Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/X1iOR1DpWyURyglXIpEAcg-MG30.roa
File:                     X1iOR1DpWyURyglXIpEAcg-MG30.roa (raw, json)
Hash identifier:          BucKM35hrP6V10MQ1CPu3oDpLFj4OfUvpwFpzhHg8Hg=
Subject key identifier:   5F:58:8E:47:50:E9:5B:25:11:CA:09:57:22:91:00:72:0F:8C:1B:7D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EA5B79359787A175E2BA741C31F81E86A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/X1iOR1DpWyURyglXIpEAcg-MG30.roa
Signing time:             Mon 08 Jun 2026 05:32:11 +0000
ROA not before:           Mon 08 Jun 2026 05:32:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151389
IP address blocks:        151.242.139.0/24 maxlen: 24
                          151.246.192.0/24 maxlen: 24
                          151.247.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:b7:93:59:78:7a:17:5e:2b:a7:41:c3:1f:81:e8:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  8 05:32:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f588e4750e95b2511ca0957229100720f8c1b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:56:73:7e:b8:47:61:f5:64:a9:8c:2d:99:b0:
                    b6:bf:31:a1:f4:68:10:0a:a4:08:a0:7f:5d:06:d2:
                    02:27:ef:53:3d:f8:03:ac:f4:03:f3:99:4f:a0:c1:
                    5b:20:8c:f0:eb:1f:9d:e6:86:4f:9e:8c:72:73:f1:
                    93:07:f0:3f:61:dd:cb:da:02:cd:c8:10:7c:fc:f5:
                    a5:23:b7:08:87:ef:ea:69:55:31:3e:96:50:7c:8c:
                    8e:37:0b:8b:d4:d4:f3:2a:34:72:84:c7:a4:b4:8e:
                    cf:49:7b:26:6d:f0:fa:fe:66:a0:f4:fd:c0:13:cd:
                    31:6b:42:c0:d8:11:47:0b:11:1f:f6:23:ff:da:b7:
                    42:a0:a3:38:0e:76:66:37:20:15:42:c4:eb:1c:c4:
                    3d:3c:20:94:0a:15:c0:e7:29:d6:fd:a0:60:57:b4:
                    e6:ca:e9:68:b4:91:cb:4c:8a:44:f2:04:9f:dd:36:
                    30:b5:7d:ed:f5:ba:5b:e8:b1:25:7a:d1:b1:19:c1:
                    90:aa:af:7e:4a:19:8e:65:ce:08:73:d9:18:0f:16:
                    68:de:ec:a4:c9:98:93:9d:8c:34:3b:7a:38:b2:a0:
                    d9:73:04:75:23:87:ec:6e:57:df:61:b7:e1:f9:b7:
                    7d:0d:a2:93:94:48:42:13:61:ad:0e:ab:0e:f7:fa:
                    89:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:58:8E:47:50:E9:5B:25:11:CA:09:57:22:91:00:72:0F:8C:1B:7D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/X1iOR1DpWyURyglXIpEAcg-MG30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.139.0/24
                  151.246.192.0/24
                  151.247.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:de:5b:2c:92:1a:1d:13:36:44:1c:31:59:09:63:59:8d:64:
         cc:ac:8e:bb:f2:6b:0b:8e:ec:3c:98:6c:4e:1d:18:17:b4:72:
         3c:7a:f1:cd:2a:16:66:a1:2e:da:5d:43:49:f5:6a:b6:fe:97:
         69:16:ce:47:00:58:9f:e0:8d:a9:a1:e7:0e:cc:8d:1e:07:85:
         2e:02:75:c3:fc:37:cc:ab:98:65:69:a7:f9:4b:ab:7a:91:fe:
         46:30:ee:00:1c:39:50:c8:49:88:b2:86:4b:e6:8d:23:45:18:
         49:43:b5:23:1e:32:09:d0:04:36:7c:e0:92:0c:29:33:bb:50:
         72:7f:af:f9:c3:3e:d3:cb:af:88:a2:51:68:c0:20:8c:14:db:
         d9:bd:66:11:e7:40:54:1e:82:98:f9:c2:ab:02:c2:ec:5b:71:
         a7:7c:0d:a5:7a:5a:9f:5a:89:cc:2f:da:af:0c:94:67:e6:38:
         4e:35:88:de:7f:89:58:01:72:fd:e7:ac:d0:99:4d:5c:22:e5:
         78:a3:e1:b8:16:12:8f:ab:44:b0:ac:02:5b:24:e8:88:62:9f:
         b2:eb:fb:aa:6c:ce:81:5b:88:5c:a7:66:dc:64:31:cb:af:a3:
         b9:df:d6:7a:33:da:cf:35:cb:ea:fe:38:06:49:c1:74:8d:12:
         41:3d:e5:3a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6lt5NZeHoXXiunQcMfgehqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA4MDUzMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjU4OGU0NzUwZTk1YjI1MTFjYTA5NTcyMjkxMDA3MjBmOGMxYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolZzfrhHYfVkqYwtmbC2vzGh9GgQ
CqQIoH9dBtICJ+9TPfgDrPQD85lPoMFbIIzw6x+d5oZPnoxyc/GTB/A/Yd3L2gLN
yBB8/PWlI7cIh+/qaVUxPpZQfIyONwuL1NTzKjRyhMektI7PSXsmbfD6/mag9P3A
E80xa0LA2BFHCxEf9iP/2rdCoKM4DnZmNyAVQsTrHMQ9PCCUChXA5ynW/aBgV7Tm
yulotJHLTIpE8gSf3TYwtX3t9bpb6LEletGxGcGQqq9+ShmOZc4Ic9kYDxZo3uyk
yZiTnYw0O3o4sqDZcwR1I4fsblffYbfh+bd9DaKTlEhCE2GtDqsO9/qJnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF9YjkdQ6VslEcoJVyKRAHIPjBt9MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWDFpT1IxRHBXeVVSeWdsWElwRUFjZy1NRzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/KLAwQA
l/bAAwQAl/cJMA0GCSqGSIb3DQEBCwUAA4IBAQBr3lsskhodEzZEHDFZCWNZjWTM
rI678msLjuw8mGxOHRgXtHI8evHNKhZmoS7aXUNJ9Wq2/pdpFs5HAFif4I2poecO
zI0eB4UuAnXD/DfMq5hlaaf5S6t6kf5GMO4AHDlQyEmIsoZL5o0jRRhJQ7UjHjIJ
0AQ2fOCSDCkzu1Byf6/5wz7Ty6+IolFowCCMFNvZvWYR50BUHoKY+cKrAsLsW3Gn
fA2lelqfWonML9qvDJRn5jhONYjef4lYAXL956zQmU1cIuV4o+G4FhKPq0SwrAJb
JOiIYp+y6/uqbM6BW4hcp2bcZDHLr6O539Z6M9rPNcvq/jgGScF0jRJBPeU6
-----END CERTIFICATE-----