Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7zmRbLaHbmB0zQuOXP_TFRPx4Ks.roa
File:                     7zmRbLaHbmB0zQuOXP_TFRPx4Ks.roa (raw, json)
Hash identifier:          ce7JmlwNn69/8P58+14D698Oz9hPn9UA8dPYfKLBjeU=
Subject key identifier:   EF:39:91:6C:B6:87:6E:60:74:CD:0B:8E:5C:FF:D3:15:13:F1:E0:AB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D28E7EC4BABD44550085F37023650B89D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7zmRbLaHbmB0zQuOXP_TFRPx4Ks.roa
Signing time:             Thu 26 Mar 2026 06:49:40 +0000
ROA not before:           Thu 26 Mar 2026 06:49:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        151.242.137.0/24 maxlen: 24
                          151.243.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:56:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:28:e7:ec:4b:ab:d4:45:50:08:5f:37:02:36:50:b8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 26 06:49:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef39916cb6876e6074cd0b8e5cffd31513f1e0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7f:c1:0f:05:93:29:a4:67:e2:48:4c:d7:b8:
                    66:65:d7:a2:4b:78:1b:01:6d:49:f6:ce:5a:f0:08:
                    fb:6e:8c:ed:c3:0c:d5:2d:9c:f2:59:67:aa:bd:b5:
                    f4:19:95:92:6d:ad:a0:8d:22:fd:9e:67:a9:d0:c4:
                    eb:24:29:1e:13:49:cf:1a:6d:d7:9c:9a:5a:3f:87:
                    d5:93:bc:3b:5e:85:64:65:a7:18:37:58:68:01:f3:
                    e6:1a:ae:c9:2b:1d:95:8e:0b:7b:ce:72:84:ba:0e:
                    7a:98:96:5e:7b:dc:36:11:5d:e7:c7:1d:fb:9a:50:
                    07:f4:d3:ca:67:ee:74:e8:a4:96:b8:5f:ca:18:de:
                    fd:e4:e5:bb:de:95:75:9a:c7:ac:cf:b7:86:9a:4d:
                    77:76:54:89:b3:d3:3f:04:d3:f5:8b:85:df:6f:6f:
                    07:1a:8d:35:05:7a:dc:c0:91:f0:90:62:02:83:ca:
                    03:da:f9:94:83:62:9d:ea:11:d2:d8:c7:ab:f8:5a:
                    11:e7:3c:cf:55:87:0b:c1:9e:25:da:44:ef:42:30:
                    92:a3:a2:22:dd:eb:88:34:b2:78:19:4d:51:99:8a:
                    b7:c0:f9:5f:47:1a:1a:39:4a:c6:49:8e:2e:02:d1:
                    cc:1d:24:da:ad:e9:51:92:69:d4:fa:23:4c:87:7d:
                    15:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:39:91:6C:B6:87:6E:60:74:CD:0B:8E:5C:FF:D3:15:13:F1:E0:AB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7zmRbLaHbmB0zQuOXP_TFRPx4Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.137.0/24
                  151.243.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:59:51:43:dc:78:49:e7:45:11:d6:28:ac:e7:45:87:d8:35:
         fc:97:ab:e6:57:3f:94:4c:96:64:93:7c:e4:1b:d1:0e:3f:43:
         43:37:30:b8:7a:af:a7:40:35:47:2e:76:48:e1:a7:3e:4a:aa:
         8c:21:96:76:6a:76:47:2e:cf:a0:22:34:e6:6b:c8:5a:b6:6a:
         52:1e:0b:a8:cd:2d:22:84:69:b8:b5:fe:fe:be:91:c6:9a:ee:
         7c:03:bb:7d:52:4b:38:99:b5:f0:70:95:88:9b:79:28:7d:4b:
         57:1f:2a:02:73:fb:7d:ea:13:21:30:4b:58:cc:c0:01:52:57:
         8a:01:c6:b7:57:15:42:b9:fa:d0:b1:49:9e:83:7d:5e:da:b1:
         2e:1d:b1:7d:15:fb:33:a4:26:16:c3:c1:02:3b:ed:f7:61:04:
         ad:94:62:d3:c5:3b:57:b5:27:5e:6d:c7:9f:32:20:fe:b6:ac:
         27:ca:56:69:66:7f:34:3a:75:4d:77:03:7f:c1:c4:53:42:44:
         e3:63:f5:26:4b:c6:b1:cb:fa:38:51:7f:b3:8b:37:bd:48:93:
         08:3b:e7:23:35:93:dd:b6:1d:8b:be:88:07:f7:a9:25:7a:43:
         e2:d3:1d:fe:e1:ac:65:92:2d:b7:97:8d:78:2f:f1:8e:d3:e8:
         76:1f:9d:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0o5+xLq9RFUAhfNwI2ULidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzI2MDY0OTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjM5OTE2Y2I2ODc2ZTYwNzRjZDBiOGU1Y2ZmZDMxNTEzZjFlMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhX/BDwWTKaRn4khM17hmZdeiS3gb
AW1J9s5a8Aj7boztwwzVLZzyWWeqvbX0GZWSba2gjSL9nmep0MTrJCkeE0nPGm3X
nJpaP4fVk7w7XoVkZacYN1hoAfPmGq7JKx2Vjgt7znKEug56mJZee9w2EV3nxx37
mlAH9NPKZ+506KSWuF/KGN795OW73pV1msesz7eGmk13dlSJs9M/BNP1i4Xfb28H
Go01BXrcwJHwkGICg8oD2vmUg2Kd6hHS2Mer+FoR5zzPVYcLwZ4l2kTvQjCSo6Ii
3euINLJ4GU1RmYq3wPlfRxoaOUrGSY4uAtHMHSTarelRkmnU+iNMh30VCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO85kWy2h25gdM0Ljlz/0xUT8eCrMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvN3ptUmJMYUhibUIwelF1T1hQX1RGUlB4NEtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/KJAwQA
l/OmMA0GCSqGSIb3DQEBCwUAA4IBAQAhWVFD3HhJ50UR1iis50WH2DX8l6vmVz+U
TJZkk3zkG9EOP0NDNzC4eq+nQDVHLnZI4ac+SqqMIZZ2anZHLs+gIjTma8hatmpS
HguozS0ihGm4tf7+vpHGmu58A7t9Uks4mbXwcJWIm3kofUtXHyoCc/t96hMhMEtY
zMABUleKAca3VxVCufrQsUmeg31e2rEuHbF9FfszpCYWw8ECO+33YQStlGLTxTtX
tSdebcefMiD+tqwnylZpZn80OnVNdwN/wcRTQkTjY/UmS8axy/o4UX+zize9SJMI
O+cjNZPdth2LvogH96klekPi0x3+4axlki23l414L/GO0+h2H50+
-----END CERTIFICATE-----