Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/e6AHCcSKmDJ48m5aM7LEfgUpIkU.roa
File:                     e6AHCcSKmDJ48m5aM7LEfgUpIkU.roa (raw, json)
Hash identifier:          vDqv84rAkwVUYNbQg04TylLyZCw5cPipIB88VGJbwSA=
Subject key identifier:   7B:A0:07:09:C4:8A:98:32:78:F2:6E:5A:33:B2:C4:7E:05:29:22:45
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019768BBDDE44EE114F386F60173EB318329
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/e6AHCcSKmDJ48m5aM7LEfgUpIkU.roa
Signing time:             Fri 13 Jun 2025 10:00:31 +0000
ROA not before:           Fri 13 Jun 2025 10:00:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        151.242.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:68:bb:dd:e4:4e:e1:14:f3:86:f6:01:73:eb:31:83:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 13 10:00:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ba00709c48a983278f26e5a33b2c47e05292245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:dc:a7:c0:b4:28:dc:17:9b:d7:e7:f2:44:7c:
                    6d:a7:9e:a2:92:0e:df:a5:7a:e6:dc:98:41:51:c7:
                    b3:b1:f7:0d:d6:b3:de:94:db:4d:12:2b:c4:e7:e8:
                    e3:48:2f:77:5f:64:91:12:b4:a9:2b:2e:de:06:8c:
                    e9:85:71:60:f0:9e:aa:9d:b8:42:37:d8:86:df:9e:
                    eb:5b:86:fb:06:7d:50:d0:a2:cd:cb:96:5b:39:7e:
                    a3:b8:a2:b5:cb:d2:fd:c1:66:df:ab:74:62:fc:86:
                    e5:f5:48:84:47:e7:0a:e9:56:27:1c:97:af:4c:04:
                    c3:65:e5:2f:74:cc:40:c6:61:8b:91:93:81:20:fd:
                    e5:b4:00:0a:5a:aa:b6:57:20:28:c9:19:5a:00:ca:
                    d0:33:2f:44:3d:19:2f:62:42:f0:b2:b2:72:f0:ef:
                    15:fe:91:7e:c7:07:76:e0:80:11:d4:db:bd:9e:cf:
                    15:cb:4d:d1:ee:02:5e:ab:d1:4b:3b:a7:58:87:6a:
                    d0:cf:fe:d2:28:e0:a4:10:6e:fb:31:b3:74:23:ed:
                    9d:fd:53:d6:5d:18:5a:1c:cd:c9:0c:f3:4e:1a:41:
                    53:2a:b5:b5:44:d7:dd:69:72:93:95:35:ee:53:ef:
                    38:1a:e1:8b:51:28:0e:99:2a:2b:02:74:f0:62:d8:
                    65:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A0:07:09:C4:8A:98:32:78:F2:6E:5A:33:B2:C4:7E:05:29:22:45
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/e6AHCcSKmDJ48m5aM7LEfgUpIkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:6c:1f:1e:c9:c3:b2:50:a6:1f:d4:98:58:8a:4f:34:a4:48:
         b5:cb:18:6b:dd:06:7a:2a:e3:da:31:6f:53:bc:ae:90:33:3d:
         93:d2:95:f3:9b:7f:db:2d:c6:4c:d3:cd:f9:66:1b:e2:57:28:
         48:10:1b:b9:fa:96:21:d8:20:3f:39:00:ef:00:1e:3d:e3:cd:
         e2:1d:2e:dd:d8:00:5b:17:11:fa:88:63:9d:3e:1e:12:60:24:
         89:a2:24:49:fa:a0:6f:6d:84:a5:f5:f6:0a:d4:67:10:83:0f:
         fb:1f:5a:c7:fe:07:d0:6d:d9:9b:67:b7:f1:a2:3c:5e:b8:a1:
         09:27:ee:6c:b8:d9:a7:6b:b2:18:2f:0b:7d:d1:a9:5a:0d:31:
         fa:70:4e:f2:04:8f:36:32:fd:da:97:2e:17:38:ca:6c:c5:bf:
         c8:ed:6c:3e:41:1e:b0:c3:9e:02:dc:64:ac:9b:b2:dc:cc:49:
         5c:e5:70:2c:98:86:03:39:19:36:de:67:fb:99:61:fe:0a:c0:
         87:7b:d5:cb:7c:fc:9d:3c:2a:67:2d:c8:ea:e2:b9:b5:0c:cc:
         93:95:07:ea:c5:71:ab:08:74:90:57:c7:f9:bf:bd:6c:ea:7e:
         00:2e:35:ce:63:2e:3f:7e:11:9b:0b:01:e6:18:0a:2a:43:7c:
         95:f4:ee:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdou93kTuEU84b2AXPrMYMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjEzMTAwMDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmEwMDcwOWM0OGE5ODMyNzhmMjZlNWEzM2IyYzQ3ZTA1MjkyMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdynwLQo3Beb1+fyRHxtp56ikg7f
pXrm3JhBUcezsfcN1rPelNtNEivE5+jjSC93X2SRErSpKy7eBozphXFg8J6qnbhC
N9iG357rW4b7Bn1Q0KLNy5ZbOX6juKK1y9L9wWbfq3Ri/Ibl9UiER+cK6VYnHJev
TATDZeUvdMxAxmGLkZOBIP3ltAAKWqq2VyAoyRlaAMrQMy9EPRkvYkLwsrJy8O8V
/pF+xwd24IAR1Nu9ns8Vy03R7gJeq9FLO6dYh2rQz/7SKOCkEG77MbN0I+2d/VPW
XRhaHM3JDPNOGkFTKrW1RNfdaXKTlTXuU+84GuGLUSgOmSorAnTwYthlLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHugBwnEipgyePJuWjOyxH4FKSJFMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZTZBSENjU0ttREo0OG01YU03TEVmZ1VwSWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JIMA0G
CSqGSIb3DQEBCwUAA4IBAQAdbB8eycOyUKYf1JhYik80pEi1yxhr3QZ6KuPaMW9T
vK6QMz2T0pXzm3/bLcZM0835ZhviVyhIEBu5+pYh2CA/OQDvAB49483iHS7d2ABb
FxH6iGOdPh4SYCSJoiRJ+qBvbYSl9fYK1GcQgw/7H1rH/gfQbdmbZ7fxojxeuKEJ
J+5suNmna7IYLwt90alaDTH6cE7yBI82Mv3aly4XOMpsxb/I7Ww+QR6ww54C3GSs
m7LczElc5XAsmIYDORk23mf7mWH+CsCHe9XLfPydPCpnLcjq4rm1DMyTlQfqxXGr
CHSQV8f5v71s6n4ALjXOYy4/fhGbCwHmGAoqQ3yV9O44
-----END CERTIFICATE-----