Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CiC1R99KckIItq4oDpusOQwMvi0.roa
File:                     CiC1R99KckIItq4oDpusOQwMvi0.roa (raw, json)
Hash identifier:          kPm7Cj8wrYcaUdV8ovADKWIGJyDF0Y2wNTB3hy46HqY=
Subject key identifier:   0A:20:B5:47:DF:4A:72:42:08:B6:AE:28:0E:9B:AC:39:0C:0C:BE:2D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019F2816B933C6C308D3ACD490C23056F10F
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CiC1R99KckIItq4oDpusOQwMvi0.roa
Signing time:             Fri 03 Jul 2026 13:06:45 +0000
ROA not before:           Fri 03 Jul 2026 13:06:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219393
IP address blocks:        151.242.29.0/24 maxlen: 24
                          151.242.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:28:16:b9:33:c6:c3:08:d3:ac:d4:90:c2:30:56:f1:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  3 13:06:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a20b547df4a724208b6ae280e9bac390c0cbe2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:60:56:bf:ee:5f:f3:b5:92:d9:13:4e:79:88:
                    9c:86:55:e3:1e:92:bc:32:f6:db:a2:cf:5b:b8:0a:
                    e2:e7:40:5f:8b:75:b1:f9:bc:34:c6:fa:68:ce:5b:
                    dc:eb:0f:58:47:6c:1b:5a:99:b2:3f:ed:e5:ef:68:
                    ac:67:60:66:9a:cf:f9:66:6c:f9:f2:f9:7c:49:5e:
                    e7:25:fa:d2:a7:f8:a6:f8:fa:1d:36:ad:80:62:d9:
                    ac:f2:08:1c:ad:38:a6:31:d8:d0:e8:be:57:d9:6e:
                    d1:a9:a1:fe:95:08:5f:79:d1:b0:8c:ec:d9:00:0e:
                    6f:64:a2:b4:9d:7d:6d:69:64:67:04:79:56:ca:c3:
                    ba:ec:46:94:bf:0f:60:3a:01:17:d0:6f:35:a5:e3:
                    15:56:87:4b:11:75:44:00:cb:4f:d0:4c:bb:2d:a4:
                    2e:e0:08:6a:0b:2d:c8:15:58:c3:7b:21:0e:4a:a6:
                    68:84:81:a7:25:c5:2d:75:03:b4:9a:59:11:f4:e1:
                    86:7b:b1:53:41:65:99:40:56:bd:e3:c9:62:73:fa:
                    1e:47:48:ac:7b:4e:7d:ac:0f:b7:a8:58:e7:ea:e0:
                    26:2d:9c:5a:6c:eb:ec:0d:3f:ff:47:51:77:db:06:
                    01:dc:a3:c9:17:c3:67:d5:ec:18:bd:7d:96:ab:14:
                    2b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:20:B5:47:DF:4A:72:42:08:B6:AE:28:0E:9B:AC:39:0C:0C:BE:2D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CiC1R99KckIItq4oDpusOQwMvi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.29.0/24
                  151.242.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:7f:e9:9c:42:df:c3:73:5b:d6:39:e2:22:28:e4:73:cd:c6:
         d6:b0:8d:34:41:98:60:8d:60:f3:3c:d9:25:c7:84:7d:f4:93:
         e9:42:a1:69:6c:f9:4e:ce:a0:10:cf:a8:59:fd:bb:a9:bb:b5:
         bb:b6:c1:8f:41:55:c9:b4:ca:36:58:b4:4b:76:22:28:e2:3c:
         79:19:f6:e9:fd:30:4a:1d:3c:1b:52:ae:7b:0d:88:05:9f:5b:
         10:64:59:7e:6b:e7:f0:4a:f9:70:c4:e3:f0:bd:c2:00:51:52:
         1b:b5:f8:79:ea:67:b6:78:eb:d4:1d:43:af:83:6b:bf:2f:68:
         b4:53:a8:ba:8f:4e:f6:eb:4e:fc:78:02:85:d6:b7:81:01:8c:
         67:62:7e:ec:01:6a:06:db:ee:a1:f2:0d:f9:3d:48:f0:98:f4:
         ad:2b:33:c4:06:44:ac:bc:6b:40:86:d0:35:0f:19:8f:c2:62:
         1c:7d:f7:36:0e:6e:42:a8:08:dd:97:d7:c0:65:e8:69:7b:50:
         f4:df:76:ce:eb:28:b3:1b:f3:14:87:2b:d1:77:d9:06:a3:76:
         fa:4b:96:51:be:33:75:4a:d7:f1:b1:34:96:b5:36:01:88:4e:
         9e:f8:7c:22:e6:09:5e:c0:22:85:b1:2b:14:0a:ec:89:56:d8:
         57:16:f3:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8oFrkzxsMI06zUkMIwVvEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNzAzMTMwNjQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIwYjU0N2RmNGE3MjQyMDhiNmFlMjgwZTliYWMzOTBjMGNiZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmBWv+5f87WS2RNOeYichlXjHpK8
Mvbbos9buAri50Bfi3Wx+bw0xvpozlvc6w9YR2wbWpmyP+3l72isZ2Bmms/5Zmz5
8vl8SV7nJfrSp/im+PodNq2AYtms8ggcrTimMdjQ6L5X2W7RqaH+lQhfedGwjOzZ
AA5vZKK0nX1taWRnBHlWysO67EaUvw9gOgEX0G81peMVVodLEXVEAMtP0Ey7LaQu
4AhqCy3IFVjDeyEOSqZohIGnJcUtdQO0mlkR9OGGe7FTQWWZQFa948lic/oeR0is
e059rA+3qFjn6uAmLZxabOvsDT//R1F32wYB3KPJF8Nn1ewYvX2WqxQrzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAogtUffSnJCCLauKA6brDkMDL4tMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQ2lDMVI5OUtja0lJdHE0b0RwdXNPUXdNdmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/IdAwQA
l/IsMA0GCSqGSIb3DQEBCwUAA4IBAQA/f+mcQt/Dc1vWOeIiKORzzcbWsI00QZhg
jWDzPNklx4R99JPpQqFpbPlOzqAQz6hZ/bupu7W7tsGPQVXJtMo2WLRLdiIo4jx5
Gfbp/TBKHTwbUq57DYgFn1sQZFl+a+fwSvlwxOPwvcIAUVIbtfh56me2eOvUHUOv
g2u/L2i0U6i6j0726078eAKF1reBAYxnYn7sAWoG2+6h8g35PUjwmPStKzPEBkSs
vGtAhtA1DxmPwmIcffc2Dm5CqAjdl9fAZehpe1D033bO6yizG/MUhyvRd9kGo3b6
S5ZRvjN1StfxsTSWtTYBiE6e+Hwi5glewCKFsSsUCuyJVthXFvMj
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:58:11 2026 by rpki-client