Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OROHi8VHYOIIlFlRQ6h5m1mVjy8.roa
File:                     OROHi8VHYOIIlFlRQ6h5m1mVjy8.roa (raw, json)
Hash identifier:          ouPVfCts1gyyHIQI3v6LfqAwN8FhOvEi9ITdAXiFoyQ=
Subject key identifier:   39:13:87:8B:C5:47:60:E2:08:94:59:51:43:A8:79:9B:59:95:8F:2F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E73B3451660AFBB2D788E9399F2C549EC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OROHi8VHYOIIlFlRQ6h5m1mVjy8.roa
Signing time:             Fri 29 May 2026 12:26:28 +0000
ROA not before:           Fri 29 May 2026 12:26:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198427
IP address blocks:        151.242.101.0/24 maxlen: 24
                          151.242.105.0/24 maxlen: 24
                          151.247.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:b3:45:16:60:af:bb:2d:78:8e:93:99:f2:c5:49:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 29 12:26:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3913878bc54760e20894595143a8799b59958f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dd:fc:6b:42:f0:b7:d5:c7:7e:b4:40:2f:2a:
                    16:a8:f3:0e:d0:b4:84:99:57:02:31:c0:81:b1:b4:
                    43:1f:9c:07:36:bd:94:2f:1b:25:4a:74:2e:95:48:
                    4f:1d:1b:b8:53:29:10:6e:a9:2d:2c:58:01:ca:9f:
                    c3:f7:03:a8:5c:90:22:88:36:f4:d3:f7:4f:2b:c4:
                    d0:ab:ff:72:3a:19:6f:0d:89:6e:63:3a:c4:c8:e1:
                    7d:bb:c0:e8:b0:42:3f:0b:fb:6e:0a:cb:a7:8b:c8:
                    b2:fd:61:81:d1:fd:fe:6e:84:9f:33:00:80:e2:2d:
                    32:21:90:f7:90:4e:9a:9b:2f:b5:a1:2d:84:42:9d:
                    c0:b1:27:08:0c:e7:16:a2:a5:25:17:50:ba:fc:aa:
                    4e:15:15:78:6f:48:8b:13:69:42:f6:0a:53:65:56:
                    55:b9:9d:60:27:b8:00:bb:4b:51:ef:1a:c6:38:b6:
                    75:35:e4:83:f5:a6:77:19:ff:a4:f0:b2:85:70:9d:
                    82:a4:c1:06:f7:f4:a8:e1:04:71:ea:c5:98:a8:98:
                    9c:91:e9:a1:66:6d:eb:59:a0:14:df:b8:91:d8:e3:
                    f6:8f:4e:ab:6a:ce:8c:3d:73:bd:92:d0:51:10:4c:
                    08:f6:8c:32:ea:f7:58:ad:53:cb:69:0d:63:98:71:
                    c6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:13:87:8B:C5:47:60:E2:08:94:59:51:43:A8:79:9B:59:95:8F:2F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OROHi8VHYOIIlFlRQ6h5m1mVjy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.101.0/24
                  151.242.105.0/24
                  151.247.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:a8:a4:1a:57:c4:c9:f5:5c:4b:00:7b:40:68:a5:70:b6:54:
         de:6a:67:ad:7d:e6:aa:a0:68:78:8e:f5:b3:d3:ea:36:1a:5b:
         7c:60:1f:dd:d9:79:7a:9f:a4:22:80:26:a8:30:b2:5e:e5:d3:
         ac:fe:8e:b8:ee:4a:33:a5:24:d7:77:0f:86:a1:fd:12:71:5c:
         19:ab:5b:7f:0a:26:62:05:6b:dd:a7:aa:05:01:d0:4c:cf:45:
         6e:20:7d:47:8f:e5:b2:e1:3d:85:d7:f7:bf:76:31:7b:2a:65:
         41:57:91:9a:49:2d:4b:51:64:f1:47:d7:56:21:9d:ee:68:91:
         c9:1d:c2:84:91:0c:95:ab:5a:49:c6:f8:f7:ef:5c:de:4a:cd:
         31:3f:9f:08:8f:af:8b:05:b0:1b:5c:84:30:fe:69:fd:6c:b5:
         23:26:29:7f:56:10:e7:41:7d:29:84:b0:84:ec:e1:3d:68:e3:
         7e:d8:80:c1:96:fe:5e:3c:2a:36:4d:b4:5c:d3:97:ea:a8:25:
         38:b0:dd:62:0e:72:ac:7b:3b:34:33:2b:52:4e:5f:83:8b:02:
         4a:22:c2:b0:be:03:76:b1:26:dd:6a:d9:be:b4:61:06:08:29:
         5b:b6:a8:2b:d7:db:85:1f:d6:b9:6a:d6:99:82:cb:ec:bb:8d:
         b5:2c:71:bb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5zs0UWYK+7LXiOk5nyxUnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTI5MTIyNjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTEzODc4YmM1NDc2MGUyMDg5NDU5NTE0M2E4Nzk5YjU5OTU4ZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv938a0Lwt9XHfrRALyoWqPMO0LSE
mVcCMcCBsbRDH5wHNr2ULxslSnQulUhPHRu4UykQbqktLFgByp/D9wOoXJAiiDb0
0/dPK8TQq/9yOhlvDYluYzrEyOF9u8DosEI/C/tuCsuni8iy/WGB0f3+boSfMwCA
4i0yIZD3kE6amy+1oS2EQp3AsScIDOcWoqUlF1C6/KpOFRV4b0iLE2lC9gpTZVZV
uZ1gJ7gAu0tR7xrGOLZ1NeSD9aZ3Gf+k8LKFcJ2CpMEG9/So4QRx6sWYqJickemh
Zm3rWaAU37iR2OP2j06ras6MPXO9ktBREEwI9owy6vdYrVPLaQ1jmHHGWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDkTh4vFR2DiCJRZUUOoeZtZlY8vMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvT1JPSGk4VkhZT0lJbEZsUlE2aDVtMW1Wank4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/JlAwQA
l/JpAwQAl/fhMA0GCSqGSIb3DQEBCwUAA4IBAQBjqKQaV8TJ9VxLAHtAaKVwtlTe
ametfeaqoGh4jvWz0+o2Glt8YB/d2Xl6n6QigCaoMLJe5dOs/o647kozpSTXdw+G
of0ScVwZq1t/CiZiBWvdp6oFAdBMz0VuIH1Hj+Wy4T2F1/e/djF7KmVBV5GaSS1L
UWTxR9dWIZ3uaJHJHcKEkQyVq1pJxvj371zeSs0xP58Ij6+LBbAbXIQw/mn9bLUj
Jil/VhDnQX0phLCE7OE9aON+2IDBlv5ePCo2TbRc05fqqCU4sN1iDnKsezs0MytS
Tl+DiwJKIsKwvgN2sSbdatm+tGEGCClbtqgr19uFH9a5ataZgsvsu421LHG7
-----END CERTIFICATE-----