Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b0euTcTJS0WzykXzuQvKQjw-9N0.roa
File:                     b0euTcTJS0WzykXzuQvKQjw-9N0.roa (raw, json)
Hash identifier:          dDvvvu+XrFxvyFcRNyywXiF1vlY4+0y0q88D1HIZ9Ss=
Subject key identifier:   6F:47:AE:4D:C4:C9:4B:45:B3:CA:45:F3:B9:0B:CA:42:3C:3E:F4:DD
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D77342DA6D97F4BF0BC029E50585E2E9E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b0euTcTJS0WzykXzuQvKQjw-9N0.roa
Signing time:             Fri 10 Apr 2026 11:43:21 +0000
ROA not before:           Fri 10 Apr 2026 11:43:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207550
IP address blocks:        151.246.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 21:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:34:2d:a6:d9:7f:4b:f0:bc:02:9e:50:58:5e:2e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 10 11:43:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f47ae4dc4c94b45b3ca45f3b90bca423c3ef4dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1d:9c:fe:01:42:86:58:f7:de:92:7d:7a:01:
                    08:3d:e0:25:ed:06:fd:f1:a1:02:f6:aa:7a:75:af:
                    10:8b:95:f7:1f:e8:a5:71:1d:b9:ae:cf:11:ce:a0:
                    a0:b5:04:c2:e2:88:60:a7:74:9b:90:a8:02:a2:d9:
                    ae:11:e8:f4:08:71:86:2b:63:a4:6c:e1:26:45:0d:
                    34:84:30:67:79:15:b9:b3:13:11:35:ab:0c:ef:f3:
                    dd:07:45:cb:8d:bb:51:a1:14:fc:49:9b:b2:d1:0a:
                    c1:18:c6:0d:47:4d:8a:48:f2:79:9b:86:a1:37:0a:
                    fa:84:88:86:c2:d7:3b:85:b9:6e:f4:e2:80:13:8f:
                    3a:b1:c6:a9:40:15:46:74:d7:33:a4:5d:7b:19:f8:
                    ae:7c:a0:6b:64:b2:e7:40:67:f2:40:95:5f:87:97:
                    54:01:68:41:d6:e2:61:74:9f:28:1d:aa:58:1f:4b:
                    f7:55:60:26:11:ed:23:75:40:19:b0:5a:62:56:72:
                    8f:7d:5c:ee:ad:66:30:a0:52:ea:cd:ef:84:2c:96:
                    6b:04:5e:6a:b1:d2:bd:70:ee:33:13:d1:e5:dd:b8:
                    ae:39:1d:c3:a4:69:3e:2b:9a:82:32:91:53:ba:52:
                    5e:75:56:63:c2:a9:e2:3b:7c:96:28:69:e4:4a:72:
                    3b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:47:AE:4D:C4:C9:4B:45:B3:CA:45:F3:B9:0B:CA:42:3C:3E:F4:DD
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b0euTcTJS0WzykXzuQvKQjw-9N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:11:a0:c3:4f:7c:72:a7:1f:f1:72:4f:31:45:90:d4:4b:f4:
         76:bd:de:bf:6b:e7:56:4f:ed:f5:a8:de:37:0f:6f:b3:cd:12:
         5c:96:15:c5:c9:f9:d3:57:c3:38:8a:0c:9a:88:6b:c6:2f:4c:
         87:2c:81:90:54:2d:36:88:02:61:f6:7c:85:55:e2:e0:44:62:
         c0:5b:83:0e:8a:55:80:9e:b7:19:de:b8:b1:49:a7:bf:13:42:
         80:2d:35:05:4a:63:d4:96:03:b9:d3:f0:a8:e8:60:e7:bd:a2:
         68:8f:34:aa:38:75:e2:50:67:5f:ee:20:a0:95:29:d8:7b:83:
         b6:e4:28:0e:22:43:93:6f:8a:71:83:89:f4:4c:25:0e:f7:f1:
         ed:3a:68:a3:d0:eb:dc:99:0b:6c:4d:2e:b4:37:17:95:f0:af:
         75:0c:31:8d:a5:3e:b6:1a:73:89:5e:88:ca:b0:3e:69:56:00:
         34:23:ba:7d:1c:b0:77:cc:40:19:64:50:f6:69:0f:e3:d8:bc:
         ad:4d:9a:1e:7c:41:17:87:a6:31:52:07:69:e2:cc:67:94:64:
         3f:4d:d7:89:4e:e9:80:10:00:8a:bc:e0:30:f2:f1:6c:cb:28:
         d3:19:41:bc:cd:17:a5:5e:ac:f1:85:10:e3:29:fc:8e:45:f6:
         12:35:aa:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ13NC2m2X9L8LwCnlBYXi6eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDEwMTE0MzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjQ3YWU0ZGM0Yzk0YjQ1YjNjYTQ1ZjNiOTBiY2E0MjNjM2VmNGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph2c/gFChlj33pJ9egEIPeAl7Qb9
8aEC9qp6da8Qi5X3H+ilcR25rs8RzqCgtQTC4ohgp3SbkKgCotmuEej0CHGGK2Ok
bOEmRQ00hDBneRW5sxMRNasM7/PdB0XLjbtRoRT8SZuy0QrBGMYNR02KSPJ5m4ah
Nwr6hIiGwtc7hblu9OKAE486scapQBVGdNczpF17GfiufKBrZLLnQGfyQJVfh5dU
AWhB1uJhdJ8oHapYH0v3VWAmEe0jdUAZsFpiVnKPfVzurWYwoFLqze+ELJZrBF5q
sdK9cO4zE9Hl3biuOR3DpGk+K5qCMpFTulJedVZjwqniO3yWKGnkSnI7qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9Hrk3EyUtFs8pF87kLykI8PvTdMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYjBldVRjVEpTMFd6eWtYenVRdktRanctOU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/a9MA0G
CSqGSIb3DQEBCwUAA4IBAQC5EaDDT3xypx/xck8xRZDUS/R2vd6/a+dWT+31qN43
D2+zzRJclhXFyfnTV8M4igyaiGvGL0yHLIGQVC02iAJh9nyFVeLgRGLAW4MOilWA
nrcZ3rixSae/E0KALTUFSmPUlgO50/Co6GDnvaJojzSqOHXiUGdf7iCglSnYe4O2
5CgOIkOTb4pxg4n0TCUO9/HtOmij0OvcmQtsTS60NxeV8K91DDGNpT62GnOJXojK
sD5pVgA0I7p9HLB3zEAZZFD2aQ/j2LytTZoefEEXh6YxUgdp4sxnlGQ/TdeJTumA
EACKvOAw8vFsyyjTGUG8zRelXqzxhRDjKfyORfYSNaqb
-----END CERTIFICATE-----