Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/I0JH0PoG61esuqtWyYfbOThwEks.roa
File:                     I0JH0PoG61esuqtWyYfbOThwEks.roa (raw, json)
Hash identifier:          4uXFzdLZ8bn3l/P1NKMdjpxd95v50pPIeKD1fIApwCs=
Subject key identifier:   23:42:47:D0:FA:06:EB:57:AC:BA:AB:56:C9:87:DB:39:38:70:12:4B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EA6B359C4A67BF045C632A5D0DD62B938
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/I0JH0PoG61esuqtWyYfbOThwEks.roa
Signing time:             Mon 08 Jun 2026 10:07:12 +0000
ROA not before:           Mon 08 Jun 2026 10:07:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213840
IP address blocks:        151.244.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:b3:59:c4:a6:7b:f0:45:c6:32:a5:d0:dd:62:b9:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  8 10:07:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=234247d0fa06eb57acbaab56c987db393870124b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e3:8f:6f:2a:19:63:69:45:cc:fc:a5:eb:2e:
                    e5:ca:ba:3d:a4:28:55:c7:c6:7a:94:29:8f:01:88:
                    d2:07:0c:d4:b3:d4:35:a0:cd:95:b5:ba:3b:5d:ca:
                    f7:7f:64:02:04:40:67:d8:ea:46:86:80:15:88:cd:
                    3d:3d:ea:d5:6f:21:94:48:51:59:ef:70:47:e7:6d:
                    2d:95:6f:04:ed:76:71:d6:3a:14:de:02:f8:b0:1c:
                    b2:df:bf:16:66:87:77:44:ae:7c:d2:11:85:09:42:
                    80:0e:11:f7:76:56:12:ce:87:07:a0:8e:c6:87:bb:
                    c5:b8:c2:ea:f7:22:28:bf:8c:56:bb:69:2f:7c:99:
                    90:ac:4b:a4:15:13:97:81:bd:e3:c8:77:98:0c:0e:
                    cb:cd:9e:2c:e8:a0:36:14:a8:0d:e8:8d:30:ee:9d:
                    ab:5f:76:23:ad:37:16:c5:1a:86:c6:d6:fc:01:69:
                    40:29:ae:42:1d:d2:e3:ab:d0:7a:ad:be:1d:02:ee:
                    75:3e:50:7e:f9:78:d2:de:99:93:57:9a:aa:fe:33:
                    b4:5e:ab:cc:08:45:6a:7d:f0:2e:68:9b:02:40:22:
                    42:a5:96:29:b9:b8:cc:ec:65:87:07:63:4d:01:2e:
                    0d:9e:31:94:15:30:b3:7e:06:62:ad:a8:2f:8a:a4:
                    12:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:42:47:D0:FA:06:EB:57:AC:BA:AB:56:C9:87:DB:39:38:70:12:4B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/I0JH0PoG61esuqtWyYfbOThwEks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:83:20:52:33:eb:9e:b6:6f:4c:c6:86:86:d3:35:c9:b3:25:
         5a:14:6b:c7:71:28:ad:a4:36:03:68:c0:6c:8e:da:e6:f2:50:
         6a:7b:50:57:7a:52:19:ff:80:b5:81:6f:d1:1b:85:c4:26:b2:
         13:ff:36:e8:5b:27:75:2c:9a:d8:cb:1b:68:28:d1:58:41:5b:
         f5:35:dc:cc:d1:87:ac:dc:d4:fe:d9:78:99:26:53:7d:a5:44:
         6d:39:85:d6:a6:f1:6a:9e:46:14:60:6c:6d:de:89:ee:2d:1f:
         96:ef:fc:01:e8:37:22:ae:b3:6f:8c:27:80:ef:13:98:b7:fc:
         5e:cb:c2:c5:bb:a6:e5:99:ea:26:92:e5:21:d4:9a:ce:8d:c5:
         7e:71:20:3b:f6:75:61:20:f7:3e:62:81:d1:ab:ba:02:ce:5c:
         e7:f7:6f:3b:92:70:28:c2:a2:a5:0a:0f:5c:e8:ba:26:d3:65:
         a6:80:97:00:6b:f5:18:25:17:01:01:40:da:a2:d0:1f:1a:3f:
         96:69:ca:a7:12:fd:81:e2:a1:39:20:08:59:a4:c2:ac:72:4f:
         35:6b:d6:6b:e7:43:84:25:16:ca:37:a9:26:02:72:75:ef:5c:
         b3:ff:ce:5c:8c:7e:15:92:80:d7:78:f5:98:77:4a:5c:d7:54:
         dd:2b:ed:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ms1nEpnvwRcYypdDdYrk4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA4MTAwNzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQyNDdkMGZhMDZlYjU3YWNiYWFiNTZjOTg3ZGIzOTM4NzAxMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuOPbyoZY2lFzPyl6y7lyro9pChV
x8Z6lCmPAYjSBwzUs9Q1oM2Vtbo7Xcr3f2QCBEBn2OpGhoAViM09PerVbyGUSFFZ
73BH520tlW8E7XZx1joU3gL4sByy378WZod3RK580hGFCUKADhH3dlYSzocHoI7G
h7vFuMLq9yIov4xWu2kvfJmQrEukFROXgb3jyHeYDA7LzZ4s6KA2FKgN6I0w7p2r
X3YjrTcWxRqGxtb8AWlAKa5CHdLjq9B6rb4dAu51PlB++XjS3pmTV5qq/jO0XqvM
CEVqffAuaJsCQCJCpZYpubjM7GWHB2NNAS4NnjGUFTCzfgZiragviqQS+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNCR9D6ButXrLqrVsmH2zk4cBJLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSTBKSDBQb0c2MWVzdXF0V3lZZmJPVGh3RWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/SHMA0G
CSqGSIb3DQEBCwUAA4IBAQBIgyBSM+uetm9MxoaG0zXJsyVaFGvHcSitpDYDaMBs
jtrm8lBqe1BXelIZ/4C1gW/RG4XEJrIT/zboWyd1LJrYyxtoKNFYQVv1NdzM0Yes
3NT+2XiZJlN9pURtOYXWpvFqnkYUYGxt3onuLR+W7/wB6DcirrNvjCeA7xOYt/xe
y8LFu6blmeomkuUh1JrOjcV+cSA79nVhIPc+YoHRq7oCzlzn9287knAowqKlCg9c
6Lom02WmgJcAa/UYJRcBAUDaotAfGj+WacqnEv2B4qE5IAhZpMKsck81a9Zr50OE
JRbKN6kmAnJ171yz/85cjH4VkoDXePWYd0pc11TdK+0H
-----END CERTIFICATE-----