Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/IMO4Z0xPWeL8nyKOOATkNhStons.roa
File:                     IMO4Z0xPWeL8nyKOOATkNhStons.roa (raw, json)
Hash identifier:          UD8x/qqHs6DSBcu2rrEC3eRwXka2qLQdJssexLqhAQI=
Subject key identifier:   20:C3:B8:67:4C:4F:59:E2:FC:9F:22:8E:38:04:E4:36:14:AD:A2:7B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019CAE121E84CCAACB2FC227FCCE1F065F01
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/IMO4Z0xPWeL8nyKOOATkNhStons.roa
Signing time:             Mon 02 Mar 2026 10:22:28 +0000
ROA not before:           Mon 02 Mar 2026 10:22:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        151.240.4.0/22 maxlen: 22
                          151.244.79.0/24 maxlen: 24
                          151.245.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 07:18:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:12:1e:84:cc:aa:cb:2f:c2:27:fc:ce:1f:06:5f:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar  2 10:22:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20c3b8674c4f59e2fc9f228e3804e43614ada27b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:59:c6:a2:38:92:a7:89:1c:a8:d3:76:b8:22:
                    ab:80:58:ea:56:28:ef:3a:8a:a3:26:6f:f6:ea:2c:
                    99:43:f1:1a:47:8a:e9:0d:bf:f9:e2:cc:d4:30:97:
                    63:48:72:56:d5:32:e6:98:f9:fc:40:a4:4f:88:b9:
                    b5:ff:98:64:0c:07:ae:7d:e9:0b:c1:4f:b7:af:09:
                    68:34:7e:19:66:39:bb:3a:4c:99:5f:5b:2e:25:6f:
                    c6:cf:ff:d4:5f:09:59:87:c6:4d:98:38:f5:75:3b:
                    3c:2e:ba:60:58:55:19:2e:c7:dc:cb:10:a4:0d:ed:
                    9b:81:7b:98:8f:ae:f3:70:62:22:4b:70:4f:e1:27:
                    0f:04:15:31:e6:02:cf:18:6c:d2:82:aa:25:24:94:
                    54:78:8a:2d:42:a0:56:5b:4c:33:6c:24:ad:57:35:
                    e4:82:a7:ba:cf:7d:ab:37:b2:77:b2:20:87:42:b1:
                    f6:af:83:81:f0:ea:e4:06:84:ec:4e:5e:ec:da:ca:
                    46:74:27:6d:9f:d1:88:bf:20:a5:89:b1:35:cc:38:
                    a7:8a:32:b1:8e:88:e8:2e:b2:dc:da:91:57:aa:93:
                    07:73:30:15:d2:1a:fc:cf:50:f2:c5:e3:78:e2:7a:
                    ee:50:65:9a:a6:5a:68:19:d6:8f:e4:0c:10:56:a0:
                    74:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C3:B8:67:4C:4F:59:E2:FC:9F:22:8E:38:04:E4:36:14:AD:A2:7B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/IMO4Z0xPWeL8nyKOOATkNhStons.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.4.0/22
                  151.244.79.0/24
                  151.245.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:0a:32:28:77:df:19:a1:0b:6c:f6:69:84:f3:94:bf:53:d2:
         a6:5d:e5:0b:7f:e5:76:83:dd:5e:db:e0:0f:0a:cd:54:11:96:
         7e:98:43:36:23:c9:12:f8:9d:7f:51:02:60:a4:98:dd:c8:08:
         28:f4:01:1e:12:67:a3:8e:9c:9d:e8:3c:e8:e8:6e:e8:a4:12:
         b3:04:c9:65:99:c6:dd:48:3d:35:e6:a7:5e:31:1f:cc:ae:b4:
         76:0d:28:4c:4b:24:dc:db:38:41:89:14:46:af:e4:e9:f6:8e:
         94:1a:88:1d:f8:1c:18:b1:1d:c5:c7:a6:f2:14:46:5f:8a:2a:
         d8:72:03:48:9f:a1:11:63:68:59:66:45:2b:36:c6:c3:8f:c8:
         71:7a:d8:39:58:c9:b5:9b:bd:8f:c7:f4:13:e9:f9:81:fe:d8:
         42:1a:32:55:90:a0:14:0d:eb:03:bf:4b:ea:bb:e3:43:bc:3d:
         e3:f6:45:02:34:8d:bc:d2:d4:19:fe:99:8e:5f:bc:ca:dc:a3:
         f0:28:33:bc:43:8f:76:3e:1f:f8:5b:42:54:b6:e7:67:e7:7d:
         33:27:6c:24:20:71:38:3a:f5:ec:bd:ca:8c:71:e0:9a:3d:a6:
         2e:e0:97:a1:12:13:3a:d1:2a:f2:15:dc:22:68:d3:9f:b6:e1:
         51:5f:fe:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyuEh6EzKrLL8In/M4fBl8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzAyMTAyMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGMzYjg2NzRjNGY1OWUyZmM5ZjIyOGUzODA0ZTQzNjE0YWRhMjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFnGojiSp4kcqNN2uCKrgFjqVijv
OoqjJm/26iyZQ/EaR4rpDb/54szUMJdjSHJW1TLmmPn8QKRPiLm1/5hkDAeufekL
wU+3rwloNH4ZZjm7OkyZX1suJW/Gz//UXwlZh8ZNmDj1dTs8LrpgWFUZLsfcyxCk
De2bgXuYj67zcGIiS3BP4ScPBBUx5gLPGGzSgqolJJRUeIotQqBWW0wzbCStVzXk
gqe6z32rN7J3siCHQrH2r4OB8OrkBoTsTl7s2spGdCdtn9GIvyClibE1zDinijKx
jojoLrLc2pFXqpMHczAV0hr8z1DyxeN44nruUGWaplpoGdaP5AwQVqB0LwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCDDuGdMT1ni/J8ijjgE5DYUraJ7MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSU1PNFoweFBXZUw4bnlLT09BVGtOaFN0b25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCl/AEAwQA
l/RPAwQAl/VNMA0GCSqGSIb3DQEBCwUAA4IBAQALCjIod98ZoQts9mmE85S/U9Km
XeULf+V2g91e2+APCs1UEZZ+mEM2I8kS+J1/UQJgpJjdyAgo9AEeEmejjpyd6Dzo
6G7opBKzBMllmcbdSD015qdeMR/MrrR2DShMSyTc2zhBiRRGr+Tp9o6UGogd+BwY
sR3Fx6byFEZfiirYcgNIn6ERY2hZZkUrNsbDj8hxetg5WMm1m72Px/QT6fmB/thC
GjJVkKAUDesDv0vqu+NDvD3j9kUCNI280tQZ/pmOX7zK3KPwKDO8Q492Ph/4W0JU
tudn530zJ2wkIHE4OvXsvcqMceCaPaYu4JehEhM60SryFdwiaNOftuFRX/7E
-----END CERTIFICATE-----