Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b0OXrITomG9RUYDk0Ambn494Ifk.roa
File:                     b0OXrITomG9RUYDk0Ambn494Ifk.roa (raw, json)
Hash identifier:          0j1o1x7mh3M30oUNejyGrRgTVjin/mhCKMDYIGlzjuY=
Subject key identifier:   6F:43:97:AC:84:E8:98:6F:51:51:80:E4:D0:09:9B:9F:8F:78:21:F9
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EDAF83304C5168D3E2C588F711E188588
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b0OXrITomG9RUYDk0Ambn494Ifk.roa
Signing time:             Thu 18 Jun 2026 13:42:39 +0000
ROA not before:           Thu 18 Jun 2026 13:42:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        37.202.209.0/24 maxlen: 24
                          151.242.179.0/24 maxlen: 24
                          151.244.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Jun 2026 15:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:f8:33:04:c5:16:8d:3e:2c:58:8f:71:1e:18:85:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 18 13:42:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f4397ac84e8986f515180e4d0099b9f8f7821f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:90:8a:b5:09:10:ef:3d:82:a2:8c:fc:c8:
                    94:dc:01:bb:a0:35:8f:7a:53:23:a6:ab:08:bd:72:
                    14:00:b0:d3:94:5e:e8:56:7e:c6:25:a6:c9:79:2a:
                    fc:73:d8:50:8e:40:c7:73:f6:11:48:fd:55:98:53:
                    65:6c:6a:1e:ab:a0:98:86:4d:98:93:ce:ed:9f:45:
                    6d:39:cc:72:cb:36:66:00:2a:cb:6a:75:ad:2d:b2:
                    8e:d6:09:d9:b2:58:2a:99:9a:55:7a:c6:29:76:5a:
                    0a:9b:d7:44:9a:31:4c:fc:fb:bb:fd:2c:5b:15:12:
                    87:a4:07:07:4f:58:7d:0e:31:0b:64:dd:b6:75:5e:
                    b6:19:c5:25:b4:f3:30:fe:46:3c:ab:bf:e0:31:2b:
                    5f:54:d5:bd:0f:72:61:ca:b1:9c:31:4e:75:ad:f1:
                    f9:18:7d:1b:1d:59:fa:3a:80:78:f3:b4:a6:ef:d2:
                    f8:6c:f1:76:4a:9f:59:c4:cf:0b:b1:63:9f:97:c3:
                    c2:3f:40:8e:e7:4c:5d:33:33:fd:66:2b:7f:76:3c:
                    6d:d7:0d:53:19:c0:eb:54:05:66:d9:df:1c:d0:e8:
                    da:84:84:0c:3c:38:83:31:dd:5f:4c:19:e1:81:2a:
                    40:8f:ab:0c:26:34:ec:03:bd:1e:03:80:31:2b:61:
                    72:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:43:97:AC:84:E8:98:6F:51:51:80:E4:D0:09:9B:9F:8F:78:21:F9
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b0OXrITomG9RUYDk0Ambn494Ifk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.209.0/24
                  151.242.179.0/24
                  151.244.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:dc:3b:b3:19:12:b6:af:d8:ff:46:de:6b:41:da:c2:e2:f0:
         8b:83:09:7b:07:39:27:fa:a9:2c:38:c8:4b:65:52:4f:66:b6:
         7d:d9:42:ab:c2:bb:18:6d:be:6c:e8:9f:7d:88:b9:3a:cb:0d:
         65:51:3b:64:d5:d0:4e:47:12:f8:2f:49:c8:55:63:ba:3c:58:
         aa:be:c9:f6:84:74:30:4a:4f:60:60:42:1c:fd:a9:8b:1a:66:
         5b:b2:5a:e0:7d:d8:62:a2:68:0b:ff:c3:e6:d5:16:20:21:43:
         a0:c4:de:29:88:51:0a:3f:24:24:a3:ff:88:32:64:3a:f9:5f:
         58:7c:21:79:42:e2:87:71:57:c6:4b:e4:23:e4:f5:fe:63:8f:
         50:b7:b2:6a:15:5b:16:e6:15:8b:67:67:1a:a9:97:13:96:ad:
         4c:51:4e:74:08:64:a8:48:e6:5e:00:b2:9a:42:57:47:f2:99:
         bf:39:4a:9f:c2:43:68:9e:56:cd:a5:ad:3b:7d:a4:01:e7:2a:
         c0:0a:0a:0a:cc:7d:12:65:8c:63:b8:ef:2f:a0:cb:5a:76:5a:
         d3:8c:30:1e:af:f2:d7:53:06:58:8f:57:df:56:83:66:fc:3f:
         6c:aa:7d:4a:14:bd:04:3c:d8:6c:16:c9:d0:c7:73:17:33:89:
         d8:4a:00:17
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7a+DMExRaNPixYj3EeGIWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjE4MTM0MjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjQzOTdhYzg0ZTg5ODZmNTE1MTgwZTRkMDA5OWI5ZjhmNzgyMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1iQirUJEO89gqKM/MiU3AG7oDWP
elMjpqsIvXIUALDTlF7oVn7GJabJeSr8c9hQjkDHc/YRSP1VmFNlbGoeq6CYhk2Y
k87tn0VtOcxyyzZmACrLanWtLbKO1gnZslgqmZpVesYpdloKm9dEmjFM/Pu7/Sxb
FRKHpAcHT1h9DjELZN22dV62GcUltPMw/kY8q7/gMStfVNW9D3JhyrGcMU51rfH5
GH0bHVn6OoB487Sm79L4bPF2Sp9ZxM8LsWOfl8PCP0CO50xdMzP9Zit/djxt1w1T
GcDrVAVm2d8c0OjahIQMPDiDMd1fTBnhgSpAj6sMJjTsA70eA4AxK2FylwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG9Dl6yE6JhvUVGA5NAJm5+PeCH5MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYjBPWHJJVG9tRzlSVVlEazBBbWJuNDk0SWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJcrRAwQA
l/KzAwQAl/QOMA0GCSqGSIb3DQEBCwUAA4IBAQAC3DuzGRK2r9j/Rt5rQdrC4vCL
gwl7Bzkn+qksOMhLZVJPZrZ92UKrwrsYbb5s6J99iLk6yw1lUTtk1dBORxL4L0nI
VWO6PFiqvsn2hHQwSk9gYEIc/amLGmZbslrgfdhiomgL/8Pm1RYgIUOgxN4piFEK
PyQko/+IMmQ6+V9YfCF5QuKHcVfGS+Qj5PX+Y49Qt7JqFVsW5hWLZ2caqZcTlq1M
UU50CGSoSOZeALKaQldH8pm/OUqfwkNonlbNpa07faQB5yrACgoKzH0SZYxjuO8v
oMtadlrTjDAer/LXUwZYj1ffVoNm/D9sqn1KFL0EPNhsFsnQx3MXM4nYSgAX
-----END CERTIFICATE-----