Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3pRJ0_et1ovsHp-81sKwlS7Uhl0.roa
File:                     3pRJ0_et1ovsHp-81sKwlS7Uhl0.roa (raw, json)
Hash identifier:          mtBmcoQnd4SGAQeeqn66ZVTua/1gt5o8fX6/ElU9yLk=
Subject key identifier:   DE:94:49:D3:F7:AD:D6:8B:EC:1E:9F:BC:D6:C2:B0:95:2E:D4:86:5D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E8E650F5AC795F4F924A570E5D414FAAF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3pRJ0_et1ovsHp-81sKwlS7Uhl0.roa
Signing time:             Wed 03 Jun 2026 16:50:48 +0000
ROA not before:           Wed 03 Jun 2026 16:50:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197200
IP address blocks:        151.246.164.0/24 maxlen: 24
                          151.246.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:65:0f:5a:c7:95:f4:f9:24:a5:70:e5:d4:14:fa:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  3 16:50:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de9449d3f7add68bec1e9fbcd6c2b0952ed4865d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:91:d8:48:05:5a:7a:58:a6:59:64:6c:7f:c1:
                    78:0c:f5:a3:83:52:46:55:c0:40:c6:cc:f9:f4:a4:
                    20:6e:b6:cd:a2:79:d3:c7:c4:60:e7:22:1d:d8:6e:
                    8b:31:9d:23:13:2b:05:3f:f3:02:bd:53:d9:e8:49:
                    5d:47:e3:ac:a3:db:db:10:2f:44:40:ff:ff:e3:48:
                    0c:29:1a:b7:c1:ab:7b:4e:91:ac:fc:4a:83:12:54:
                    e7:2e:12:72:b3:3e:03:7c:7b:4a:05:df:d1:64:b8:
                    38:6c:c7:b9:1e:7f:a5:41:c3:1b:66:f0:d1:50:b7:
                    dc:87:77:80:d4:54:e4:a6:60:19:37:37:1a:f4:6f:
                    41:27:52:07:71:ed:bf:04:55:67:10:42:b2:5e:6a:
                    9d:67:fc:aa:c7:4d:ac:af:a8:c6:1e:9e:70:35:85:
                    15:c5:5c:41:1b:ef:8e:d4:c2:41:66:fb:1b:03:25:
                    aa:1d:12:fc:66:c9:8a:52:e0:8d:50:d5:1c:77:ee:
                    7c:36:c1:fd:95:19:95:16:99:e8:b5:72:35:26:27:
                    29:f8:81:62:a5:67:5b:2d:4f:c0:8d:cc:2d:cb:f2:
                    19:3f:23:88:07:be:08:87:a4:07:d2:46:a5:98:7d:
                    10:6a:10:12:b1:1a:f4:ad:dd:b7:53:54:c1:5e:f8:
                    ef:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:94:49:D3:F7:AD:D6:8B:EC:1E:9F:BC:D6:C2:B0:95:2E:D4:86:5D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3pRJ0_et1ovsHp-81sKwlS7Uhl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.164.0/24
                  151.246.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:24:88:ae:3e:0b:84:38:32:93:25:46:54:59:61:0e:89:64:
         e3:3b:da:94:ea:d3:a2:93:f5:87:42:a6:32:90:b9:c2:93:6e:
         1f:13:80:6c:d3:0d:ce:74:fc:ca:07:bb:dd:47:97:f7:11:8e:
         b9:15:02:79:c3:c0:cb:0e:3a:fc:24:e7:f0:2e:a9:75:54:f1:
         51:08:7a:ba:54:52:2b:b8:1f:a4:ba:8d:7e:bf:c0:93:c5:28:
         28:bf:56:b4:bb:9d:32:54:0b:c7:6f:e6:3e:f2:a9:bf:6b:73:
         60:c3:3b:01:1d:67:31:8f:ba:cb:23:ca:51:cf:54:50:a8:a5:
         49:bb:4b:54:a7:bc:e6:f9:b4:e7:a5:1e:cd:54:2b:bf:a5:36:
         eb:b0:03:d7:a6:fd:96:13:2d:bf:24:a5:90:09:34:21:3c:02:
         e2:f9:b8:04:58:f0:41:cc:bf:70:1c:06:a8:f7:6a:4c:10:6c:
         0e:b3:05:ed:59:b7:6b:f9:0f:41:79:fb:90:59:a1:23:f9:76:
         f2:c7:3b:13:8c:a5:75:9c:8e:58:6c:8d:44:25:97:44:dc:81:
         03:9d:15:9c:d1:e9:07:59:c0:1a:7d:ff:b6:02:21:98:ad:d2:
         25:04:f0:60:33:c2:36:af:52:15:77:7c:4a:9d:99:76:e2:9a:
         2e:0d:e8:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6OZQ9ax5X0+SSlcOXUFPqvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjAzMTY1MDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTk0NDlkM2Y3YWRkNjhiZWMxZTlmYmNkNmMyYjA5NTJlZDQ4NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZHYSAVaelimWWRsf8F4DPWjg1JG
VcBAxsz59KQgbrbNonnTx8Rg5yId2G6LMZ0jEysFP/MCvVPZ6EldR+Oso9vbEC9E
QP//40gMKRq3wat7TpGs/EqDElTnLhJysz4DfHtKBd/RZLg4bMe5Hn+lQcMbZvDR
ULfch3eA1FTkpmAZNzca9G9BJ1IHce2/BFVnEEKyXmqdZ/yqx02sr6jGHp5wNYUV
xVxBG++O1MJBZvsbAyWqHRL8ZsmKUuCNUNUcd+58NsH9lRmVFpnotXI1Jicp+IFi
pWdbLU/Ajcwty/IZPyOIB74Ih6QH0kalmH0QahASsRr0rd23U1TBXvjvAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN6USdP3rdaL7B6fvNbCsJUu1IZdMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvM3BSSjBfZXQxb3ZzSHAtODFzS3dsUzdVaGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/akAwQA
l/b8MA0GCSqGSIb3DQEBCwUAA4IBAQCMJIiuPguEODKTJUZUWWEOiWTjO9qU6tOi
k/WHQqYykLnCk24fE4Bs0w3OdPzKB7vdR5f3EY65FQJ5w8DLDjr8JOfwLql1VPFR
CHq6VFIruB+kuo1+v8CTxSgov1a0u50yVAvHb+Y+8qm/a3NgwzsBHWcxj7rLI8pR
z1RQqKVJu0tUp7zm+bTnpR7NVCu/pTbrsAPXpv2WEy2/JKWQCTQhPALi+bgEWPBB
zL9wHAao92pMEGwOswXtWbdr+Q9BefuQWaEj+XbyxzsTjKV1nI5YbI1EJZdE3IED
nRWc0ekHWcAaff+2AiGYrdIlBPBgM8I2r1IVd3xKnZl24pouDeh7
-----END CERTIFICATE-----