Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6fiNDvWesLKXogyIDDmWpByXwE4.roa
File:                     6fiNDvWesLKXogyIDDmWpByXwE4.roa (raw, json)
Hash identifier:          nhK8huqJgfQI7CD67sM/SL7iehscw2pjjiiE7YiCtfU=
Subject key identifier:   E9:F8:8D:0E:F5:9E:B0:B2:97:A2:0C:88:0C:39:96:A4:1C:97:C0:4E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D6E7D09E772A2EAF4C325591E507FDBA1
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6fiNDvWesLKXogyIDDmWpByXwE4.roa
Signing time:             Wed 08 Apr 2026 19:06:21 +0000
ROA not before:           Wed 08 Apr 2026 19:06:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214916
IP address blocks:        151.243.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 Apr 2026 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6e:7d:09:e7:72:a2:ea:f4:c3:25:59:1e:50:7f:db:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr  8 19:06:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9f88d0ef59eb0b297a20c880c3996a41c97c04e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3c:63:78:19:eb:da:9a:cd:dd:d6:28:8d:d1:
                    c8:0b:a7:a0:69:6b:db:9c:31:d2:8b:38:38:43:70:
                    29:7c:10:0f:12:dc:7e:71:22:8f:23:bb:7a:95:16:
                    d7:3b:39:70:bb:bf:c8:bf:d3:f3:3a:b5:e3:c6:f9:
                    11:4e:fb:9f:d2:31:fb:12:a3:5f:da:0b:47:22:e6:
                    66:cd:89:0d:a8:f1:ff:8f:e6:ed:4c:34:e2:35:47:
                    26:21:56:52:d2:fe:1c:21:11:a4:f5:b5:ee:77:57:
                    af:1f:6e:bb:fc:12:b7:c5:a5:08:38:ec:a5:b5:0b:
                    38:96:7d:5b:95:f2:39:fd:3e:62:b0:01:b2:e6:4a:
                    8e:96:ce:b2:1a:dd:cc:10:e1:be:db:5a:64:46:96:
                    ad:5e:18:dd:f5:ca:93:c0:90:d5:4f:57:31:f7:68:
                    ab:44:c5:b4:33:51:e4:24:bd:5f:ca:a6:98:14:d5:
                    da:61:e7:28:9a:96:aa:89:a5:85:07:09:c2:6b:ec:
                    e1:63:a0:d4:a7:c3:45:30:11:f5:aa:1b:fc:c1:d7:
                    40:1b:54:26:f0:4a:ea:4a:0e:d1:c8:2f:e0:fa:46:
                    6a:69:19:28:d4:db:31:b3:6a:9c:7b:34:a3:8e:f6:
                    35:26:1b:27:ae:a7:41:e6:1a:42:b0:51:ea:27:d4:
                    24:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F8:8D:0E:F5:9E:B0:B2:97:A2:0C:88:0C:39:96:A4:1C:97:C0:4E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/6fiNDvWesLKXogyIDDmWpByXwE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:04:2e:f4:49:b4:2c:86:b5:2f:2a:e0:45:6c:e3:ff:7c:02:
         84:58:54:db:ad:05:6a:03:40:a3:3b:ab:2b:81:14:67:c6:08:
         b7:32:9b:6f:ab:56:52:a6:56:02:cc:e3:e9:17:f6:b3:88:ce:
         72:4e:a5:71:32:5f:fa:dc:68:06:35:f1:8a:b7:02:cf:90:d6:
         d4:b4:e1:22:ea:e3:71:0e:09:46:12:bd:c1:c6:6b:d6:16:5a:
         57:c5:82:e0:1f:ea:fd:6d:80:a1:b2:05:5f:3d:19:a4:7a:67:
         11:6f:d2:a9:48:f7:40:92:00:c2:c9:90:50:26:27:a5:54:e9:
         8d:bd:48:a9:d3:58:7c:6e:d4:09:1f:4d:42:23:49:2a:9f:d0:
         92:62:a3:e2:06:a1:83:99:c6:87:9b:19:1c:7e:72:19:d3:4f:
         5e:04:6c:be:d5:47:92:49:2f:ce:bc:8a:ee:97:09:4d:0e:75:
         9c:8f:95:bd:47:2b:ef:6b:87:79:22:63:a0:6a:d5:43:b3:4a:
         d2:39:68:78:22:3e:6f:5c:cf:07:4c:44:a4:52:36:5f:22:2d:
         bc:55:b6:66:f8:91:3c:30:60:6f:96:35:2e:8a:9b:1c:0d:35:
         1a:b7:66:88:1d:63:f1:d4:03:a6:16:ae:53:a1:1d:91:6c:2b:
         4c:0b:ea:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ufQnncqLq9MMlWR5Qf9uhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDA4MTkwNjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWY4OGQwZWY1OWViMGIyOTdhMjBjODgwYzM5OTZhNDFjOTdjMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TxjeBnr2prN3dYojdHIC6egaWvb
nDHSizg4Q3ApfBAPEtx+cSKPI7t6lRbXOzlwu7/Iv9PzOrXjxvkRTvuf0jH7EqNf
2gtHIuZmzYkNqPH/j+btTDTiNUcmIVZS0v4cIRGk9bXud1evH267/BK3xaUIOOyl
tQs4ln1blfI5/T5isAGy5kqOls6yGt3MEOG+21pkRpatXhjd9cqTwJDVT1cx92ir
RMW0M1HkJL1fyqaYFNXaYecompaqiaWFBwnCa+zhY6DUp8NFMBH1qhv8wddAG1Qm
8ErqSg7RyC/g+kZqaRko1Nsxs2qcezSjjvY1JhsnrqdB5hpCsFHqJ9QkSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn4jQ71nrCyl6IMiAw5lqQcl8BOMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNmZpTkR2V2VzTEtYb2d5SUREbVdwQnlYd0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/O9MA0G
CSqGSIb3DQEBCwUAA4IBAQAPBC70SbQshrUvKuBFbOP/fAKEWFTbrQVqA0CjO6sr
gRRnxgi3Mptvq1ZSplYCzOPpF/aziM5yTqVxMl/63GgGNfGKtwLPkNbUtOEi6uNx
DglGEr3BxmvWFlpXxYLgH+r9bYChsgVfPRmkemcRb9KpSPdAkgDCyZBQJielVOmN
vUip01h8btQJH01CI0kqn9CSYqPiBqGDmcaHmxkcfnIZ009eBGy+1UeSSS/OvIru
lwlNDnWcj5W9Ryvva4d5ImOgatVDs0rSOWh4Ij5vXM8HTESkUjZfIi28VbZm+JE8
MGBvljUuipscDTUat2aIHWPx1AOmFq5ToR2RbCtMC+rL
-----END CERTIFICATE-----