Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EYMtw8BFG7ardK1EPkfe_H2Xx-s.roa
File:                     EYMtw8BFG7ardK1EPkfe_H2Xx-s.roa (raw, json)
Hash identifier:          k8zBJ4N7WrP7bGvCyWR4gVzM+NMeK9KVITi8CZtpVBI=
Subject key identifier:   11:83:2D:C3:C0:45:1B:B6:AB:74:AD:44:3E:47:DE:FC:7D:97:C7:EB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E93DA83F8A0A86F95EB6BFD39280F35CC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EYMtw8BFG7ardK1EPkfe_H2Xx-s.roa
Signing time:             Thu 04 Jun 2026 18:17:11 +0000
ROA not before:           Thu 04 Jun 2026 18:17:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        151.241.17.0/24 maxlen: 24
                          151.246.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:da:83:f8:a0:a8:6f:95:eb:6b:fd:39:28:0f:35:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  4 18:17:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11832dc3c0451bb6ab74ad443e47defc7d97c7eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cc:8a:7c:3a:d1:2c:e4:21:1e:38:c3:3a:01:
                    64:f7:b5:be:f4:d5:1d:1d:87:be:e6:fe:53:e5:5c:
                    b7:ce:4d:96:9c:f4:3c:79:38:2c:3b:47:a3:3b:2f:
                    04:7e:68:de:7a:39:ca:1e:59:4f:af:60:7a:d9:a2:
                    85:5b:c9:13:c8:76:83:77:5d:43:2a:24:be:de:16:
                    5f:50:29:a8:1a:b9:60:2e:1e:c4:c1:46:da:fc:81:
                    62:db:a7:d0:d0:c1:70:ff:b7:93:36:a3:f9:39:94:
                    19:1c:37:84:f8:83:a3:f4:9a:c4:b8:46:da:f7:62:
                    77:4d:29:66:a5:16:20:26:07:ad:f1:3c:1e:4e:ca:
                    15:5c:58:d7:1c:3c:4b:5e:75:21:dd:96:45:fa:20:
                    fa:84:fe:a3:3b:d1:5a:e3:47:4c:4b:54:1f:3b:1a:
                    24:ba:b2:96:c1:73:33:02:80:e3:73:49:ef:23:53:
                    7e:f8:43:45:33:29:ee:36:12:74:52:4e:91:87:cc:
                    15:bc:30:21:4d:bb:ce:de:ed:22:27:35:58:04:f0:
                    94:33:c3:b7:8d:ae:d8:cc:6a:e3:62:07:76:85:b2:
                    9b:33:a7:23:03:28:83:0b:d0:ed:27:5a:25:59:89:
                    d0:10:4b:79:f9:fb:a9:64:54:dd:11:96:c4:64:57:
                    68:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:83:2D:C3:C0:45:1B:B6:AB:74:AD:44:3E:47:DE:FC:7D:97:C7:EB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EYMtw8BFG7ardK1EPkfe_H2Xx-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.17.0/24
                  151.246.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:17:5e:6f:0b:ad:cd:fa:58:0e:68:0b:de:b2:91:f8:f2:b4:
         6e:b2:4b:78:7a:b0:32:5a:b3:39:3e:4f:d8:a6:73:2a:e1:30:
         2a:60:23:29:84:4d:f4:fd:9e:ce:d0:ba:3f:67:42:d7:6d:35:
         cd:16:98:53:d3:0b:25:92:1c:ad:38:d5:97:a5:b6:2c:51:00:
         11:1b:bf:57:43:7d:f7:d8:f6:51:80:79:71:ce:fa:cf:07:65:
         de:d7:5a:07:4b:90:77:ee:3c:97:0b:97:61:c3:25:2b:d2:3c:
         e4:fa:7d:53:62:af:f8:6e:0e:f0:74:e6:c6:34:83:bb:41:35:
         75:39:49:bd:30:71:15:c5:4c:9f:7a:cc:e1:d6:5f:e8:0f:03:
         27:71:c2:dd:1b:99:fd:07:16:9a:65:29:d0:0c:82:0f:29:06:
         c3:58:2a:36:e5:6c:5a:a6:c5:d9:ec:d0:a4:d6:51:5a:36:b1:
         8a:a1:a2:fc:19:a1:7d:f7:43:bf:a2:26:0c:b3:60:34:89:ee:
         4c:e9:88:9c:d2:8e:3d:0b:15:da:37:1b:9a:81:16:3e:7b:7b:
         20:02:4e:00:73:53:33:40:55:3c:c4:2d:24:86:8c:57:e8:05:
         96:7f:21:27:ad:86:36:20:2e:31:54:a7:38:5d:fd:7f:19:e3:
         08:e1:2a:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6T2oP4oKhvletr/TkoDzXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA0MTgxNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTgzMmRjM2MwNDUxYmI2YWI3NGFkNDQzZTQ3ZGVmYzdkOTdjN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMyKfDrRLOQhHjjDOgFk97W+9NUd
HYe+5v5T5Vy3zk2WnPQ8eTgsO0ejOy8EfmjeejnKHllPr2B62aKFW8kTyHaDd11D
KiS+3hZfUCmoGrlgLh7EwUba/IFi26fQ0MFw/7eTNqP5OZQZHDeE+IOj9JrEuEba
92J3TSlmpRYgJget8TweTsoVXFjXHDxLXnUh3ZZF+iD6hP6jO9Fa40dMS1QfOxok
urKWwXMzAoDjc0nvI1N++ENFMynuNhJ0Uk6Rh8wVvDAhTbvO3u0iJzVYBPCUM8O3
ja7YzGrjYgd2hbKbM6cjAyiDC9DtJ1olWYnQEEt5+fupZFTdEZbEZFdo+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBGDLcPARRu2q3StRD5H3vx9l8frMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRVlNdHc4QkZHN2FyZEsxRVBrZmVfSDJYeC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/ERAwQC
l/aEMA0GCSqGSIb3DQEBCwUAA4IBAQAfF15vC63N+lgOaAvespH48rRuskt4erAy
WrM5Pk/YpnMq4TAqYCMphE30/Z7O0Lo/Z0LXbTXNFphT0wslkhytONWXpbYsUQAR
G79XQ3332PZRgHlxzvrPB2Xe11oHS5B37jyXC5dhwyUr0jzk+n1TYq/4bg7wdObG
NIO7QTV1OUm9MHEVxUyfeszh1l/oDwMnccLdG5n9BxaaZSnQDIIPKQbDWCo25Wxa
psXZ7NCk1lFaNrGKoaL8GaF990O/oiYMs2A0ie5M6Yic0o49CxXaNxuagRY+e3sg
Ak4Ac1MzQFU8xC0khoxX6AWWfyEnrYY2IC4xVKc4Xf1/GeMI4So3
-----END CERTIFICATE-----