Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lNTTEsjadRhPha0J835cibHx_4Q.roa
File:                     lNTTEsjadRhPha0J835cibHx_4Q.roa (raw, json)
Hash identifier:          1DgQZSxWSC4v8aAtdJTP2B+pVKxnLd2IerApVT9p2io=
Subject key identifier:   94:D4:D3:12:C8:DA:75:18:4F:85:AD:09:F3:7E:5C:89:B1:F1:FF:84
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019699C7CFB4FA4A902D3D19AF1388D05F44
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lNTTEsjadRhPha0J835cibHx_4Q.roa
Signing time:             Sun 04 May 2025 05:32:10 +0000
ROA not before:           Sun 04 May 2025 05:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        151.244.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 23:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:99:c7:cf:b4:fa:4a:90:2d:3d:19:af:13:88:d0:5f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  4 05:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94d4d312c8da75184f85ad09f37e5c89b1f1ff84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1e:37:26:8a:80:52:02:cd:42:33:01:41:7e:
                    84:a0:42:b1:84:1b:c1:07:b0:30:6d:03:d6:44:ad:
                    09:4d:9d:ba:28:b6:13:41:7f:16:24:94:1e:9b:0b:
                    07:16:8e:9c:3d:8c:2c:ae:07:ce:ac:67:3d:42:d7:
                    53:10:4e:c2:5c:89:9a:8b:6b:73:c1:92:19:12:45:
                    09:7c:ad:ae:cc:dd:a7:58:2b:7f:51:f0:fe:b7:dc:
                    5a:96:ff:6e:8f:04:e7:cd:46:b9:2e:65:9e:43:47:
                    bc:95:c0:ab:61:e4:7a:2a:6b:d0:17:cf:db:d2:a9:
                    49:17:f7:e1:34:ad:92:01:ce:80:95:9d:4b:e3:8c:
                    b2:f0:35:44:be:ef:6e:ea:97:c2:60:2c:f3:cf:28:
                    dc:19:ec:2d:88:82:84:57:07:c5:5e:d5:38:14:41:
                    4b:b5:04:45:5a:af:04:34:69:18:0f:d6:a0:fc:85:
                    df:d7:90:d7:31:09:f2:7c:ff:c9:91:32:be:87:c8:
                    f5:2a:82:8f:cf:77:94:d8:c1:fb:e8:a0:78:11:34:
                    39:f8:6c:2a:76:c8:84:ca:f1:cc:4e:2f:b1:47:30:
                    8f:15:64:64:d4:ca:05:d1:33:75:fa:0e:aa:47:17:
                    2a:28:09:a9:9f:ae:89:79:61:d4:74:f8:0c:b5:d4:
                    77:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D4:D3:12:C8:DA:75:18:4F:85:AD:09:F3:7E:5C:89:B1:F1:FF:84
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lNTTEsjadRhPha0J835cibHx_4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:09:ed:34:b6:f6:f4:fa:f9:4c:60:78:e2:4f:3b:04:2e:9d:
         eb:84:fb:50:cd:ba:7e:f0:56:bb:84:a5:df:a7:06:ce:18:a6:
         da:4e:f9:ab:41:02:54:ac:70:f9:4d:b6:2d:9a:83:12:ec:ce:
         bf:01:16:ee:a2:0a:83:32:fc:54:bd:7f:d6:5e:2e:dc:a5:12:
         ed:3e:16:8a:25:9c:36:f6:2c:8f:1a:62:88:8c:ab:41:d3:61:
         c3:1f:5a:c7:7d:77:04:b9:26:49:15:d0:f8:70:07:9d:c6:09:
         7b:d8:76:9b:72:a7:dd:22:f5:a0:cf:71:97:9b:3d:40:85:f0:
         7c:59:b6:d7:49:00:cf:19:c0:72:26:c9:c6:d7:9d:84:d5:c4:
         aa:ea:28:3d:20:97:67:15:41:01:fc:40:7f:85:d3:58:4c:ad:
         6e:d9:21:2f:06:ac:76:ba:20:a8:e8:bc:b9:d1:ed:e1:a4:93:
         6e:8d:ec:9d:ad:1b:e4:be:93:29:a3:c2:5f:15:39:55:f7:69:
         5f:5b:a9:4f:8f:cd:fd:3a:09:22:38:5b:f1:ae:6b:9c:50:69:
         45:94:91:47:2e:49:b3:5a:ab:f5:90:82:51:80:26:74:f4:96:
         6d:fb:8d:cf:00:70:95:87:d6:21:4b:29:14:ce:d7:c8:24:ae:
         96:0b:d1:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaZx8+0+kqQLT0ZrxOI0F9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTA0MDUzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGQ0ZDMxMmM4ZGE3NTE4NGY4NWFkMDlmMzdlNWM4OWIxZjFmZjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR43JoqAUgLNQjMBQX6EoEKxhBvB
B7AwbQPWRK0JTZ26KLYTQX8WJJQemwsHFo6cPYwsrgfOrGc9QtdTEE7CXImai2tz
wZIZEkUJfK2uzN2nWCt/UfD+t9xalv9ujwTnzUa5LmWeQ0e8lcCrYeR6KmvQF8/b
0qlJF/fhNK2SAc6AlZ1L44yy8DVEvu9u6pfCYCzzzyjcGewtiIKEVwfFXtU4FEFL
tQRFWq8ENGkYD9ag/IXf15DXMQnyfP/JkTK+h8j1KoKPz3eU2MH76KB4ETQ5+Gwq
dsiEyvHMTi+xRzCPFWRk1MoF0TN1+g6qRxcqKAmpn66JeWHUdPgMtdR35wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTU0xLI2nUYT4WtCfN+XImx8f+EMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbE5UVEVzamFkUmhQaGEwSjgzNWNpYkh4XzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/QAMA0G
CSqGSIb3DQEBCwUAA4IBAQApCe00tvb0+vlMYHjiTzsELp3rhPtQzbp+8Fa7hKXf
pwbOGKbaTvmrQQJUrHD5TbYtmoMS7M6/ARbuogqDMvxUvX/WXi7cpRLtPhaKJZw2
9iyPGmKIjKtB02HDH1rHfXcEuSZJFdD4cAedxgl72HabcqfdIvWgz3GXmz1AhfB8
WbbXSQDPGcByJsnG152E1cSq6ig9IJdnFUEB/EB/hdNYTK1u2SEvBqx2uiCo6Ly5
0e3hpJNujeydrRvkvpMpo8JfFTlV92lfW6lPj839OgkiOFvxrmucUGlFlJFHLkmz
Wqv1kIJRgCZ09JZt+43PAHCVh9YhSykUztfIJK6WC9Ge
-----END CERTIFICATE-----