Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/USx0vkDPGnSgbX_cNkKhu4YlCP0.roa
File:                     USx0vkDPGnSgbX_cNkKhu4YlCP0.roa (raw, json)
Hash identifier:          h9mOogf34IC7IlgebZ+oB6IRrZzASi4mTf7X60G+G5w=
Subject key identifier:   51:2C:74:BE:40:CF:1A:74:A0:6D:7F:DC:36:42:A1:BB:86:25:08:FD
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198693EF445C51E02113A1005F353B3159C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/USx0vkDPGnSgbX_cNkKhu4YlCP0.roa
Signing time:             Sat 02 Aug 2025 05:26:30 +0000
ROA not before:           Sat 02 Aug 2025 05:26:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     154049
IP address blocks:        151.243.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:69:3e:f4:45:c5:1e:02:11:3a:10:05:f3:53:b3:15:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug  2 05:26:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=512c74be40cf1a74a06d7fdc3642a1bb862508fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:96:d4:38:d5:07:2d:c3:89:db:42:1a:d3:35:
                    b7:d4:46:45:1a:04:47:13:57:a6:24:e2:75:08:3e:
                    31:6d:50:82:9b:fb:a2:35:82:da:69:1d:c0:3c:d9:
                    e2:ac:ed:19:64:c7:9d:5d:0d:e4:df:c5:7c:d8:78:
                    b0:78:99:18:69:0c:ee:9f:6d:b4:b4:ef:21:f1:d9:
                    2e:40:90:77:eb:05:73:8f:71:61:aa:c3:80:78:dd:
                    61:42:b0:e7:2a:07:63:bb:7a:0e:2a:50:a7:06:70:
                    2f:25:ee:7f:ca:a0:4d:5f:bf:22:98:03:32:cd:1b:
                    67:18:90:cc:3b:87:1e:a0:27:9d:de:bf:1f:56:14:
                    a3:19:14:1e:e1:d2:da:4e:55:1a:77:33:37:95:3b:
                    25:cb:92:c7:d8:99:80:03:0e:d8:de:f2:32:e9:f0:
                    75:ab:56:31:45:e2:2a:07:22:53:c4:b4:2c:47:bc:
                    48:26:fe:54:58:55:2c:fe:a4:b7:80:9e:d1:67:4c:
                    18:c7:3c:66:50:45:62:23:70:a0:b2:8a:19:64:b4:
                    4f:1f:51:e7:e3:33:ee:49:10:af:af:48:db:dc:b4:
                    f5:04:9d:12:db:7f:e4:2b:75:40:f1:f8:63:7a:e9:
                    4e:da:cd:92:72:ea:3c:1b:b9:d6:91:b4:93:45:ba:
                    83:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:2C:74:BE:40:CF:1A:74:A0:6D:7F:DC:36:42:A1:BB:86:25:08:FD
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/USx0vkDPGnSgbX_cNkKhu4YlCP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:c8:3f:55:e1:a7:1d:10:a3:1f:17:49:51:6c:06:0a:bd:ef:
         b0:e1:4c:b4:5a:23:10:d5:21:13:09:36:9d:e7:a7:0f:3a:6b:
         32:bb:66:2a:04:58:f6:6d:f9:74:09:6b:f0:13:43:84:41:35:
         5e:d7:19:10:8e:d9:85:fd:e3:f6:c3:bf:ed:50:cd:da:33:2d:
         47:2d:ea:e5:4e:d2:ef:7a:8e:0e:31:38:59:5f:88:4b:ec:7f:
         b4:7a:38:46:80:77:2d:4a:ef:f8:00:d0:32:6a:36:24:99:72:
         2e:58:b5:92:b3:ab:04:01:50:7f:69:6a:d1:c5:58:eb:da:bd:
         cf:de:90:e5:63:be:35:7c:b3:8a:5a:49:2a:1d:ea:41:90:d8:
         ab:9b:33:8f:ff:a1:4e:47:a9:e8:8d:38:0c:41:51:16:52:4d:
         e5:ef:7b:ed:b3:de:b6:d9:36:5b:f9:3b:96:42:30:c0:78:c3:
         3f:ce:95:05:67:c6:95:63:a0:d0:c8:10:c2:ed:90:bb:9a:44:
         82:c6:0a:0f:48:16:54:c7:6f:99:5b:b5:ce:5d:ea:1d:12:6d:
         e6:63:fa:47:6d:a5:36:e4:72:70:3d:03:d0:e2:8e:43:c5:32:
         46:29:29:e9:17:c3:06:9b:e6:96:58:cd:a8:70:04:78:f6:1e:
         bd:ad:72:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhpPvRFxR4CEToQBfNTsxWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODAyMDUyNjMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTJjNzRiZTQwY2YxYTc0YTA2ZDdmZGMzNjQyYTFiYjg2MjUwOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZbUONUHLcOJ20Ia0zW31EZFGgRH
E1emJOJ1CD4xbVCCm/uiNYLaaR3APNnirO0ZZMedXQ3k38V82HiweJkYaQzun220
tO8h8dkuQJB36wVzj3FhqsOAeN1hQrDnKgdju3oOKlCnBnAvJe5/yqBNX78imAMy
zRtnGJDMO4ceoCed3r8fVhSjGRQe4dLaTlUadzM3lTsly5LH2JmAAw7Y3vIy6fB1
q1YxReIqByJTxLQsR7xIJv5UWFUs/qS3gJ7RZ0wYxzxmUEViI3CgsooZZLRPH1Hn
4zPuSRCvr0jb3LT1BJ0S23/kK3VA8fhjeulO2s2Scuo8G7nWkbSTRbqDCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEsdL5Azxp0oG1/3DZCobuGJQj9MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVVN4MHZrRFBHblNnYlhfY05rS2h1NFlsQ1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/MjMA0G
CSqGSIb3DQEBCwUAA4IBAQBUyD9V4acdEKMfF0lRbAYKve+w4Uy0WiMQ1SETCTad
56cPOmsyu2YqBFj2bfl0CWvwE0OEQTVe1xkQjtmF/eP2w7/tUM3aMy1HLerlTtLv
eo4OMThZX4hL7H+0ejhGgHctSu/4ANAyajYkmXIuWLWSs6sEAVB/aWrRxVjr2r3P
3pDlY741fLOKWkkqHepBkNirmzOP/6FOR6nojTgMQVEWUk3l73vts9622TZb+TuW
QjDAeMM/zpUFZ8aVY6DQyBDC7ZC7mkSCxgoPSBZUx2+ZW7XOXeodEm3mY/pHbaU2
5HJwPQPQ4o5DxTJGKSnpF8MGm+aWWM2ocAR49h69rXI+
-----END CERTIFICATE-----