Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/P0MxPnqcFg2lardzQxFswHZnHzA.roa
File:                     P0MxPnqcFg2lardzQxFswHZnHzA.roa (raw, json)
Hash identifier:          LyArxY98EJ1hUTx16+nrd4NoYXH9yK7Kf5+PlxrGojY=
Subject key identifier:   3F:43:31:3E:7A:9C:16:0D:A5:6A:B7:73:43:11:6C:C0:76:67:1F:30
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EA87EEF436B04517523F524A00D43684D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/P0MxPnqcFg2lardzQxFswHZnHzA.roa
Signing time:             Mon 08 Jun 2026 18:29:11 +0000
ROA not before:           Mon 08 Jun 2026 18:29:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39690
IP address blocks:        151.244.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 18:31:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:7e:ef:43:6b:04:51:75:23:f5:24:a0:0d:43:68:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  8 18:29:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f43313e7a9c160da56ab77343116cc076671f30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ef:15:af:fa:ec:97:8d:66:93:f9:06:b6:55:
                    fa:bd:e9:59:eb:8a:8e:70:38:1b:59:0d:19:84:59:
                    22:3f:d5:fd:26:63:43:f5:04:7c:22:02:9a:a7:06:
                    b9:6a:a9:7d:6b:25:c1:a0:0f:b4:74:e9:3d:55:0d:
                    a2:d7:e8:9e:ab:dd:82:a9:61:21:22:46:c7:0d:13:
                    8e:12:2b:37:76:98:3b:34:18:cd:6b:b7:72:c6:94:
                    9f:8e:1d:dc:15:67:9c:c6:90:77:59:95:0e:01:ad:
                    ae:6d:60:bf:6c:25:f8:b6:35:65:32:d4:cf:16:d1:
                    09:10:b9:44:12:4a:46:80:5d:44:3f:b1:a0:7c:13:
                    62:ad:cb:a8:38:19:d8:9e:bb:ec:12:27:7e:67:a6:
                    ff:6b:fd:1f:f1:75:50:84:4d:0a:5d:53:1c:18:61:
                    7e:58:63:28:b3:c5:29:73:3a:0d:02:04:22:75:8a:
                    a7:b2:db:4f:66:5d:93:14:b3:77:ec:de:4f:9b:d5:
                    a3:a6:99:88:45:d7:45:95:96:ec:f2:45:26:76:2c:
                    40:34:5e:7e:f5:dd:9a:3d:12:89:fb:56:d5:5c:b0:
                    b7:e4:70:6c:7b:92:1b:ef:7c:eb:4e:41:ad:eb:76:
                    74:a9:12:ac:17:f4:56:bb:72:a1:47:d0:cf:e0:05:
                    65:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:43:31:3E:7A:9C:16:0D:A5:6A:B7:73:43:11:6C:C0:76:67:1F:30
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/P0MxPnqcFg2lardzQxFswHZnHzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ed:99:45:1f:18:62:e7:a4:36:ee:1d:77:d4:fd:93:7f:96:
         95:3e:b2:13:97:8b:2f:32:41:5c:1f:72:f2:25:16:e2:96:5c:
         7e:4a:f6:41:25:99:36:1f:93:71:11:12:62:f7:f6:73:78:6a:
         5e:d1:21:9a:60:d8:f0:5c:8d:a8:9e:ac:6c:2e:3d:84:d6:e6:
         65:b8:a4:e9:f5:e5:9f:ef:e7:77:91:3e:f9:d3:a7:6a:38:fb:
         aa:8b:f3:58:28:1e:55:8a:db:6d:75:24:08:aa:c5:3e:90:11:
         24:e0:59:c8:47:9b:f4:72:41:20:2e:e1:d1:49:17:d2:f0:90:
         f0:39:90:8c:af:d1:7a:8f:ce:28:d4:79:c9:ba:e0:a2:58:17:
         7b:af:84:7d:0e:e6:bd:fc:80:6e:63:fc:e8:cd:b2:ad:28:c6:
         d2:87:1f:98:92:24:64:82:c4:b4:61:0b:27:f9:d6:af:6f:1d:
         b8:bd:8e:bc:c2:57:23:df:04:d6:8b:c9:c9:92:ca:0e:44:b1:
         5e:8f:be:1b:10:c2:12:83:c1:ae:ff:79:47:1a:75:55:d2:96:
         4a:b1:b0:e5:18:d4:52:93:3e:2b:49:f1:54:e3:9c:e3:27:46:
         0e:96:67:e9:5e:42:94:33:68:5d:e6:a0:1b:70:dd:b2:99:d4:
         d4:d6:76:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ofu9DawRRdSP1JKANQ2hNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA4MTgyOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQzMzEzZTdhOWMxNjBkYTU2YWI3NzM0MzExNmNjMDc2NjcxZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO8Vr/rsl41mk/kGtlX6velZ64qO
cDgbWQ0ZhFkiP9X9JmND9QR8IgKapwa5aql9ayXBoA+0dOk9VQ2i1+ieq92CqWEh
IkbHDROOEis3dpg7NBjNa7dyxpSfjh3cFWecxpB3WZUOAa2ubWC/bCX4tjVlMtTP
FtEJELlEEkpGgF1EP7GgfBNircuoOBnYnrvsEid+Z6b/a/0f8XVQhE0KXVMcGGF+
WGMos8UpczoNAgQidYqnsttPZl2TFLN37N5Pm9WjppmIRddFlZbs8kUmdixANF5+
9d2aPRKJ+1bVXLC35HBse5Ib73zrTkGt63Z0qRKsF/RWu3KhR9DP4AVlvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9DMT56nBYNpWq3c0MRbMB2Zx8wMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUDBNeFBucWNGZzJsYXJkelF4RnN3SFpuSHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/TwMA0G
CSqGSIb3DQEBCwUAA4IBAQAC7ZlFHxhi56Q27h131P2Tf5aVPrITl4svMkFcH3Ly
JRbillx+SvZBJZk2H5NxERJi9/ZzeGpe0SGaYNjwXI2onqxsLj2E1uZluKTp9eWf
7+d3kT7506dqOPuqi/NYKB5VitttdSQIqsU+kBEk4FnIR5v0ckEgLuHRSRfS8JDw
OZCMr9F6j84o1HnJuuCiWBd7r4R9Dua9/IBuY/zozbKtKMbShx+YkiRkgsS0YQsn
+davbx24vY68wlcj3wTWi8nJksoORLFej74bEMISg8Gu/3lHGnVV0pZKsbDlGNRS
kz4rSfFU45zjJ0YOlmfpXkKUM2hd5qAbcN2ymdTU1nbt
-----END CERTIFICATE-----