Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sh8-eHtdrtpduJ55puDGsyA7uZg.roa
File:                     sh8-eHtdrtpduJ55puDGsyA7uZg.roa (raw, json)
Hash identifier:          7fllN54aJHzwmbrvSLch7+osQHv47fJ4u8X9LTpi954=
Subject key identifier:   B2:1F:3E:78:7B:5D:AE:DA:5D:B8:9E:79:A6:E0:C6:B3:20:3B:B9:98
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019668427FFE5073C6F6890820F4F76F17CD
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sh8-eHtdrtpduJ55puDGsyA7uZg.roa
Signing time:             Thu 24 Apr 2025 14:45:10 +0000
ROA not before:           Thu 24 Apr 2025 14:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     132978
IP address blocks:        151.243.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:42:7f:fe:50:73:c6:f6:89:08:20:f4:f7:6f:17:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 24 14:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b21f3e787b5daeda5db89e79a6e0c6b3203bb998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:61:b3:80:fc:15:5f:12:57:aa:b3:32:97:a6:
                    a0:fa:50:cf:18:e5:48:02:ab:95:e3:13:44:22:7b:
                    e2:61:43:12:be:8c:31:77:2f:6d:b6:40:4a:44:a6:
                    be:51:c8:4e:87:72:41:db:f7:2e:5f:90:7c:77:c3:
                    ee:2b:d4:d5:57:a5:10:43:fc:17:9a:d4:8d:c0:03:
                    d1:1a:d9:72:78:03:ee:7b:87:af:7c:e2:7c:75:4d:
                    2c:76:73:a0:53:e1:05:24:24:85:2c:e7:96:0e:03:
                    6c:47:a7:fe:79:5f:c8:f4:84:25:13:af:59:b5:52:
                    56:18:1b:cf:3b:d9:80:d9:42:fe:4f:bc:37:d4:b6:
                    a4:df:a1:ad:56:f6:64:54:39:f5:4c:52:08:0a:07:
                    5c:fb:ad:95:3d:47:29:b2:ff:87:62:79:be:35:04:
                    c4:c9:ac:cc:36:32:86:6d:3b:39:fd:c8:d5:1c:01:
                    0f:d1:3e:f8:61:51:f8:41:da:a1:6d:60:c9:21:53:
                    14:19:be:7c:0f:d2:4c:f0:d4:81:74:2a:b0:a7:4b:
                    ea:97:24:15:92:05:13:0e:be:02:41:1b:52:01:2a:
                    f0:8f:20:53:c3:75:a5:06:aa:3f:06:4c:70:36:59:
                    00:54:c7:32:ff:57:ee:53:5c:58:3a:9a:15:32:93:
                    8a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:1F:3E:78:7B:5D:AE:DA:5D:B8:9E:79:A6:E0:C6:B3:20:3B:B9:98
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sh8-eHtdrtpduJ55puDGsyA7uZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ae:98:c2:97:74:25:29:aa:ce:37:b1:4d:a8:87:b0:fb:a4:
         96:92:21:87:d0:10:fd:29:90:6d:7c:df:79:8d:fc:11:9c:f2:
         4c:96:26:9b:e0:98:63:6f:da:14:51:f2:88:fc:9d:4c:96:52:
         06:65:f1:92:aa:3e:39:22:4b:5a:ca:25:7e:f6:78:43:f3:d3:
         00:b1:f0:36:9f:2a:e5:f2:56:d8:83:31:a2:16:65:22:f8:90:
         c7:77:10:12:5c:e8:51:77:a0:15:91:11:8e:e2:31:b2:2b:d8:
         3c:17:2f:b4:6b:8c:c8:7e:0e:0b:e0:cb:02:e2:25:ea:bf:6d:
         6f:33:c3:f4:6a:17:cd:a5:18:bc:bc:0f:7d:fe:93:38:e7:75:
         01:8e:b1:f9:e8:79:87:a2:22:1b:90:49:43:94:7b:b2:03:b8:
         56:32:31:c5:b0:a5:76:d8:33:12:f1:f0:07:04:ba:7b:99:e7:
         7e:5e:c6:46:10:89:40:f2:a5:2f:18:ad:8a:a9:45:dc:0f:42:
         fd:01:7b:71:cc:bc:38:b6:73:fe:4f:cd:af:57:f4:18:01:73:
         11:64:06:50:54:c3:61:ff:da:77:6a:97:c8:9c:3d:f7:b9:9e:
         b3:31:2a:32:4c:89:ee:2b:67:b3:fa:6f:19:c7:47:c6:5f:8e:
         c3:e1:9e:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZoQn/+UHPG9okIIPT3bxfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI0MTQ0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjFmM2U3ODdiNWRhZWRhNWRiODllNzlhNmUwYzZiMzIwM2JiOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWGzgPwVXxJXqrMyl6ag+lDPGOVI
AquV4xNEInviYUMSvowxdy9ttkBKRKa+UchOh3JB2/cuX5B8d8PuK9TVV6UQQ/wX
mtSNwAPRGtlyeAPue4evfOJ8dU0sdnOgU+EFJCSFLOeWDgNsR6f+eV/I9IQlE69Z
tVJWGBvPO9mA2UL+T7w31Lak36GtVvZkVDn1TFIICgdc+62VPUcpsv+HYnm+NQTE
yazMNjKGbTs5/cjVHAEP0T74YVH4QdqhbWDJIVMUGb58D9JM8NSBdCqwp0vqlyQV
kgUTDr4CQRtSASrwjyBTw3WlBqo/BkxwNlkAVMcy/1fuU1xYOpoVMpOKrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIfPnh7Xa7aXbieeabgxrMgO7mYMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvc2g4LWVIdGRydHBkdUo1NXB1REdzeUE3dVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/OSMA0G
CSqGSIb3DQEBCwUAA4IBAQCbrpjCl3QlKarON7FNqIew+6SWkiGH0BD9KZBtfN95
jfwRnPJMliab4Jhjb9oUUfKI/J1MllIGZfGSqj45IktayiV+9nhD89MAsfA2nyrl
8lbYgzGiFmUi+JDHdxASXOhRd6AVkRGO4jGyK9g8Fy+0a4zIfg4L4MsC4iXqv21v
M8P0ahfNpRi8vA99/pM453UBjrH56HmHoiIbkElDlHuyA7hWMjHFsKV22DMS8fAH
BLp7med+XsZGEIlA8qUvGK2KqUXcD0L9AXtxzLw4tnP+T82vV/QYAXMRZAZQVMNh
/9p3apfInD33uZ6zMSoyTInuK2ez+m8Zx0fGX47D4Z4O
-----END CERTIFICATE-----