Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HM4CNGLdFWAaMIJaJOzc7T1nS_4.roa
File:                     HM4CNGLdFWAaMIJaJOzc7T1nS_4.roa (raw, json)
Hash identifier:          b/Js6BN1Pp4EvVxiso/8jv2GxE4PCRpRhAHk8cSabeM=
Subject key identifier:   1C:CE:02:34:62:DD:15:60:1A:30:82:5A:24:EC:DC:ED:3D:67:4B:FE
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D3322E8E720A3889921733F5A9D65F8D4
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HM4CNGLdFWAaMIJaJOzc7T1nS_4.roa
Signing time:             Sat 28 Mar 2026 06:30:19 +0000
ROA not before:           Sat 28 Mar 2026 06:30:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199783
IP address blocks:        151.243.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:22:e8:e7:20:a3:88:99:21:73:3f:5a:9d:65:f8:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 28 06:30:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cce023462dd15601a30825a24ecdced3d674bfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:15:56:96:f5:4f:35:8a:0c:a8:29:37:ea:9e:
                    45:04:3b:92:b3:5a:c8:26:15:08:d9:e8:bf:3f:c4:
                    cd:55:2b:15:a8:10:c5:a5:46:85:be:1d:aa:bd:a3:
                    10:1c:db:24:b2:88:53:73:8b:f7:49:f8:50:0d:90:
                    0b:04:09:1a:90:10:ae:cc:89:3f:b3:17:5d:f7:8c:
                    3d:d2:24:69:eb:ba:91:58:ca:a3:71:2f:7b:3e:6d:
                    d5:a1:0b:f6:a2:90:23:1a:b6:f0:56:01:4e:0b:14:
                    38:6f:80:50:9b:18:d7:70:90:78:41:2e:cf:29:cb:
                    19:ac:c8:f1:25:b1:af:14:b6:ac:e6:ca:b5:cb:74:
                    bb:1d:25:ef:cb:65:c8:28:fd:ff:45:c7:8f:9a:90:
                    7b:39:3a:9a:c9:b5:0b:29:17:c7:bc:5f:2a:3e:82:
                    ec:5f:a9:3e:b9:a4:38:34:7c:d7:b8:b2:bb:02:c6:
                    6a:59:99:42:41:7b:15:71:74:d4:d4:69:0e:9d:cf:
                    9d:5f:bb:b0:c8:4f:2c:28:93:54:3a:94:0a:15:b1:
                    8d:35:b0:ef:ce:41:09:7c:94:d2:09:22:e5:64:ae:
                    5f:be:ff:3e:0c:31:10:c0:22:c8:53:ce:1d:16:08:
                    53:52:01:c9:9e:b5:a8:49:30:97:21:83:6f:ea:2f:
                    e0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:CE:02:34:62:DD:15:60:1A:30:82:5A:24:EC:DC:ED:3D:67:4B:FE
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HM4CNGLdFWAaMIJaJOzc7T1nS_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:d1:aa:0a:3d:a1:3f:a4:ad:ae:14:f1:cf:3a:8d:aa:2f:70:
         f0:b0:ea:68:56:99:f0:3c:64:fb:79:bb:95:e0:fa:05:a7:5d:
         03:9b:1b:44:71:c6:84:f9:bd:7a:45:8a:13:25:2c:6b:79:c4:
         d0:af:b3:9c:4b:f2:de:c7:9d:00:13:6e:98:6d:8c:2e:8b:9a:
         7e:0c:bf:17:63:78:5e:73:8e:2b:3a:ee:db:f6:3f:57:b8:5c:
         f4:b3:89:ed:d5:56:40:81:98:4a:13:6d:cf:d8:ac:05:f5:22:
         5c:ce:f6:85:32:9f:97:16:ce:c9:c3:37:e7:a0:7b:40:cc:15:
         43:dc:77:46:e2:84:b0:ad:b8:a5:bc:04:66:ac:04:a1:5f:02:
         52:d0:40:bf:88:a2:4d:8f:99:d6:de:6b:05:8e:94:4a:70:37:
         a7:9b:39:b4:5b:ba:fb:5a:72:8e:44:f9:26:1b:fc:dd:2c:25:
         7d:3d:2a:d1:c4:d8:d7:37:23:b3:76:5d:31:db:6a:c8:d7:2b:
         98:af:f7:c7:fb:a3:d8:b4:79:cd:40:7d:03:a6:b5:07:6b:3c:
         af:85:98:9b:55:2c:e3:dd:4b:00:4e:9a:fd:b9:33:8a:ad:31:
         2d:2c:94:64:61:02:6f:72:cc:06:b9:6f:0b:86:7d:a7:67:72:
         c4:45:0b:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0zIujnIKOImSFzP1qdZfjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzI4MDYzMDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2NlMDIzNDYyZGQxNTYwMWEzMDgyNWEyNGVjZGNlZDNkNjc0YmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxVWlvVPNYoMqCk36p5FBDuSs1rI
JhUI2ei/P8TNVSsVqBDFpUaFvh2qvaMQHNsksohTc4v3SfhQDZALBAkakBCuzIk/
sxdd94w90iRp67qRWMqjcS97Pm3VoQv2opAjGrbwVgFOCxQ4b4BQmxjXcJB4QS7P
KcsZrMjxJbGvFLas5sq1y3S7HSXvy2XIKP3/RcePmpB7OTqaybULKRfHvF8qPoLs
X6k+uaQ4NHzXuLK7AsZqWZlCQXsVcXTU1GkOnc+dX7uwyE8sKJNUOpQKFbGNNbDv
zkEJfJTSCSLlZK5fvv8+DDEQwCLIU84dFghTUgHJnrWoSTCXIYNv6i/gLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzOAjRi3RVgGjCCWiTs3O09Z0v+MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSE00Q05HTGRGV0FhTUlKYUpPemM3VDFuU180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/P9MA0G
CSqGSIb3DQEBCwUAA4IBAQAR0aoKPaE/pK2uFPHPOo2qL3DwsOpoVpnwPGT7ebuV
4PoFp10DmxtEccaE+b16RYoTJSxrecTQr7OcS/Lex50AE26YbYwui5p+DL8XY3he
c44rOu7b9j9XuFz0s4nt1VZAgZhKE23P2KwF9SJczvaFMp+XFs7JwzfnoHtAzBVD
3HdG4oSwrbilvARmrAShXwJS0EC/iKJNj5nW3msFjpRKcDenmzm0W7r7WnKORPkm
G/zdLCV9PSrRxNjXNyOzdl0x22rI1yuYr/fH+6PYtHnNQH0DprUHazyvhZibVSzj
3UsATpr9uTOKrTEtLJRkYQJvcswGuW8Lhn2nZ3LERQsa
-----END CERTIFICATE-----