Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/giBgFY29bF-yDSFRzVhBqYMjoOs.roa
File:                     giBgFY29bF-yDSFRzVhBqYMjoOs.roa (raw, json)
Hash identifier:          BLivIt1SbrevlKK0gv6zeC5I6TTRgiwX9aP3EopJoaI=
Subject key identifier:   82:20:60:15:8D:BD:6C:5F:B2:0D:21:51:CD:58:41:A9:83:23:A0:EB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019A19AD5EA53E114692166EFB006E224F85
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/giBgFY29bF-yDSFRzVhBqYMjoOs.roa
Signing time:             Sat 25 Oct 2025 04:43:03 +0000
ROA not before:           Sat 25 Oct 2025 04:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56655
IP address blocks:        151.242.104.0/24 maxlen: 24
                          151.242.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:19:ad:5e:a5:3e:11:46:92:16:6e:fb:00:6e:22:4f:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Oct 25 04:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=822060158dbd6c5fb20d2151cd5841a98323a0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c7:17:d5:72:f6:57:b7:62:8e:ba:4a:bd:5f:
                    fb:f8:89:39:fb:7c:bf:da:30:58:f0:04:b1:54:b0:
                    bf:84:59:d8:dc:f6:af:bf:b5:1b:ec:8e:0d:e9:cf:
                    03:e9:74:fe:c1:c4:11:17:1b:0a:f9:4c:e3:b5:08:
                    1d:64:67:17:06:9d:76:85:0b:05:8b:38:ed:b2:e9:
                    d0:80:df:89:2a:f2:ab:d2:b8:2e:ab:3a:48:dd:8c:
                    8a:fb:dd:9f:78:73:02:04:31:96:00:ee:f9:c7:ee:
                    f9:eb:8a:d1:79:c0:5a:bc:aa:59:ee:c7:2b:21:27:
                    8e:f2:59:77:87:03:c0:c5:d5:24:5d:97:96:03:35:
                    18:3a:ac:88:1b:21:c6:49:56:15:c7:06:4e:4f:40:
                    07:0b:b1:36:6f:d5:59:42:1b:2e:91:c9:16:37:30:
                    15:d4:fe:13:8c:5d:ee:79:00:fb:66:fb:b4:c9:31:
                    e4:53:0c:68:09:1f:59:43:40:c9:60:b3:bd:14:bd:
                    dc:f3:1b:c5:a2:3e:43:76:c5:a5:c0:02:9a:4f:39:
                    17:ac:40:b3:c0:90:cc:94:e9:05:da:9a:d1:6a:e0:
                    1c:aa:74:aa:ba:1e:4f:b4:7e:72:ec:3d:cd:e1:36:
                    49:5f:09:39:c2:c7:bb:98:c1:86:a4:79:8b:de:f1:
                    f7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:20:60:15:8D:BD:6C:5F:B2:0D:21:51:CD:58:41:A9:83:23:A0:EB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/giBgFY29bF-yDSFRzVhBqYMjoOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.104.0/24
                  151.242.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:88:dc:bc:f4:fa:5b:fe:08:23:4a:3f:d0:3e:cd:f6:4f:24:
         45:43:15:a9:c1:79:9b:71:67:45:71:17:2e:01:aa:8a:da:5d:
         56:77:33:ab:f4:85:ef:92:ff:c9:83:d9:1f:12:0d:3a:72:84:
         bc:3f:dd:59:54:51:71:23:a4:be:33:9c:de:90:f3:3e:75:32:
         09:70:5a:9c:ed:86:1b:3a:b9:c0:46:fc:1f:f4:43:ca:4a:e9:
         d6:38:d5:e5:5d:a8:49:d5:54:fc:fa:33:b4:75:48:5a:29:51:
         f2:10:8e:79:6a:ae:11:0e:93:26:bb:e2:34:21:d6:9b:cf:04:
         a8:32:28:4e:05:81:95:6e:e9:1a:84:10:ef:ab:b6:ba:a9:4f:
         28:8a:7a:9f:39:9d:b2:9c:47:63:e6:3e:0c:ba:ee:43:07:12:
         3b:81:b0:60:29:53:60:a2:ad:3c:c0:7c:43:6e:06:14:d4:74:
         8a:e6:80:e1:78:82:47:0d:3c:96:07:73:7e:9f:76:d6:8b:bb:
         d6:61:39:8a:fc:28:18:db:73:8d:fa:f2:19:cc:e3:f6:75:37:
         56:81:a3:63:28:3e:d4:e6:d0:cf:bb:31:84:b8:5c:e5:72:42:
         b3:5e:69:68:1b:24:04:02:e2:0e:68:0a:67:f7:f2:4a:ab:9f:
         8e:d4:74:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoZrV6lPhFGkhZu+wBuIk+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDI1MDQ0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjIwNjAxNThkYmQ2YzVmYjIwZDIxNTFjZDU4NDFhOTgzMjNhMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMcX1XL2V7dijrpKvV/7+Ik5+3y/
2jBY8ASxVLC/hFnY3Pavv7Ub7I4N6c8D6XT+wcQRFxsK+UzjtQgdZGcXBp12hQsF
izjtsunQgN+JKvKr0rguqzpI3YyK+92feHMCBDGWAO75x+7564rRecBavKpZ7scr
ISeO8ll3hwPAxdUkXZeWAzUYOqyIGyHGSVYVxwZOT0AHC7E2b9VZQhsukckWNzAV
1P4TjF3ueQD7Zvu0yTHkUwxoCR9ZQ0DJYLO9FL3c8xvFoj5DdsWlwAKaTzkXrECz
wJDMlOkF2prRauAcqnSquh5PtH5y7D3N4TZJXwk5wse7mMGGpHmL3vH3HwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIIgYBWNvWxfsg0hUc1YQamDI6DrMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZ2lCZ0ZZMjliRi15RFNGUnpWaEJxWU1qb09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/JoAwQB
l/KoMA0GCSqGSIb3DQEBCwUAA4IBAQBuiNy89Ppb/ggjSj/QPs32TyRFQxWpwXmb
cWdFcRcuAaqK2l1WdzOr9IXvkv/Jg9kfEg06coS8P91ZVFFxI6S+M5zekPM+dTIJ
cFqc7YYbOrnARvwf9EPKSunWONXlXahJ1VT8+jO0dUhaKVHyEI55aq4RDpMmu+I0
IdabzwSoMihOBYGVbukahBDvq7a6qU8oinqfOZ2ynEdj5j4Muu5DBxI7gbBgKVNg
oq08wHxDbgYU1HSK5oDheIJHDTyWB3N+n3bWi7vWYTmK/CgY23ON+vIZzOP2dTdW
gaNjKD7U5tDPuzGEuFzlckKzXmloGyQEAuIOaApn9/JKq5+O1HQd
-----END CERTIFICATE-----