Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9JQeHSN1QLG6ijJJygeYikxKi4U.roa
File:                     9JQeHSN1QLG6ijJJygeYikxKi4U.roa (raw, json)
Hash identifier:          HBqvgSGvG23FBBSDB+gIBzyyroxt3YILbnaVZvl5asY=
Subject key identifier:   F4:94:1E:1D:23:75:40:B1:BA:8A:32:49:CA:07:98:8A:4C:4A:8B:85
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D7328B7BBCB6A78FB0802377D7FC15BDF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9JQeHSN1QLG6ijJJygeYikxKi4U.roa
Signing time:             Thu 09 Apr 2026 16:52:21 +0000
ROA not before:           Thu 09 Apr 2026 16:52:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7488
IP address blocks:        151.243.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:73:28:b7:bb:cb:6a:78:fb:08:02:37:7d:7f:c1:5b:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr  9 16:52:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4941e1d237540b1ba8a3249ca07988a4c4a8b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5e:da:88:d5:36:fa:e0:f0:f3:ce:d1:c4:bf:
                    f3:d2:86:0b:a9:54:cb:06:eb:e7:78:e6:cd:45:fc:
                    6d:be:66:fe:dd:57:3b:49:2e:a0:ac:c6:1c:3c:95:
                    6e:a8:7b:75:01:87:cb:69:64:f2:d4:1e:d1:a1:26:
                    6c:7c:74:ca:8c:a1:6e:1f:28:a7:27:62:eb:cd:1a:
                    25:8e:0e:d8:86:1f:e4:a3:7e:ea:af:4c:61:7b:02:
                    ee:5a:93:e4:99:65:64:13:1f:98:61:75:6c:43:27:
                    26:96:dc:49:97:20:ae:59:a0:40:a1:1c:af:e3:8d:
                    92:66:a1:c7:61:c6:d9:01:3f:90:d5:43:32:3f:4a:
                    e9:1e:3d:d6:3a:3d:ab:80:2b:7c:cb:2d:13:f7:99:
                    de:01:ab:8c:af:ee:7c:31:ca:39:d8:cc:9e:c1:3e:
                    b3:06:42:97:ce:69:42:9d:c7:ff:0d:ea:7c:aa:2d:
                    50:4e:44:2a:f3:a9:5a:9d:9c:e8:50:1d:b4:43:f7:
                    64:9b:f6:58:d4:a2:a1:3c:58:25:8b:78:fa:36:55:
                    f8:13:a5:4d:e0:ea:57:60:a2:49:7f:23:cc:f4:ad:
                    40:38:19:7d:b1:e6:07:4c:78:23:74:20:ff:0b:b2:
                    7f:02:ea:ba:7f:af:ef:39:0b:c1:94:b6:e9:be:18:
                    e2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:94:1E:1D:23:75:40:B1:BA:8A:32:49:CA:07:98:8A:4C:4A:8B:85
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9JQeHSN1QLG6ijJJygeYikxKi4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:6a:49:11:f4:55:00:1d:60:bf:e3:92:fe:ab:3f:ea:72:da:
         aa:d4:c2:99:65:73:5f:48:47:ec:57:74:be:46:bf:6c:13:e6:
         f0:74:3a:ce:05:c8:3d:42:1c:0d:da:00:df:a0:f1:19:7e:f4:
         d4:58:1a:8a:1a:d7:b2:fd:ca:ea:31:c5:72:aa:bf:f7:b3:41:
         f4:aa:cb:f1:31:0a:1e:45:ee:9e:cb:54:0f:d3:b7:f9:a4:5d:
         b3:e2:a3:a0:8f:cc:b4:d5:9c:a7:db:47:b7:5b:68:ba:16:38:
         8e:35:8c:32:c7:04:78:21:75:a9:f8:da:bd:e8:c9:d7:36:06:
         b3:16:4d:0e:6c:bc:c7:bd:e6:37:07:a3:1b:2f:c3:e8:5e:03:
         45:72:ac:1c:a0:d0:74:20:9f:1f:89:f5:a4:a0:13:59:fc:10:
         e6:8e:81:70:ea:74:ce:b2:ba:31:f2:cc:6c:87:e7:13:8b:ce:
         00:4e:5a:36:57:d7:47:a2:93:5a:b8:51:1f:39:5b:b4:47:98:
         46:82:0c:08:8b:4e:87:72:16:62:73:44:f8:a3:ce:8c:a6:65:
         fa:f4:9d:bc:aa:a4:85:65:e3:e0:9e:8f:c8:2d:33:72:6e:65:
         74:4f:e6:c0:48:b2:20:76:95:7c:49:41:16:d5:76:6f:b8:02:
         26:c3:f6:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1zKLe7y2p4+wgCN31/wVvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDA5MTY1MjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDk0MWUxZDIzNzU0MGIxYmE4YTMyNDljYTA3OTg4YTRjNGE4Yjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA017aiNU2+uDw887RxL/z0oYLqVTL
BuvneObNRfxtvmb+3Vc7SS6grMYcPJVuqHt1AYfLaWTy1B7RoSZsfHTKjKFuHyin
J2LrzRoljg7Yhh/ko37qr0xhewLuWpPkmWVkEx+YYXVsQycmltxJlyCuWaBAoRyv
442SZqHHYcbZAT+Q1UMyP0rpHj3WOj2rgCt8yy0T95neAauMr+58Mco52MyewT6z
BkKXzmlCncf/Dep8qi1QTkQq86lanZzoUB20Q/dkm/ZY1KKhPFgli3j6NlX4E6VN
4OpXYKJJfyPM9K1AOBl9seYHTHgjdCD/C7J/Auq6f6/vOQvBlLbpvhjiyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSUHh0jdUCxuooyScoHmIpMSouFMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOUpRZUhTTjFRTEc2aWpKSnlnZVlpa3hLaTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCl/PAMA0G
CSqGSIb3DQEBCwUAA4IBAQByakkR9FUAHWC/45L+qz/qctqq1MKZZXNfSEfsV3S+
Rr9sE+bwdDrOBcg9QhwN2gDfoPEZfvTUWBqKGtey/crqMcVyqr/3s0H0qsvxMQoe
Re6ey1QP07f5pF2z4qOgj8y01Zyn20e3W2i6FjiONYwyxwR4IXWp+Nq96MnXNgaz
Fk0ObLzHveY3B6MbL8PoXgNFcqwcoNB0IJ8fifWkoBNZ/BDmjoFw6nTOsrox8sxs
h+cTi84ATlo2V9dHopNauFEfOVu0R5hGggwIi06HchZic0T4o86MpmX69J28qqSF
ZePgno/ILTNybmV0T+bASLIgdpV8SUEW1XZvuAImw/bd
-----END CERTIFICATE-----