Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Qod6_jdB_jyqOhnKimyARhw1OhA.roa
File:                     Qod6_jdB_jyqOhnKimyARhw1OhA.roa (raw, json)
Hash identifier:          tYjwP8RNR8IUoPi+wM6kLpdKvOb9U9ukOKNmqPsqhHU=
Subject key identifier:   42:87:7A:FE:37:41:FE:3C:AA:3A:19:CA:8A:6C:80:46:1C:35:3A:10
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DC2FFF81FAD7E9B01CABDA35F13885F78
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Qod6_jdB_jyqOhnKimyARhw1OhA.roa
Signing time:             Sat 25 Apr 2026 04:57:28 +0000
ROA not before:           Sat 25 Apr 2026 04:57:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     265833
IP address blocks:        151.246.169.0/24 maxlen: 24
                          151.246.172.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Apr 2026 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c2:ff:f8:1f:ad:7e:9b:01:ca:bd:a3:5f:13:88:5f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 25 04:57:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42877afe3741fe3caa3a19ca8a6c80461c353a10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:05:95:56:7b:eb:f9:90:82:57:3a:e8:fa:9c:
                    60:a4:95:de:c1:42:4e:19:29:9d:d3:94:90:e4:ba:
                    69:58:c5:53:b8:8c:d6:de:53:63:79:db:25:9b:4f:
                    b5:b7:29:c3:f8:64:5e:43:f7:2a:41:75:ce:59:da:
                    38:15:73:9b:5a:b0:de:9b:60:dc:8f:a0:77:71:31:
                    2f:86:2e:4a:21:05:92:7e:9f:fd:52:8f:b6:40:a2:
                    f1:b9:f7:7a:27:c3:11:be:67:0b:f1:92:3c:08:59:
                    91:0d:8c:f7:fa:b8:44:b5:95:2e:9e:a3:44:30:fb:
                    99:f6:dc:19:4a:84:22:34:8b:f6:db:ba:6e:1b:df:
                    e7:02:2b:b2:e9:fa:8e:76:59:1e:3d:63:9b:81:15:
                    d9:a8:20:94:8c:bb:0c:51:1e:6a:ba:8e:ed:ec:b3:
                    1d:ca:ab:d3:21:ae:1f:c0:3b:71:7e:1f:8d:43:dd:
                    84:88:34:67:93:4b:c4:0a:8f:de:fc:2c:d5:84:d7:
                    99:98:16:e2:a8:cf:d8:48:cd:03:fa:66:d1:33:f3:
                    91:9b:ba:67:38:71:c6:d5:b3:b3:a5:2e:03:d2:55:
                    68:b0:28:95:45:08:2b:a1:4b:53:4a:32:a7:55:33:
                    87:df:21:d8:d1:60:2b:ae:82:08:d0:b9:74:f2:58:
                    6e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:87:7A:FE:37:41:FE:3C:AA:3A:19:CA:8A:6C:80:46:1C:35:3A:10
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Qod6_jdB_jyqOhnKimyARhw1OhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.169.0/24
                  151.246.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:c8:b1:7a:32:79:14:33:5e:6c:79:1b:55:d2:54:08:e6:7a:
         68:60:75:86:5a:cd:ba:51:df:52:02:e3:ae:35:c3:63:3f:53:
         54:8c:48:11:34:49:b9:1e:4b:82:66:28:fc:ad:97:73:48:28:
         3c:35:53:45:c1:56:c3:7e:e8:dd:1a:a8:72:11:1e:fe:ad:46:
         62:c8:51:0d:5f:73:36:0d:df:c3:84:a6:0f:41:2e:9e:e4:12:
         a0:9c:68:6c:55:b2:e1:86:85:f7:f0:ce:ac:21:12:ce:da:c4:
         d0:98:f1:9d:35:2e:57:53:b7:6f:2d:01:8f:65:15:2e:cf:2d:
         8d:ec:c7:ab:09:87:8e:af:a0:ca:d3:7d:14:f1:d2:38:3c:80:
         a4:98:1d:9b:f8:eb:36:ac:84:7a:bb:c0:3b:ab:25:5b:a6:16:
         5e:5a:61:c7:e1:9b:a1:b5:2a:e2:d4:bf:86:2e:48:74:bb:e7:
         7c:9f:a6:85:63:38:2f:bc:ff:97:4b:93:54:ee:83:7a:a6:74:
         d8:95:76:ae:77:5a:61:c7:d3:ec:a3:9e:53:42:b8:f7:99:ee:
         4b:83:0e:54:c1:f9:71:78:e3:ef:cb:c5:94:b1:32:64:dd:c5:
         31:36:9b:54:f7:63:1d:1e:29:be:48:a5:85:a7:ea:fd:93:60:
         88:35:33:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3C//gfrX6bAcq9o18TiF94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDI1MDQ1NzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjg3N2FmZTM3NDFmZTNjYWEzYTE5Y2E4YTZjODA0NjFjMzUzYTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQWVVnvr+ZCCVzro+pxgpJXewUJO
GSmd05SQ5LppWMVTuIzW3lNjedslm0+1tynD+GReQ/cqQXXOWdo4FXObWrDem2Dc
j6B3cTEvhi5KIQWSfp/9Uo+2QKLxufd6J8MRvmcL8ZI8CFmRDYz3+rhEtZUunqNE
MPuZ9twZSoQiNIv227puG9/nAiuy6fqOdlkePWObgRXZqCCUjLsMUR5quo7t7LMd
yqvTIa4fwDtxfh+NQ92EiDRnk0vECo/e/CzVhNeZmBbiqM/YSM0D+mbRM/ORm7pn
OHHG1bOzpS4D0lVosCiVRQgroUtTSjKnVTOH3yHY0WArroII0Ll08lhuaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEKHev43Qf48qjoZyopsgEYcNToQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUW9kNl9qZEJfanlxT2huS2lteUFSaHcxT2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/apAwQB
l/asMA0GCSqGSIb3DQEBCwUAA4IBAQARyLF6MnkUM15seRtV0lQI5npoYHWGWs26
Ud9SAuOuNcNjP1NUjEgRNEm5HkuCZij8rZdzSCg8NVNFwVbDfujdGqhyER7+rUZi
yFENX3M2Dd/DhKYPQS6e5BKgnGhsVbLhhoX38M6sIRLO2sTQmPGdNS5XU7dvLQGP
ZRUuzy2N7MerCYeOr6DK030U8dI4PICkmB2b+Os2rIR6u8A7qyVbphZeWmHH4Zuh
tSri1L+GLkh0u+d8n6aFYzgvvP+XS5NU7oN6pnTYlXaud1phx9Pso55TQrj3me5L
gw5UwflxeOPvy8WUsTJk3cUxNptU92MdHim+SKWFp+r9k2CINTPS
-----END CERTIFICATE-----