Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hgRQOEIiHKLOseBGyB4tiJqvUpk.roa
File:                     hgRQOEIiHKLOseBGyB4tiJqvUpk.roa (raw, json)
Hash identifier:          Yj5jA3J9lhm8LBR4iBW4peqSKrVLnPf6P5rc1RKkjes=
Subject key identifier:   86:04:50:38:42:22:1C:A2:CE:B1:E0:46:C8:1E:2D:88:9A:AF:52:99
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DC4D94B605DEB5DDA6C1137359381E5A9
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hgRQOEIiHKLOseBGyB4tiJqvUpk.roa
Signing time:             Sat 25 Apr 2026 13:34:28 +0000
ROA not before:           Sat 25 Apr 2026 13:34:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        151.244.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c4:d9:4b:60:5d:eb:5d:da:6c:11:37:35:93:81:e5:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 25 13:34:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8604503842221ca2ceb1e046c81e2d889aaf5299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2c:bf:19:e9:e1:24:a3:1b:f7:9e:27:c5:22:
                    44:a6:48:c7:21:75:28:a9:a5:ab:56:a1:fb:f5:12:
                    49:3c:70:b7:a8:57:28:70:94:00:a6:70:ca:e6:75:
                    4d:93:ee:d5:85:6c:08:54:33:ca:0d:62:b3:00:ba:
                    76:20:b2:6d:06:33:4a:cc:26:29:47:0f:4e:80:56:
                    30:bd:65:8f:59:24:2d:4a:c9:dc:14:1f:f5:66:4b:
                    ac:ce:5d:28:ee:14:c6:b4:8e:4e:be:cf:2b:28:6a:
                    88:33:60:bb:be:10:10:19:73:2a:47:59:bc:a2:22:
                    51:2a:9f:6a:ee:ec:49:70:85:46:00:97:0e:99:aa:
                    11:95:de:5a:08:ee:07:2d:c9:3c:66:70:bd:8f:cd:
                    5a:b9:d6:90:78:45:40:1f:88:cb:cc:20:2e:1f:44:
                    fc:67:05:e6:01:3d:90:0d:f4:b3:6f:98:ad:6c:b2:
                    48:81:da:f9:b2:21:b9:34:52:ea:9f:a4:02:ce:7e:
                    ce:10:13:96:24:67:ae:c9:34:93:3e:e7:a7:f6:d9:
                    8c:f9:f8:16:c5:5f:0c:cb:97:34:f3:6d:41:fa:6e:
                    43:ef:ac:e1:25:5b:dd:e9:fb:3b:6b:9a:82:a5:80:
                    9b:ef:c5:85:b5:1f:94:6c:ef:e9:f1:32:36:13:e8:
                    53:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:04:50:38:42:22:1C:A2:CE:B1:E0:46:C8:1E:2D:88:9A:AF:52:99
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hgRQOEIiHKLOseBGyB4tiJqvUpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:2f:93:3b:32:5b:5e:af:de:af:a7:60:a2:12:26:91:dd:e4:
         be:95:7f:07:bf:a0:be:94:81:27:c9:f5:ef:c4:7e:ab:f5:69:
         66:44:9c:20:f7:5a:4e:30:fd:80:7d:32:f6:c3:04:bc:1c:59:
         dc:06:d2:a3:e1:af:cd:4a:40:c8:b0:c2:25:2c:86:28:f3:29:
         cd:93:d2:c6:8e:a9:e1:c4:c0:c3:f7:53:81:5a:a6:72:77:45:
         ff:96:26:8d:f8:24:bb:44:98:be:61:24:cd:b6:2e:f3:42:b5:
         89:de:07:27:5a:0d:11:6b:77:67:9a:0f:eb:8f:79:27:a1:df:
         2c:82:d4:c1:be:1c:f3:1a:8c:2d:65:b7:be:54:cc:2e:4a:e6:
         c6:2c:c8:1d:7e:31:a6:0a:e4:ed:6c:b2:e0:0f:ac:a8:ac:1e:
         b4:27:b5:ce:e1:b1:5b:e0:36:7f:a3:9a:3e:2e:17:02:e9:b3:
         14:83:b6:75:03:30:33:28:6d:6b:8f:86:77:45:22:1d:b7:bb:
         00:b3:22:2e:54:a6:cd:80:99:ba:ab:23:10:eb:23:a4:6b:dd:
         3b:c8:dc:af:30:18:00:ef:c3:b6:87:6d:e6:e8:86:1e:75:7f:
         47:55:e7:fb:46:2a:82:5d:a0:e8:4f:bf:c4:95:56:95:eb:eb:
         71:fc:5b:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3E2UtgXetd2mwRNzWTgeWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDI1MTMzNDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjA0NTAzODQyMjIxY2EyY2ViMWUwNDZjODFlMmQ4ODlhYWY1Mjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyy/GenhJKMb954nxSJEpkjHIXUo
qaWrVqH79RJJPHC3qFcocJQApnDK5nVNk+7VhWwIVDPKDWKzALp2ILJtBjNKzCYp
Rw9OgFYwvWWPWSQtSsncFB/1Zkuszl0o7hTGtI5Ovs8rKGqIM2C7vhAQGXMqR1m8
oiJRKp9q7uxJcIVGAJcOmaoRld5aCO4HLck8ZnC9j81audaQeEVAH4jLzCAuH0T8
ZwXmAT2QDfSzb5itbLJIgdr5siG5NFLqn6QCzn7OEBOWJGeuyTSTPuen9tmM+fgW
xV8My5c0821B+m5D76zhJVvd6fs7a5qCpYCb78WFtR+UbO/p8TI2E+hTEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYEUDhCIhyizrHgRsgeLYiar1KZMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvaGdSUU9FSWlIS0xPc2VCR3lCNHRpSnF2VXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/QwMA0G
CSqGSIb3DQEBCwUAA4IBAQAXL5M7Mlter96vp2CiEiaR3eS+lX8Hv6C+lIEnyfXv
xH6r9WlmRJwg91pOMP2AfTL2wwS8HFncBtKj4a/NSkDIsMIlLIYo8ynNk9LGjqnh
xMDD91OBWqZyd0X/liaN+CS7RJi+YSTNti7zQrWJ3gcnWg0Ra3dnmg/rj3knod8s
gtTBvhzzGowtZbe+VMwuSubGLMgdfjGmCuTtbLLgD6yorB60J7XO4bFb4DZ/o5o+
LhcC6bMUg7Z1AzAzKG1rj4Z3RSIdt7sAsyIuVKbNgJm6qyMQ6yOka907yNyvMBgA
78O2h23m6IYedX9HVef7RiqCXaDoT7/ElVaV6+tx/FvF
-----END CERTIFICATE-----