Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/74YQmJaXN3iOtAmuSacB_q4hmR4.roa
File:                     74YQmJaXN3iOtAmuSacB_q4hmR4.roa (raw, json)
Hash identifier:          f56W5DWNSr9IwkZwagxHnAwI72ren01meg9pkjEBamA=
Subject key identifier:   EF:86:10:98:96:97:37:78:8E:B4:09:AE:49:A7:01:FE:AE:21:99:1E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019A52AC20324B6C0AFF1CC42A2C98704787
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/74YQmJaXN3iOtAmuSacB_q4hmR4.roa
Signing time:             Wed 05 Nov 2025 06:20:03 +0000
ROA not before:           Wed 05 Nov 2025 06:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216102
IP address blocks:        151.245.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:52:ac:20:32:4b:6c:0a:ff:1c:c4:2a:2c:98:70:47:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov  5 06:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef861098969737788eb409ae49a701feae21991e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8d:b1:95:dd:5e:89:96:56:35:32:31:88:a4:
                    2a:b6:9f:2f:83:ea:14:2a:95:ef:2a:59:55:a4:5e:
                    97:89:0c:c4:0e:14:22:43:d9:64:69:db:71:6c:fb:
                    8b:8f:96:0e:12:55:74:c2:c2:f2:1c:37:99:b8:08:
                    fa:ca:25:1d:fb:bb:94:9e:4b:26:51:58:5b:d3:de:
                    e7:0d:b6:99:25:50:9a:ef:e1:fb:22:b8:f3:88:e9:
                    dd:54:db:31:61:a4:82:33:30:90:59:bb:ae:23:fa:
                    7f:54:ab:d0:b4:03:77:7f:60:e1:84:9f:c2:88:68:
                    1d:8a:5f:e9:ad:c1:65:7a:ca:73:74:b5:ba:bd:14:
                    56:46:2f:e5:dd:25:1b:fa:34:ac:6a:eb:4e:a8:33:
                    b5:5b:85:bf:dc:f7:96:44:ae:18:b9:87:1f:4b:90:
                    20:72:4a:0a:eb:26:a6:cb:8a:69:64:fc:e6:24:5b:
                    ad:e7:ae:17:d6:7b:c7:76:81:67:4a:d3:4c:07:92:
                    89:34:29:77:72:a2:2d:67:1c:48:91:06:8c:1a:77:
                    99:88:cd:57:91:fb:1f:2c:e8:9d:59:d6:c3:18:55:
                    3e:9b:92:b3:62:0e:2d:03:17:d4:ca:8f:a1:45:aa:
                    1a:36:31:22:db:7e:31:38:59:3d:03:5b:8e:21:bb:
                    6e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:86:10:98:96:97:37:78:8E:B4:09:AE:49:A7:01:FE:AE:21:99:1E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/74YQmJaXN3iOtAmuSacB_q4hmR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:77:0b:9c:0d:cc:2e:96:5e:3a:bb:68:e6:06:21:c1:10:f7:
         27:cb:8c:b3:89:e6:35:d5:21:15:46:20:89:62:40:79:62:b0:
         2a:4f:da:95:9d:30:0f:db:47:6d:f4:e3:0c:8d:8b:75:16:dc:
         84:30:63:c4:e0:40:5a:b7:b3:ee:8e:ab:28:70:6e:48:a3:df:
         ba:61:d0:27:f5:09:81:3f:29:98:0a:ee:24:e8:3d:ed:9d:ce:
         b3:6a:19:83:2e:6a:88:f1:8d:4f:74:f6:a6:8b:46:ce:4c:7a:
         0d:84:1e:af:7b:72:48:92:e0:59:a5:2c:e0:63:36:5e:b1:bb:
         7f:1b:96:04:db:77:e9:d4:8b:50:53:16:9b:1e:43:68:48:36:
         7d:6f:17:a0:b1:42:87:27:db:0c:ba:25:79:8b:2a:1f:5b:c3:
         b8:25:d7:92:cd:72:70:a0:71:5f:26:41:06:3e:e9:82:95:d1:
         b0:a5:e2:61:5f:e1:64:d0:58:a8:3a:c7:06:24:9e:2a:a1:c9:
         4f:6c:60:85:da:60:a3:36:21:a6:8e:aa:69:fa:f4:a1:8b:a7:
         c5:44:9d:89:92:e0:e1:61:c1:25:a5:93:90:da:72:df:68:6f:
         de:16:73:b0:46:90:65:62:b0:fe:fc:1d:2d:ed:c5:fa:3f:02:
         7e:9f:93:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpSrCAyS2wK/xzEKiyYcEeHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTA1MDYyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjg2MTA5ODk2OTczNzc4OGViNDA5YWU0OWE3MDFmZWFlMjE5OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo2xld1eiZZWNTIxiKQqtp8vg+oU
KpXvKllVpF6XiQzEDhQiQ9lkadtxbPuLj5YOElV0wsLyHDeZuAj6yiUd+7uUnksm
UVhb097nDbaZJVCa7+H7IrjziOndVNsxYaSCMzCQWbuuI/p/VKvQtAN3f2DhhJ/C
iGgdil/prcFlespzdLW6vRRWRi/l3SUb+jSsautOqDO1W4W/3PeWRK4YuYcfS5Ag
ckoK6yamy4ppZPzmJFut564X1nvHdoFnStNMB5KJNCl3cqItZxxIkQaMGneZiM1X
kfsfLOidWdbDGFU+m5KzYg4tAxfUyo+hRaoaNjEi234xOFk9A1uOIbtu7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+GEJiWlzd4jrQJrkmnAf6uIZkeMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNzRZUW1KYVhOM2lPdEFtdVNhY0JfcTRobVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/WgMA0G
CSqGSIb3DQEBCwUAA4IBAQBrdwucDcwull46u2jmBiHBEPcny4yzieY11SEVRiCJ
YkB5YrAqT9qVnTAP20dt9OMMjYt1FtyEMGPE4EBat7PujqsocG5Io9+6YdAn9QmB
PymYCu4k6D3tnc6zahmDLmqI8Y1PdPami0bOTHoNhB6ve3JIkuBZpSzgYzZesbt/
G5YE23fp1ItQUxabHkNoSDZ9bxegsUKHJ9sMuiV5iyofW8O4JdeSzXJwoHFfJkEG
PumCldGwpeJhX+Fk0FioOscGJJ4qoclPbGCF2mCjNiGmjqpp+vShi6fFRJ2JkuDh
YcElpZOQ2nLfaG/eFnOwRpBlYrD+/B0t7cX6PwJ+n5N4
-----END CERTIFICATE-----