Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rqbyGIkVDuyXsmQuMqpkslAfz3I.roa
File:                     rqbyGIkVDuyXsmQuMqpkslAfz3I.roa (raw, json)
Hash identifier:          VtIxP3vYHTtO4nIOa/kUAm9djpMrySbcePD9VG25ldk=
Subject key identifier:   AE:A6:F2:18:89:15:0E:EC:97:B2:64:2E:32:AA:64:B2:50:1F:CF:72
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019BF9793DDDF2573422AABB37056B33F772
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rqbyGIkVDuyXsmQuMqpkslAfz3I.roa
Signing time:             Mon 26 Jan 2026 08:43:51 +0000
ROA not before:           Mon 26 Jan 2026 08:43:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202118
IP address blocks:        151.247.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 07:18:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:79:3d:dd:f2:57:34:22:aa:bb:37:05:6b:33:f7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 26 08:43:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aea6f21889150eec97b2642e32aa64b2501fcf72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:82:93:ba:e0:fe:62:f5:1a:88:e3:bd:d7:30:
                    40:0f:2e:74:22:a4:07:e0:95:46:61:59:22:85:e2:
                    45:03:4e:e8:1a:f6:75:4c:fe:da:bb:e1:a3:cc:6f:
                    01:b1:2b:0a:fb:63:66:87:87:4c:ae:6c:f6:fc:a2:
                    b5:a3:f5:f3:59:78:68:2c:f8:80:91:c8:a4:b9:cd:
                    8e:21:ba:01:7f:23:f3:23:d6:e2:cc:22:10:fa:af:
                    f6:40:8f:e1:b7:ff:5b:2b:d0:ca:42:bb:8d:1b:88:
                    08:01:1f:e0:82:d6:38:bf:1f:ee:21:ae:80:fa:95:
                    9b:32:a0:f7:f4:d1:1c:15:f0:81:21:1b:df:09:2a:
                    6a:b2:69:69:87:3f:ef:7f:3f:fc:8b:25:26:81:63:
                    f9:30:c1:42:c9:d7:6d:e9:8f:56:ac:6a:8d:89:a6:
                    fc:cf:bb:3b:eb:75:02:8d:e2:49:b1:77:ae:d3:20:
                    a1:6a:c9:de:2f:7c:1a:ef:49:04:72:5c:53:ab:c9:
                    95:04:3a:b2:f6:b1:d1:f3:12:93:55:b3:3e:aa:48:
                    5b:44:ae:6a:47:6d:3a:30:04:37:b2:33:84:8d:42:
                    12:02:65:13:eb:b9:62:70:1a:24:70:00:8d:3c:5d:
                    c0:e1:bc:51:6e:3b:01:9f:73:35:dc:cf:8a:03:90:
                    05:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A6:F2:18:89:15:0E:EC:97:B2:64:2E:32:AA:64:B2:50:1F:CF:72
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rqbyGIkVDuyXsmQuMqpkslAfz3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:62:13:b1:dd:37:9e:55:89:48:4a:d7:e6:e5:fd:8f:ce:a4:
         54:0e:d6:a9:4f:14:ba:20:c9:78:02:d4:ed:9c:d9:02:19:62:
         a3:fb:63:aa:1b:b6:bc:06:17:e0:27:14:ca:98:94:5b:c0:01:
         81:48:43:2c:7f:36:46:ab:a4:91:49:86:6c:f9:8a:7a:7a:7d:
         18:e2:3f:17:85:4f:5f:ae:a3:79:09:60:b8:61:27:5d:55:7a:
         33:80:98:66:c7:6c:d4:94:94:36:e3:ad:f9:ee:a6:0b:af:38:
         17:2b:27:ce:01:08:b1:f5:94:3a:7f:c0:36:42:5c:1a:6b:76:
         c1:eb:14:76:88:df:ad:f3:fc:06:94:fa:2e:bb:22:57:ab:1c:
         4f:3e:43:61:d3:20:f8:18:dd:50:9e:54:21:a0:59:77:af:ec:
         a0:a3:ea:1b:6c:91:93:04:7e:0e:3d:a6:9b:14:a4:f3:69:c8:
         33:b9:de:4e:2e:2a:9f:82:35:86:82:cc:ac:75:e8:e6:2e:b7:
         6d:87:c4:08:49:93:6f:86:92:e9:4f:b2:8e:82:95:ba:58:7e:
         43:77:be:e3:82:3f:e6:82:73:92:0d:d6:6a:97:5e:d5:93:c4:
         2a:f8:d1:7e:07:f7:50:5c:67:8c:df:2d:0f:6e:1c:0c:2f:0a:
         73:ef:4f:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv5eT3d8lc0Iqq7NwVrM/dyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTI2MDg0MzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWE2ZjIxODg5MTUwZWVjOTdiMjY0MmUzMmFhNjRiMjUwMWZjZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYKTuuD+YvUaiOO91zBADy50IqQH
4JVGYVkiheJFA07oGvZ1TP7au+GjzG8BsSsK+2Nmh4dMrmz2/KK1o/XzWXhoLPiA
kcikuc2OIboBfyPzI9bizCIQ+q/2QI/ht/9bK9DKQruNG4gIAR/ggtY4vx/uIa6A
+pWbMqD39NEcFfCBIRvfCSpqsmlphz/vfz/8iyUmgWP5MMFCyddt6Y9WrGqNiab8
z7s763UCjeJJsXeu0yChasneL3wa70kEclxTq8mVBDqy9rHR8xKTVbM+qkhbRK5q
R206MAQ3sjOEjUISAmUT67licBokcACNPF3A4bxRbjsBn3M13M+KA5AFmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6m8hiJFQ7sl7JkLjKqZLJQH89yMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcnFieUdJa1ZEdXlYc21RdU1xcGtzbEFmejNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/dKMA0G
CSqGSIb3DQEBCwUAA4IBAQABYhOx3TeeVYlIStfm5f2PzqRUDtapTxS6IMl4AtTt
nNkCGWKj+2OqG7a8BhfgJxTKmJRbwAGBSEMsfzZGq6SRSYZs+Yp6en0Y4j8XhU9f
rqN5CWC4YSddVXozgJhmx2zUlJQ246357qYLrzgXKyfOAQix9ZQ6f8A2Qlwaa3bB
6xR2iN+t8/wGlPouuyJXqxxPPkNh0yD4GN1QnlQhoFl3r+ygo+obbJGTBH4OPaab
FKTzacgzud5OLiqfgjWGgsysdejmLrdth8QISZNvhpLpT7KOgpW6WH5Dd77jgj/m
gnOSDdZql17Vk8Qq+NF+B/dQXGeM3y0PbhwMLwpz70+3
-----END CERTIFICATE-----