Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7zHIDr6OFFnaLvrV9dAh30WX3nc.roa
File:                     7zHIDr6OFFnaLvrV9dAh30WX3nc.roa (raw, json)
Hash identifier:          76g/ImidFdcuAeLjtlJbY9hwfAG9wk0VIBV/YBRZNmE=
Subject key identifier:   EF:31:C8:0E:BE:8E:14:59:DA:2E:FA:D5:F5:D0:21:DF:45:97:DE:77
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EBBFE6A9FB86BD92E3931FDBC2A952A00
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7zHIDr6OFFnaLvrV9dAh30WX3nc.roa
Signing time:             Fri 12 Jun 2026 13:21:13 +0000
ROA not before:           Fri 12 Jun 2026 13:21:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59253
IP address blocks:        151.246.1.0/24 maxlen: 24
                          151.246.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bb:fe:6a:9f:b8:6b:d9:2e:39:31:fd:bc:2a:95:2a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 12 13:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef31c80ebe8e1459da2efad5f5d021df4597de77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3b:75:c6:0f:95:51:c1:d9:b9:eb:5c:b5:24:
                    bb:79:3b:cb:f6:88:6d:97:be:a3:15:4b:c2:c1:35:
                    a6:54:9f:94:39:99:b7:ce:b6:3a:95:a1:2b:c5:a4:
                    53:46:65:dc:36:6f:d3:57:47:0f:1b:4e:a0:f2:21:
                    0c:b9:d6:a7:7e:bb:e4:5d:06:2a:6d:5e:fd:14:17:
                    bf:56:84:28:0d:ba:d4:d5:a0:7a:1b:ae:a1:eb:9a:
                    7d:dd:42:d6:37:f3:9e:4e:b0:d8:ea:6d:4a:e4:04:
                    5e:36:f8:cd:12:a8:bd:42:07:a7:1e:8a:47:ed:78:
                    2a:7d:82:fc:a9:08:0c:db:dc:4d:a7:7f:94:b5:d0:
                    65:60:90:af:b9:1c:62:52:8d:46:d6:ab:b5:59:9c:
                    64:78:d9:fc:94:21:f6:88:a9:69:1a:07:a7:e7:ae:
                    80:2a:0c:d4:c3:69:5b:94:38:72:ff:b0:57:db:00:
                    49:94:c9:29:04:ca:cc:67:50:10:8d:68:fc:46:a6:
                    ef:e7:34:99:50:8d:34:74:87:9b:a8:7e:0d:df:bb:
                    a8:db:08:9d:55:2c:16:a4:a3:58:cb:cd:bc:de:51:
                    a1:d0:be:6a:21:a5:bd:3a:44:be:cc:31:ee:37:f4:
                    50:3f:bf:32:55:9a:e2:b9:7d:63:44:2a:4d:d4:d5:
                    6c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:31:C8:0E:BE:8E:14:59:DA:2E:FA:D5:F5:D0:21:DF:45:97:DE:77
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7zHIDr6OFFnaLvrV9dAh30WX3nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.1.0/24
                  151.246.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:14:c9:f1:28:17:55:65:f5:e6:bc:37:d1:cd:46:86:99:75:
         c3:bc:96:25:70:28:d0:b0:08:d2:73:72:4e:fd:88:63:df:bb:
         9d:29:e9:32:0d:0d:e4:99:4d:9f:56:f4:62:3a:9c:6d:fc:07:
         a7:5c:d9:61:4f:eb:6f:78:31:9c:30:2d:d0:37:54:99:8e:e2:
         b1:6c:f2:cd:4e:d0:4e:3b:f5:9f:09:59:6d:e0:e0:34:7f:13:
         49:03:59:c5:42:67:1a:c9:99:66:48:78:05:b1:75:7c:84:ca:
         2f:86:2d:a0:ab:a5:36:03:4a:1b:52:ae:58:b2:bc:6b:15:ad:
         7c:d2:4f:b7:a0:1f:29:02:e8:88:ce:32:3e:fa:61:c9:de:ea:
         03:38:c5:7d:72:56:fa:29:e7:bc:d6:91:30:98:11:68:fb:a8:
         8e:df:1a:5d:f6:29:52:93:1f:cc:b9:73:00:14:ad:cd:3d:53:
         b8:ff:0a:37:ef:78:c8:00:ff:be:e5:9d:06:14:75:3f:a2:f5:
         6b:49:05:55:7a:8e:c5:0a:c9:b0:45:8d:5a:99:bf:5b:b9:e1:
         94:93:af:8f:56:4d:c6:d9:64:8c:4c:0f:85:04:78:32:9c:8c:
         bb:5d:3f:cd:25:25:01:6a:60:1c:fa:a1:29:4a:47:cd:90:22:
         92:88:b8:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ67/mqfuGvZLjkx/bwqlSoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjEyMTMyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjMxYzgwZWJlOGUxNDU5ZGEyZWZhZDVmNWQwMjFkZjQ1OTdkZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTt1xg+VUcHZuetctSS7eTvL9oht
l76jFUvCwTWmVJ+UOZm3zrY6laErxaRTRmXcNm/TV0cPG06g8iEMudanfrvkXQYq
bV79FBe/VoQoDbrU1aB6G66h65p93ULWN/OeTrDY6m1K5AReNvjNEqi9QgenHopH
7XgqfYL8qQgM29xNp3+UtdBlYJCvuRxiUo1G1qu1WZxkeNn8lCH2iKlpGgen566A
KgzUw2lblDhy/7BX2wBJlMkpBMrMZ1AQjWj8Rqbv5zSZUI00dIebqH4N37uo2wid
VSwWpKNYy8283lGh0L5qIaW9OkS+zDHuN/RQP78yVZriuX1jRCpN1NVslQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO8xyA6+jhRZ2i761fXQId9Fl953MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvN3pISURyNk9GRm5hTHZyVjlkQWgzMFdYM25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/YBAwQA
l/a2MA0GCSqGSIb3DQEBCwUAA4IBAQBgFMnxKBdVZfXmvDfRzUaGmXXDvJYlcCjQ
sAjSc3JO/Yhj37udKekyDQ3kmU2fVvRiOpxt/AenXNlhT+tveDGcMC3QN1SZjuKx
bPLNTtBOO/WfCVlt4OA0fxNJA1nFQmcayZlmSHgFsXV8hMovhi2gq6U2A0obUq5Y
srxrFa180k+3oB8pAuiIzjI++mHJ3uoDOMV9clb6Kee81pEwmBFo+6iO3xpd9ilS
kx/MuXMAFK3NPVO4/wo373jIAP++5Z0GFHU/ovVrSQVVeo7FCsmwRY1amb9bueGU
k6+PVk3G2WSMTA+FBHgynIy7XT/NJSUBamAc+qEpSkfNkCKSiLgY
-----END CERTIFICATE-----