Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4r1a5U7syQro90llSc4UOVr8lRA.roa
File:                     4r1a5U7syQro90llSc4UOVr8lRA.roa (raw, json)
Hash identifier:          D+t8xcHnUDzcjavbCAA7sX9mYCYV+0GmBppFfFW3Lwg=
Subject key identifier:   E2:BD:5A:E5:4E:EC:C9:0A:E8:F7:49:65:49:CE:14:39:5A:FC:95:10
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DDE73E538E20FD3A4239FF70CD619338B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4r1a5U7syQro90llSc4UOVr8lRA.roa
Signing time:             Thu 30 Apr 2026 12:53:50 +0000
ROA not before:           Thu 30 Apr 2026 12:53:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34989
IP address blocks:        151.246.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:73:e5:38:e2:0f:d3:a4:23:9f:f7:0c:d6:19:33:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 30 12:53:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2bd5ae54eecc90ae8f7496549ce14395afc9510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3f:26:64:27:91:30:e0:ab:f1:1a:a4:8e:b2:
                    77:9d:2c:ed:e5:85:ca:71:48:e5:db:e9:9e:1f:6e:
                    fb:43:18:be:85:06:46:af:a6:77:2b:17:77:f7:3c:
                    3c:7f:09:4b:34:92:f3:17:31:58:6a:73:fc:81:80:
                    02:d0:7d:67:60:75:04:a0:47:e5:00:d5:a6:cd:26:
                    68:6b:91:a7:e3:42:bb:f2:93:fd:d7:02:26:3e:36:
                    fb:d5:91:cd:08:85:fb:d5:31:53:06:5c:68:a2:85:
                    64:a5:f7:b8:7a:24:a9:e2:d5:a4:e3:a1:8f:32:07:
                    10:bb:63:4b:64:7d:5d:91:d8:2e:22:94:24:00:2c:
                    a2:f1:89:81:7b:15:60:7f:f0:cb:3b:11:09:3d:89:
                    31:19:97:cd:7d:a4:42:35:58:55:01:92:7e:2e:07:
                    dd:30:9f:73:03:d1:6c:24:a3:ca:3e:2c:6c:93:17:
                    d7:38:03:4f:56:e7:2e:fa:43:16:59:55:f1:70:dc:
                    9e:63:25:8e:03:98:eb:25:55:c3:48:7f:ad:9f:e5:
                    b5:61:39:ae:f5:4b:27:1a:f1:c5:2d:9f:1d:24:79:
                    ed:61:0c:ad:70:ca:d8:ac:ba:f3:6e:0b:13:93:1d:
                    a7:bb:cd:d3:a6:80:7f:05:a6:0a:ba:fc:cf:4b:5c:
                    7f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:BD:5A:E5:4E:EC:C9:0A:E8:F7:49:65:49:CE:14:39:5A:FC:95:10
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/4r1a5U7syQro90llSc4UOVr8lRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:ed:3c:c6:c3:81:c8:08:9c:1f:a2:c5:85:31:c6:f8:72:88:
         f1:65:a0:37:b7:23:44:e7:6c:39:cc:a2:97:16:fb:4b:bb:21:
         ef:a9:f4:74:c6:31:e9:5d:11:bc:5c:8b:d1:03:7a:c0:f9:c6:
         d4:24:9a:d6:6d:41:64:31:66:09:1a:9b:a7:37:29:b4:33:a3:
         0a:7a:97:99:d3:85:33:63:88:ce:10:78:95:4a:41:57:8a:db:
         68:08:c2:ac:50:c2:f8:e9:60:07:9c:d5:c0:5e:37:83:4d:5b:
         42:dc:2c:a4:f9:e9:78:e3:59:15:5f:e9:2e:7d:59:fc:98:cb:
         b8:6e:0b:25:24:e1:3b:ae:d6:f5:aa:88:75:9c:0a:61:53:4e:
         da:b8:4e:87:8f:f6:e5:e6:e3:1d:2e:70:b6:6b:6b:71:75:66:
         aa:c8:a0:25:e6:09:74:5d:74:95:d9:26:3e:35:87:a7:fa:42:
         6a:d4:85:3c:26:83:1e:db:b2:31:a1:6c:4d:b6:8d:7a:4f:a0:
         c8:27:e7:4d:48:68:a3:60:3d:9e:47:6f:af:9d:98:83:43:ff:
         1e:01:93:91:3f:7c:fc:44:cb:f5:bf:66:45:62:03:c1:fb:4d:
         4e:97:27:2a:ec:4d:01:21:ae:6a:f4:52:e1:7c:3b:7c:8a:ea:
         4d:ff:27:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ec+U44g/TpCOf9wzWGTOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDMwMTI1MzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmJkNWFlNTRlZWNjOTBhZThmNzQ5NjU0OWNlMTQzOTVhZmM5NTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0D8mZCeRMOCr8RqkjrJ3nSzt5YXK
cUjl2+meH277Qxi+hQZGr6Z3Kxd39zw8fwlLNJLzFzFYanP8gYAC0H1nYHUEoEfl
ANWmzSZoa5Gn40K78pP91wImPjb71ZHNCIX71TFTBlxoooVkpfe4eiSp4tWk46GP
MgcQu2NLZH1dkdguIpQkACyi8YmBexVgf/DLOxEJPYkxGZfNfaRCNVhVAZJ+Lgfd
MJ9zA9FsJKPKPixskxfXOANPVucu+kMWWVXxcNyeYyWOA5jrJVXDSH+tn+W1YTmu
9UsnGvHFLZ8dJHntYQytcMrYrLrzbgsTkx2nu83TpoB/BaYKuvzPS1x/+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOK9WuVO7MkK6PdJZUnOFDla/JUQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNHIxYTVVN3N5UXJvOTBsbFNjNFVPVnI4bFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/azMA0G
CSqGSIb3DQEBCwUAA4IBAQCf7TzGw4HICJwfosWFMcb4cojxZaA3tyNE52w5zKKX
FvtLuyHvqfR0xjHpXRG8XIvRA3rA+cbUJJrWbUFkMWYJGpunNym0M6MKepeZ04Uz
Y4jOEHiVSkFXittoCMKsUML46WAHnNXAXjeDTVtC3Cyk+el441kVX+kufVn8mMu4
bgslJOE7rtb1qoh1nAphU07auE6Hj/bl5uMdLnC2a2txdWaqyKAl5gl0XXSV2SY+
NYen+kJq1IU8JoMe27IxoWxNto16T6DIJ+dNSGijYD2eR2+vnZiDQ/8eAZORP3z8
RMv1v2ZFYgPB+01Olycq7E0BIa5q9FLhfDt8iupN/yeA
-----END CERTIFICATE-----