Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/co8jFsnMYmE4mDvx_-GMGyzmQYo.roa
File:                     co8jFsnMYmE4mDvx_-GMGyzmQYo.roa (raw, json)
Hash identifier:          UK8w7EJ2BiDMMBX6ZrbODQs91M2V9ck61K3VtxOx+2M=
Subject key identifier:   72:8F:23:16:C9:CC:62:61:38:98:3B:F1:FF:E1:8C:1B:2C:E6:41:8A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D8290CF62B13DD1DCF6EAF9A8834C1D4D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/co8jFsnMYmE4mDvx_-GMGyzmQYo.roa
Signing time:             Sun 12 Apr 2026 16:40:21 +0000
ROA not before:           Sun 12 Apr 2026 16:40:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136557
IP address blocks:        151.242.170.0/24 maxlen: 24
                          151.246.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:82:90:cf:62:b1:3d:d1:dc:f6:ea:f9:a8:83:4c:1d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 12 16:40:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=728f2316c9cc626138983bf1ffe18c1b2ce6418a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:04:d7:fb:08:78:41:d7:ec:70:5e:0a:c0:74:
                    d3:ce:b6:6b:b3:ff:21:d7:82:ba:1d:38:f6:b5:ac:
                    46:89:4b:f2:b1:67:d9:5b:2a:8e:d3:6f:f7:c7:1b:
                    2d:e1:37:c8:59:ab:0b:10:c5:a9:2c:1f:99:c9:53:
                    81:84:ba:0e:a3:d4:a5:13:ff:41:71:09:ad:3f:9b:
                    ba:8f:7f:c1:c3:b6:c6:18:78:ad:3c:35:1e:70:50:
                    45:3e:4e:81:eb:cc:1b:f9:93:dd:0a:87:eb:f4:4f:
                    20:f7:01:44:18:d5:89:eb:3a:7f:a8:dc:5d:ec:e0:
                    64:f6:eb:61:8c:02:72:30:7e:3f:8f:bc:ea:a6:89:
                    8b:31:17:0b:94:1a:ca:f9:66:97:a1:ba:5f:57:de:
                    2b:28:e2:f0:e7:07:75:26:c1:43:53:cd:8d:f7:12:
                    65:03:0e:98:55:90:85:8a:7a:bc:44:2f:3b:20:5a:
                    55:b6:8e:6f:4f:5b:44:2f:ef:e5:29:a7:b4:6c:74:
                    40:30:50:28:2a:14:fb:ce:ea:a2:33:15:f6:c0:b7:
                    f2:fe:97:ad:6c:0b:96:a7:2a:28:ad:ab:d8:1b:34:
                    de:da:f8:ad:fb:94:8d:75:61:a3:85:c9:59:cd:1c:
                    fa:69:38:d7:2c:a7:68:e1:7e:fb:e0:22:7f:7d:65:
                    94:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:8F:23:16:C9:CC:62:61:38:98:3B:F1:FF:E1:8C:1B:2C:E6:41:8A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/co8jFsnMYmE4mDvx_-GMGyzmQYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.170.0/24
                  151.246.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:ee:b5:a8:d0:d7:0c:ba:c9:44:52:b6:02:b1:5e:18:a7:03:
         8c:f4:60:8c:33:a3:57:29:8e:b9:38:54:5f:f7:a9:20:d5:fd:
         78:3f:4a:df:c9:da:e4:64:39:79:a7:95:fd:0b:ad:14:62:75:
         a3:39:cd:c0:d7:05:88:76:0e:ce:34:2e:12:40:e2:b9:86:47:
         15:1e:21:4d:00:54:fa:83:0f:38:15:54:de:6b:10:8c:cd:a2:
         8c:b8:6e:46:55:23:b3:da:11:32:a2:b1:57:d2:94:32:c5:35:
         6a:05:57:5d:8f:9c:a8:eb:b4:96:5f:82:4b:6e:78:a2:aa:43:
         d1:e6:3e:43:6a:00:86:85:c6:d9:4c:12:ae:00:29:80:4c:79:
         6b:f0:38:c5:bd:b5:0c:64:76:36:75:b9:60:95:d8:3e:a3:70:
         6f:c5:83:81:65:ef:18:f9:0f:0e:16:50:49:6b:67:ab:b8:0d:
         ed:1b:cf:86:ec:33:29:d1:74:c9:61:62:37:18:fc:51:b9:1b:
         6b:91:2f:d4:e1:86:75:e3:ed:52:af:b7:09:ad:99:32:13:f2:
         e5:9a:cc:91:b9:39:fb:dc:2b:7c:26:e7:63:58:38:96:a8:2f:
         55:7a:b9:ae:80:a6:f9:b7:33:fb:69:0c:22:36:eb:3a:34:ac:
         ad:2a:72:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2CkM9isT3R3Pbq+aiDTB1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDEyMTY0MDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjhmMjMxNmM5Y2M2MjYxMzg5ODNiZjFmZmUxOGMxYjJjZTY0MThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gTX+wh4QdfscF4KwHTTzrZrs/8h
14K6HTj2taxGiUvysWfZWyqO02/3xxst4TfIWasLEMWpLB+ZyVOBhLoOo9SlE/9B
cQmtP5u6j3/Bw7bGGHitPDUecFBFPk6B68wb+ZPdCofr9E8g9wFEGNWJ6zp/qNxd
7OBk9uthjAJyMH4/j7zqpomLMRcLlBrK+WaXobpfV94rKOLw5wd1JsFDU82N9xJl
Aw6YVZCFinq8RC87IFpVto5vT1tEL+/lKae0bHRAMFAoKhT7zuqiMxX2wLfy/pet
bAuWpyooravYGzTe2vit+5SNdWGjhclZzRz6aTjXLKdo4X774CJ/fWWULwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHKPIxbJzGJhOJg78f/hjBss5kGKMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvY284akZzbk1ZbUU0bUR2eF8tR01HeXptUVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/KqAwQA
l/aoMA0GCSqGSIb3DQEBCwUAA4IBAQBQ7rWo0NcMuslEUrYCsV4YpwOM9GCMM6NX
KY65OFRf96kg1f14P0rfydrkZDl5p5X9C60UYnWjOc3A1wWIdg7ONC4SQOK5hkcV
HiFNAFT6gw84FVTeaxCMzaKMuG5GVSOz2hEyorFX0pQyxTVqBVddj5yo67SWX4JL
bniiqkPR5j5DagCGhcbZTBKuACmATHlr8DjFvbUMZHY2dblgldg+o3BvxYOBZe8Y
+Q8OFlBJa2eruA3tG8+G7DMp0XTJYWI3GPxRuRtrkS/U4YZ14+1Sr7cJrZkyE/Ll
msyRuTn73Ct8JudjWDiWqC9VermugKb5tzP7aQwiNus6NKytKnIV
-----END CERTIFICATE-----