Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/n4XiP0qiLVlMBrN7C3wQ6Eher0Y.roa
File:                     n4XiP0qiLVlMBrN7C3wQ6Eher0Y.roa (raw, json)
Hash identifier:          2F2kUNXf0VVddlHDqhSHmZ+LK1xStFGEQ/CfUD4JD7s=
Subject key identifier:   9F:85:E2:3F:4A:A2:2D:59:4C:06:B3:7B:0B:7C:10:E8:48:5E:AF:46
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01994D1B94853C6F0A5D5560403C0CD36CFA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/n4XiP0qiLVlMBrN7C3wQ6Eher0Y.roa
Signing time:             Mon 15 Sep 2025 11:21:17 +0000
ROA not before:           Mon 15 Sep 2025 11:21:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133153
IP address blocks:        151.241.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:1b:94:85:3c:6f:0a:5d:55:60:40:3c:0c:d3:6c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 15 11:21:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f85e23f4aa22d594c06b37b0b7c10e8485eaf46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:64:50:96:c5:48:8a:8c:bd:cf:5c:0e:4d:51:
                    bf:9c:2b:bc:4b:58:1c:1a:81:35:a4:19:c5:56:f5:
                    86:1d:99:e3:47:aa:80:1a:a0:bb:2d:2b:2d:36:48:
                    51:3b:a7:92:e1:90:d0:c9:c0:0c:cd:e9:05:fe:7b:
                    3c:32:58:a9:a6:53:86:98:4e:7b:b2:33:93:64:37:
                    a9:2d:08:8e:c2:dd:67:af:89:e2:3e:ea:f4:55:e7:
                    64:33:28:06:e4:0f:55:21:c4:ab:4f:bf:17:3a:fc:
                    fb:84:a5:9b:e8:eb:82:0c:44:84:4e:59:15:53:2b:
                    34:73:4c:53:d0:f6:fb:87:70:d7:88:a9:ae:54:cd:
                    54:36:00:fa:f3:60:04:e1:45:5c:b0:83:d4:89:67:
                    e9:1d:c8:9d:90:63:65:d0:0c:61:5c:98:86:08:7b:
                    d7:e0:82:b0:b4:39:3a:bc:79:20:a0:3a:00:92:08:
                    e7:28:9b:0c:17:b2:c3:e8:aa:ba:e0:5f:27:58:27:
                    2d:7a:ac:ae:1a:fb:e0:21:c3:25:f1:2f:c2:f9:70:
                    c6:da:f2:5d:36:ac:03:4b:66:16:eb:9a:ac:77:80:
                    7c:10:71:f6:73:2f:3f:7c:a3:2a:0e:64:f5:ed:ee:
                    e8:9e:55:7f:9c:a8:8e:da:8e:47:52:76:f7:9d:29:
                    97:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:85:E2:3F:4A:A2:2D:59:4C:06:B3:7B:0B:7C:10:E8:48:5E:AF:46
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/n4XiP0qiLVlMBrN7C3wQ6Eher0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:af:c8:86:f8:d8:1f:8d:f3:d3:14:6e:35:87:8b:3a:b4:e1:
         25:09:1c:c8:9a:b9:91:96:0b:8f:0e:c2:30:69:32:26:30:67:
         a6:f3:de:f9:25:ba:af:41:63:fc:85:06:53:a3:97:9c:be:a5:
         7d:c2:98:8f:49:e6:5b:9c:c0:b1:52:9c:ca:20:78:eb:f4:67:
         23:c3:75:4c:6e:0b:a4:c7:97:a6:d8:c2:d0:e5:09:21:ae:42:
         53:1c:ad:82:c1:ec:44:2c:90:b9:1a:09:99:c4:4f:52:30:5c:
         57:62:2a:46:f4:ff:ca:e5:52:cc:5c:26:55:0a:14:0b:a9:6f:
         b7:f5:dd:2c:82:05:ba:cc:ce:d3:54:69:9b:a2:95:26:d0:0f:
         c0:9d:6d:37:44:cc:06:02:b7:2b:00:cc:4b:7b:65:6e:ef:d4:
         f0:8f:2f:76:6a:39:d8:71:c8:a8:4d:b4:ae:0f:b0:27:c0:4f:
         2f:b7:7a:d5:36:54:4e:be:c2:58:ab:14:5e:ba:4a:7b:85:c9:
         0c:c7:0c:02:d6:e4:3e:f4:da:c4:d2:94:6f:59:9d:97:0a:d8:
         e9:a9:f1:6b:a5:08:c2:c3:94:df:53:93:77:3a:2a:b5:a7:86:
         4a:9f:56:03:0c:20:a5:02:33:e6:3f:a3:ca:87:83:2b:8d:f6:
         df:75:d3:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlNG5SFPG8KXVVgQDwM02z6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTE1MTEyMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjg1ZTIzZjRhYTIyZDU5NGMwNmIzN2IwYjdjMTBlODQ4NWVhZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmRQlsVIioy9z1wOTVG/nCu8S1gc
GoE1pBnFVvWGHZnjR6qAGqC7LSstNkhRO6eS4ZDQycAMzekF/ns8MlipplOGmE57
sjOTZDepLQiOwt1nr4niPur0VedkMygG5A9VIcSrT78XOvz7hKWb6OuCDESETlkV
Uys0c0xT0Pb7h3DXiKmuVM1UNgD682AE4UVcsIPUiWfpHcidkGNl0AxhXJiGCHvX
4IKwtDk6vHkgoDoAkgjnKJsMF7LD6Kq64F8nWCcteqyuGvvgIcMl8S/C+XDG2vJd
NqwDS2YW65qsd4B8EHH2cy8/fKMqDmT17e7onlV/nKiO2o5HUnb3nSmXxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+F4j9Koi1ZTAazewt8EOhIXq9GMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbjRYaVAwcWlMVmxNQnJON0Mzd1E2RWhlcjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/GcMA0G
CSqGSIb3DQEBCwUAA4IBAQAHr8iG+NgfjfPTFG41h4s6tOElCRzImrmRlguPDsIw
aTImMGem8975JbqvQWP8hQZTo5ecvqV9wpiPSeZbnMCxUpzKIHjr9Gcjw3VMbguk
x5em2MLQ5QkhrkJTHK2CwexELJC5GgmZxE9SMFxXYipG9P/K5VLMXCZVChQLqW+3
9d0sggW6zM7TVGmbopUm0A/AnW03RMwGArcrAMxLe2Vu79Twjy92ajnYccioTbSu
D7AnwE8vt3rVNlROvsJYqxReukp7hckMxwwC1uQ+9NrE0pRvWZ2XCtjpqfFrpQjC
w5TfU5N3Oiq1p4ZKn1YDDCClAjPmP6PKh4MrjfbfddPz
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:16 2025 by rpki-client