Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PDFHQVpdnwYR2_px9kEuvliIZHM.roa
File:                     PDFHQVpdnwYR2_px9kEuvliIZHM.roa (raw, json)
Hash identifier:          x2S//C+9bvWe3E4+kNhJswqNa3ix4AYSkp3P4h6b0og=
Subject key identifier:   3C:31:47:41:5A:5D:9F:06:11:DB:FA:71:F6:41:2E:BE:58:88:64:73
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D06296D4A83D04E133EBE2F88EFF1947A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PDFHQVpdnwYR2_px9kEuvliIZHM.roa
Signing time:             Thu 19 Mar 2026 12:54:31 +0000
ROA not before:           Thu 19 Mar 2026 12:54:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        151.240.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:29:6d:4a:83:d0:4e:13:3e:be:2f:88:ef:f1:94:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 19 12:54:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c3147415a5d9f0611dbfa71f6412ebe58886473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:89:d8:6c:03:a7:3c:7f:8f:b1:e7:6b:e3:06:
                    e7:57:6e:ec:d6:99:9b:a7:9f:dd:08:07:71:ab:46:
                    20:02:21:67:fd:0a:93:22:51:88:f6:75:78:76:45:
                    d2:2d:07:87:7e:35:56:c1:55:68:a1:f8:5e:3a:37:
                    08:66:a5:7e:9a:5d:0d:3c:d3:46:4c:50:71:7a:ad:
                    6d:17:99:2b:27:11:a3:66:e0:98:f2:b2:44:79:e7:
                    93:ce:d0:3e:36:11:72:46:fc:d1:35:e1:57:2c:9e:
                    71:9a:9e:74:f5:6e:6d:6a:c1:38:37:9e:49:fd:e2:
                    27:96:81:eb:b3:c3:5c:19:e2:46:bb:cd:d6:5a:64:
                    35:4e:2e:3b:c3:bc:3f:10:da:f3:cf:ba:67:66:12:
                    38:03:0c:41:c5:8e:69:83:93:24:e5:fb:b4:2b:07:
                    0f:e7:6c:88:8c:e7:f8:a8:3c:70:3a:7b:aa:50:a7:
                    b2:c5:2d:df:20:62:2b:80:d9:0b:6c:d9:b0:5e:8a:
                    a0:fd:ec:2a:d6:f1:99:25:8e:a9:e9:f4:67:41:9b:
                    c2:6a:69:82:b1:b2:9f:06:04:52:1f:69:b2:11:a2:
                    2d:60:27:d2:f0:1a:a5:3b:61:51:dc:58:5c:b7:be:
                    8d:fe:9b:ef:dd:9d:e4:cf:d6:16:8a:6e:a7:9f:0c:
                    a1:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:31:47:41:5A:5D:9F:06:11:DB:FA:71:F6:41:2E:BE:58:88:64:73
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/PDFHQVpdnwYR2_px9kEuvliIZHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:f8:0e:55:19:0e:7d:73:06:87:30:40:5c:19:2f:32:b5:25:
         04:93:07:b1:ac:41:8e:02:69:82:39:d2:61:61:2d:ac:66:bd:
         26:b9:c8:42:b0:2a:03:9b:03:1c:61:bd:d8:2c:3d:83:aa:67:
         bb:14:99:3b:97:77:fd:9a:30:ec:ae:91:ad:9e:23:d7:cd:b7:
         96:f5:54:86:ef:7e:a2:b0:1c:a8:79:27:49:a7:39:ba:a1:8e:
         cd:96:33:9d:eb:1b:70:ba:f1:4f:d2:c1:65:53:a2:82:76:20:
         eb:4e:37:44:c7:0b:db:f5:4f:45:cf:f7:25:c1:3b:42:9b:3a:
         5c:71:c4:74:ac:72:2c:2e:92:7b:26:7b:14:ed:20:87:b4:ca:
         fe:32:67:ea:b3:15:7b:2e:6d:ab:5d:49:6e:82:2f:3b:22:07:
         a0:ed:ac:02:81:14:79:87:fc:8f:b0:44:53:c2:02:ff:dc:f4:
         e8:13:8b:f5:d2:7d:b2:a9:55:77:b0:4e:45:a7:d7:bb:ad:7c:
         a0:46:01:60:ce:b9:3c:ab:ba:4e:48:ec:13:4f:21:26:24:c0:
         5f:ba:54:d8:18:cc:07:ce:15:dc:82:e5:f5:67:39:ca:ba:a7:
         ef:7d:05:55:42:40:c5:1b:57:e1:1c:2a:69:23:d5:4c:2c:2b:
         c0:e5:16:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0GKW1Kg9BOEz6+L4jv8ZR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzE5MTI1NDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzMxNDc0MTVhNWQ5ZjA2MTFkYmZhNzFmNjQxMmViZTU4ODg2NDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYnYbAOnPH+Psedr4wbnV27s1pmb
p5/dCAdxq0YgAiFn/QqTIlGI9nV4dkXSLQeHfjVWwVVoofheOjcIZqV+ml0NPNNG
TFBxeq1tF5krJxGjZuCY8rJEeeeTztA+NhFyRvzRNeFXLJ5xmp509W5tasE4N55J
/eInloHrs8NcGeJGu83WWmQ1Ti47w7w/ENrzz7pnZhI4AwxBxY5pg5Mk5fu0KwcP
52yIjOf4qDxwOnuqUKeyxS3fIGIrgNkLbNmwXoqg/ewq1vGZJY6p6fRnQZvCammC
sbKfBgRSH2myEaItYCfS8BqlO2FR3Fhct76N/pvv3Z3kz9YWim6nnwyhcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwxR0FaXZ8GEdv6cfZBLr5YiGRzMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUERGSFFWcGRud1lSMl9weDlrRXV2bGlJWkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/CQMA0G
CSqGSIb3DQEBCwUAA4IBAQBB+A5VGQ59cwaHMEBcGS8ytSUEkwexrEGOAmmCOdJh
YS2sZr0muchCsCoDmwMcYb3YLD2Dqme7FJk7l3f9mjDsrpGtniPXzbeW9VSG736i
sByoeSdJpzm6oY7NljOd6xtwuvFP0sFlU6KCdiDrTjdExwvb9U9Fz/clwTtCmzpc
ccR0rHIsLpJ7JnsU7SCHtMr+MmfqsxV7Lm2rXUlugi87Igeg7awCgRR5h/yPsERT
wgL/3PToE4v10n2yqVV3sE5Fp9e7rXygRgFgzrk8q7pOSOwTTyEmJMBfulTYGMwH
zhXcguX1ZznKuqfvfQVVQkDFG1fhHCppI9VMLCvA5RYe
-----END CERTIFICATE-----