wWRjEyUwxm14OcdpBLmonEwnMkASC/z9EylueYrjQOaL
8jpi8qIkg+vxUvk2mQOCmeBzBqe1bWYekPQOHfcYfP62GTJRuTEdK20KUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzA0UXNbxvmT18rYkH2eb++OLPZMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvak1EUlJjMXZHLVpQWHl0aVFmWjV2NzQ0czlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/BMMA0G
CSqGSIb3DQEBCwUAA4IBAQCxhRvasAQXnStRr1G6XkwqVO5YuLiz4b1mJbU+lnyR
l1Cy+g7oPInu6wiuFuCpHqtpgVdPGCR4LwL3eFo13dhdL9EYtfj7vjzNGZmaa7Dg
GoqVbTF40bDmLdJ05dC+aXlP8WUC7tfVlP8IDxfRwpi+NlrmSEf01Oz7QdGKr5bM
9299OMLzRZWZPWqKTmq1COBhWn9aVrV3HsjEKqiYi22LJgeohwA/D9KCs7sKPFnV
EM0lr3cPBV0XsNd00HPVm7GzKtCWWDArygIFb+iqCOijujOUi+1VX8Xu/xe2TA3j
J4gB8aUMUt5mXSwPrlx5zhQ+GIFTkVihVJTyFVbtRglQ
-----END CERTIFICATE-----