Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OfrHg7jePDEF9Gmwz5Mu-EYGkGI.roa
File:                     OfrHg7jePDEF9Gmwz5Mu-EYGkGI.roa (raw, json)
Hash identifier:          11ObIwf95kHLkbXEolazDx5tHl3E+x0xtDhHPByj5nA=
Subject key identifier:   39:FA:C7:83:B8:DE:3C:31:05:F4:69:B0:CF:93:2E:F8:46:06:90:62
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EAC9392C2E2FAFD88DBA793CFD0ABA4BE
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OfrHg7jePDEF9Gmwz5Mu-EYGkGI.roa
Signing time:             Tue 09 Jun 2026 13:30:13 +0000
ROA not before:           Tue 09 Jun 2026 13:30:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134488
IP address blocks:        151.246.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:13:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:93:92:c2:e2:fa:fd:88:db:a7:93:cf:d0:ab:a4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  9 13:30:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39fac783b8de3c3105f469b0cf932ef846069062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b8:6b:0f:28:a8:f8:7c:c1:6d:65:c4:e5:2f:
                    77:5d:34:d2:29:63:61:29:3b:84:16:9d:f0:7d:5a:
                    49:15:37:55:77:6b:8d:e4:ac:e0:ae:b9:4a:02:51:
                    f8:ce:ea:6b:83:8c:3a:ac:df:40:f9:d6:44:82:98:
                    58:1d:39:e1:be:c1:e3:b4:44:ea:52:ec:f4:63:bd:
                    1c:8f:04:cf:7f:c9:5e:6b:d7:76:86:2d:c2:50:cb:
                    a5:ff:a4:d9:52:16:16:2b:2f:d5:5f:cf:74:a3:89:
                    44:2b:bd:25:0b:c1:5e:2f:05:af:99:88:ba:11:90:
                    34:83:17:0d:d9:47:02:17:fb:d1:26:ac:06:83:d7:
                    b5:5e:fe:03:08:78:22:fd:a7:b6:6e:ef:a2:3f:cd:
                    3c:07:eb:df:fb:a2:42:94:63:f3:88:20:ea:44:54:
                    14:1d:28:a9:6d:94:5b:1f:1e:65:03:a2:de:12:f2:
                    5a:06:1d:d4:c4:1a:8a:27:c3:7b:67:0f:17:bf:29:
                    d1:3c:7d:43:5a:19:90:d4:d0:dc:1b:10:80:18:73:
                    5f:c3:fa:97:c6:e8:f5:22:07:e6:6b:12:5d:c1:ed:
                    63:da:b6:d8:79:10:97:a9:30:df:9e:cd:f6:e4:36:
                    60:c4:8e:30:fa:7d:b8:3f:01:13:6b:17:2e:0c:d7:
                    3b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:FA:C7:83:B8:DE:3C:31:05:F4:69:B0:CF:93:2E:F8:46:06:90:62
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OfrHg7jePDEF9Gmwz5Mu-EYGkGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:cd:4f:66:c3:c1:64:dd:cc:20:95:ed:95:f9:72:69:43:bf:
         b5:08:cd:d1:f5:3b:18:d2:31:58:5f:2b:4d:2c:fb:e9:ab:ca:
         f7:5a:f2:1b:7d:15:e9:9a:f7:78:ea:53:eb:c3:38:09:3e:2f:
         dc:e2:ee:35:66:0d:77:27:e8:ff:0a:0d:13:25:f0:26:13:4d:
         d3:7a:84:2f:e0:9f:cb:2c:a5:04:7e:e7:9a:3d:32:7c:63:a1:
         d1:77:32:8f:57:83:9d:ef:4d:84:69:4c:f2:0d:bc:93:4c:4b:
         3f:60:62:57:1a:ce:ed:9b:21:33:fd:05:c7:1c:4e:6d:62:bb:
         fb:ef:41:e6:82:d7:3f:22:e4:82:f2:d4:6e:22:32:ed:c5:64:
         c4:69:df:40:1b:d2:92:50:40:47:a3:c7:3e:28:54:ee:6e:7e:
         73:52:44:0a:dd:6d:cb:33:80:79:45:9b:43:b6:b9:1e:71:73:
         47:c9:44:58:3f:d8:80:57:5a:73:dd:22:8d:05:3a:f7:b0:d2:
         68:54:bb:32:8b:2a:3e:07:96:bf:86:57:30:b7:36:cf:76:9b:
         a0:da:43:9c:83:ca:94:01:2b:2f:b2:8a:2f:e0:4f:bb:16:53:
         d3:b6:73:d1:f8:fe:fc:2d:a4:53:4f:6c:cc:e6:65:58:21:f1:
         a4:02:31:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sk5LC4vr9iNunk8/Qq6S+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA5MTMzMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWZhYzc4M2I4ZGUzYzMxMDVmNDY5YjBjZjkzMmVmODQ2MDY5MDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7hrDyio+HzBbWXE5S93XTTSKWNh
KTuEFp3wfVpJFTdVd2uN5KzgrrlKAlH4zuprg4w6rN9A+dZEgphYHTnhvsHjtETq
Uuz0Y70cjwTPf8lea9d2hi3CUMul/6TZUhYWKy/VX890o4lEK70lC8FeLwWvmYi6
EZA0gxcN2UcCF/vRJqwGg9e1Xv4DCHgi/ae2bu+iP808B+vf+6JClGPziCDqRFQU
HSipbZRbHx5lA6LeEvJaBh3UxBqKJ8N7Zw8XvynRPH1DWhmQ1NDcGxCAGHNfw/qX
xuj1IgfmaxJdwe1j2rbYeRCXqTDfns325DZgxI4w+n24PwETaxcuDNc7OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDn6x4O43jwxBfRpsM+TLvhGBpBiMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvT2ZySGc3amVQREVGOUdtd3o1TXUtRVlHa0dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/alMA0G
CSqGSIb3DQEBCwUAA4IBAQAxzU9mw8Fk3cwgle2V+XJpQ7+1CM3R9TsY0jFYXytN
LPvpq8r3WvIbfRXpmvd46lPrwzgJPi/c4u41Zg13J+j/Cg0TJfAmE03TeoQv4J/L
LKUEfueaPTJ8Y6HRdzKPV4Od702EaUzyDbyTTEs/YGJXGs7tmyEz/QXHHE5tYrv7
70Hmgtc/IuSC8tRuIjLtxWTEad9AG9KSUEBHo8c+KFTubn5zUkQK3W3LM4B5RZtD
trkecXNHyURYP9iAV1pz3SKNBTr3sNJoVLsyiyo+B5a/hlcwtzbPdpug2kOcg8qU
ASsvsoov4E+7FlPTtnPR+P78LaRTT2zM5mVYIfGkAjFq
-----END CERTIFICATE-----