Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MITkhtpGsi3EW6aX1ySqqi3q4t4.roa
File:                     MITkhtpGsi3EW6aX1ySqqi3q4t4.roa (raw, json)
Hash identifier:          9Wec/TMtBDWD/F2uBfrRYtNPFajDZ7mdbrf1F88mUuc=
Subject key identifier:   30:84:E4:86:DA:46:B2:2D:C4:5B:A6:97:D7:24:AA:AA:2D:EA:E2:DE
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198507E3702A6975EF0F3B5969CD5D031C7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MITkhtpGsi3EW6aX1ySqqi3q4t4.roa
Signing time:             Mon 28 Jul 2025 10:05:05 +0000
ROA not before:           Mon 28 Jul 2025 10:05:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        151.240.4.0/22 maxlen: 22
                          151.240.20.0/22 maxlen: 22
                          151.240.68.0/22 maxlen: 22
                          151.240.84.0/22 maxlen: 22
                          151.244.79.0/24 maxlen: 24
                          151.245.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:7e:37:02:a6:97:5e:f0:f3:b5:96:9c:d5:d0:31:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 28 10:05:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3084e486da46b22dc45ba697d724aaaa2deae2de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b4:62:81:79:b1:dd:38:c9:59:0c:34:39:dd:
                    c6:b2:85:ae:d9:03:3f:a4:e6:4f:ee:c3:90:4f:e4:
                    5a:b6:6e:bb:3a:51:4f:db:37:b4:30:e2:5d:c5:ee:
                    63:37:b8:6d:44:b2:8d:b5:09:50:8e:6e:63:a6:4c:
                    50:25:f4:9c:ee:58:51:a3:29:27:aa:58:a1:1a:8f:
                    91:40:79:8a:0e:61:44:f0:f4:d5:3b:9b:42:e0:88:
                    6e:13:95:22:65:cd:f0:54:36:80:44:7f:b3:52:80:
                    69:94:5e:fc:1c:b9:75:76:bc:55:00:5d:eb:30:1e:
                    54:5f:fe:23:ac:14:b6:1d:d5:99:2a:20:00:e8:29:
                    b7:28:09:77:de:83:5e:5e:0d:6d:87:bc:db:20:38:
                    90:c0:b9:eb:52:ef:b6:43:86:44:32:2c:77:73:4e:
                    e2:d8:fd:14:36:4d:f3:b5:cd:69:d5:04:cd:bc:cf:
                    02:20:78:ca:e5:56:34:ed:d6:11:db:69:56:5d:13:
                    f7:2a:94:b6:c0:3f:6b:3a:6d:02:2c:ff:08:c8:0e:
                    a5:70:56:ac:23:29:08:ad:4e:2e:ce:a3:b5:fe:34:
                    ce:7a:5c:06:56:64:98:7d:67:36:c3:61:03:72:73:
                    c7:6b:63:79:dd:e3:1c:bc:9f:cb:60:07:7c:23:b0:
                    91:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:84:E4:86:DA:46:B2:2D:C4:5B:A6:97:D7:24:AA:AA:2D:EA:E2:DE
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/MITkhtpGsi3EW6aX1ySqqi3q4t4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.4.0/22
                  151.240.20.0/22
                  151.240.68.0/22
                  151.240.84.0/22
                  151.244.79.0/24
                  151.245.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:4e:1b:5c:32:19:a5:5e:69:c8:82:87:2e:df:bf:9f:09:54:
         23:a6:12:b8:34:61:d2:34:d4:ea:12:4a:f2:22:60:23:70:6e:
         25:d6:43:18:3e:e0:82:0a:29:5d:ba:a7:0a:21:1e:05:62:14:
         b6:ec:cd:c3:ee:a8:c7:d1:48:3a:1e:39:df:bc:8b:b2:63:21:
         44:78:36:87:b3:32:3c:ce:e9:10:cf:60:92:bb:e9:ff:6d:fc:
         91:5f:3e:d9:b4:07:c5:20:17:fd:ed:a1:a2:e4:16:3b:e4:d5:
         85:a7:59:76:f3:4c:0b:b6:a6:a4:c0:32:59:d8:81:ad:d9:59:
         6e:4b:fa:ce:7a:a4:41:de:4e:36:9d:ff:05:76:dc:d4:25:b3:
         b1:9c:02:d7:0c:a1:c5:67:cb:dc:e5:7a:13:b2:50:e0:d4:43:
         6c:b2:d6:3f:1e:d2:64:7c:05:cd:a1:bc:17:e1:33:45:4b:4d:
         3d:6d:73:c1:99:ba:ce:f8:ad:fe:11:8a:65:db:ff:92:a7:61:
         76:ef:ff:2b:5f:82:cb:21:10:b9:eb:2e:fb:dc:54:fa:57:31:
         bd:9b:45:b4:6e:0e:9d:bf:e1:59:cb:b7:b4:a8:2f:22:9f:66:
         3b:03:2c:b6:87:7c:dc:d1:8a:28:82:f7:53:13:cf:39:b9:58:
         1c:47:2d:cb
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZhQfjcCppde8PO1lpzV0DHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzI4MTAwNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDg0ZTQ4NmRhNDZiMjJkYzQ1YmE2OTdkNzI0YWFhYTJkZWFlMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rRigXmx3TjJWQw0Od3GsoWu2QM/
pOZP7sOQT+Ratm67OlFP2ze0MOJdxe5jN7htRLKNtQlQjm5jpkxQJfSc7lhRoykn
qlihGo+RQHmKDmFE8PTVO5tC4IhuE5UiZc3wVDaARH+zUoBplF78HLl1drxVAF3r
MB5UX/4jrBS2HdWZKiAA6Cm3KAl33oNeXg1th7zbIDiQwLnrUu+2Q4ZEMix3c07i
2P0UNk3ztc1p1QTNvM8CIHjK5VY07dYR22lWXRP3KpS2wD9rOm0CLP8IyA6lcFas
IykIrU4uzqO1/jTOelwGVmSYfWc2w2EDcnPHa2N53eMcvJ/LYAd8I7CRXQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDCE5IbaRrItxFuml9ckqqot6uLeMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTUlUa2h0cEdzaTNFVzZhWDF5U3FxaTNxNHQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCl/AEAwQC
l/AUAwQCl/BEAwQCl/BUAwQAl/RPAwQAl/VNMA0GCSqGSIb3DQEBCwUAA4IBAQCd
ThtcMhmlXmnIgocu37+fCVQjphK4NGHSNNTqEkryImAjcG4l1kMYPuCCCilduqcK
IR4FYhS27M3D7qjH0Ug6HjnfvIuyYyFEeDaHszI8zukQz2CSu+n/bfyRXz7ZtAfF
IBf97aGi5BY75NWFp1l280wLtqakwDJZ2IGt2VluS/rOeqRB3k42nf8FdtzUJbOx
nALXDKHFZ8vc5XoTslDg1ENsstY/HtJkfAXNobwX4TNFS009bXPBmbrO+K3+EYpl
2/+Sp2F27/8rX4LLIRC56y773FT6VzG9m0W0bg6dv+FZy7e0qC8in2Y7Ayy2h3zc
0YoogvdTE885uVgcRy3L
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:11:23 2025 by rpki-client