Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OI18nuTpo1LU6SLcV3HvKLDUKTA.roa
File:                     OI18nuTpo1LU6SLcV3HvKLDUKTA.roa (raw, json)
Hash identifier:          1F71Qory0KAXUCNd5d6weVph699E88CJazzB4PpNgn0=
Subject key identifier:   38:8D:7C:9E:E4:E9:A3:52:D4:E9:22:DC:57:71:EF:28:B0:D4:29:30
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019CE0BDF91EC44A283ED7770E8C3F40F2BE
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OI18nuTpo1LU6SLcV3HvKLDUKTA.roa
Signing time:             Thu 12 Mar 2026 06:31:12 +0000
ROA not before:           Thu 12 Mar 2026 06:31:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215228
IP address blocks:        151.243.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e0:bd:f9:1e:c4:4a:28:3e:d7:77:0e:8c:3f:40:f2:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 12 06:31:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=388d7c9ee4e9a352d4e922dc5771ef28b0d42930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:48:4c:0f:42:95:0e:30:d4:93:ea:f6:7d:8f:
                    6c:e0:7b:7e:13:9b:ea:4d:f0:a2:16:15:a8:7e:8c:
                    1b:f1:7a:bd:f2:15:ad:4f:49:41:67:37:1d:7c:b9:
                    8a:4f:83:d3:f2:ff:ac:b3:e7:61:23:9f:56:11:53:
                    93:f4:d6:6f:af:f1:2f:18:03:ea:87:0e:a8:b0:81:
                    d6:f9:c9:50:a7:52:3f:74:1b:8a:8a:68:61:ee:10:
                    0b:87:45:02:94:3c:bd:bc:0a:fe:1b:67:26:17:ef:
                    a1:02:54:8b:40:4d:b8:59:46:b4:44:96:f2:8e:b3:
                    51:86:12:f6:95:2c:6d:a1:25:21:1d:62:f6:65:dc:
                    aa:e6:9c:78:96:11:a4:a9:33:87:86:31:44:51:12:
                    b9:7f:50:f5:1b:22:ca:72:ac:e8:c3:b5:25:c8:c0:
                    0c:c6:49:59:fa:a2:28:41:81:dc:f9:ec:53:37:8c:
                    34:0d:36:88:36:5b:d3:a7:56:0c:97:ff:87:cb:fa:
                    0a:bc:77:6a:dc:75:c3:c1:65:b7:29:20:e4:42:2f:
                    8d:2a:01:d0:9b:ec:c7:63:8a:b8:2c:7e:8f:b5:a5:
                    30:5f:26:97:b8:89:d7:3b:60:6a:bd:a6:9f:3f:dc:
                    9d:1c:ae:f5:d4:a9:4b:e4:36:66:bc:c9:4c:11:be:
                    b7:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8D:7C:9E:E4:E9:A3:52:D4:E9:22:DC:57:71:EF:28:B0:D4:29:30
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OI18nuTpo1LU6SLcV3HvKLDUKTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:7d:de:19:3e:de:6d:b7:83:6c:25:9a:e6:15:a6:aa:0b:1f:
         61:3e:19:57:c3:c8:9a:a6:3d:01:e0:45:31:b4:dd:cb:a9:4d:
         1c:d4:2b:5c:48:d1:62:58:2b:52:ff:05:99:e1:fb:50:da:fc:
         cc:c7:6b:27:22:74:a2:ff:7a:0c:63:ec:13:0a:73:b7:ce:78:
         53:83:e3:bb:a0:ba:73:06:40:c3:94:b8:09:d4:34:60:f0:1b:
         85:14:bc:fe:b4:48:eb:63:12:7e:8c:31:b6:68:c8:e2:ca:bd:
         f4:2d:a2:92:bc:1d:28:54:7f:10:49:d5:8a:d7:2c:d4:cd:e0:
         db:8c:70:2a:73:36:da:5f:bf:0c:5a:7e:98:a4:8e:0c:c0:a7:
         0c:1e:b1:b5:83:2a:59:b0:74:ef:6d:bf:22:fe:9b:25:a1:12:
         4f:ec:b0:50:21:27:a8:2b:9c:f1:22:94:87:0d:3a:12:4a:d7:
         23:d8:80:27:97:1f:d6:6f:cb:f5:42:3b:3a:8c:1d:e8:ff:af:
         fd:68:bc:12:08:7a:3c:99:86:f8:8f:40:d8:95:16:ba:a4:e8:
         02:77:49:57:25:99:2a:51:a5:ba:aa:2d:e7:6c:4e:56:55:55:
         48:2e:4d:80:2d:b9:b5:cd:b0:d3:eb:6d:c2:bb:1e:5e:3c:e6:
         ad:99:4c:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzgvfkexEooPtd3Dow/QPK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzEyMDYzMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhkN2M5ZWU0ZTlhMzUyZDRlOTIyZGM1NzcxZWYyOGIwZDQyOTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUhMD0KVDjDUk+r2fY9s4Ht+E5vq
TfCiFhWofowb8Xq98hWtT0lBZzcdfLmKT4PT8v+ss+dhI59WEVOT9NZvr/EvGAPq
hw6osIHW+clQp1I/dBuKimhh7hALh0UClDy9vAr+G2cmF++hAlSLQE24WUa0RJby
jrNRhhL2lSxtoSUhHWL2Zdyq5px4lhGkqTOHhjFEURK5f1D1GyLKcqzow7UlyMAM
xklZ+qIoQYHc+exTN4w0DTaINlvTp1YMl/+Hy/oKvHdq3HXDwWW3KSDkQi+NKgHQ
m+zHY4q4LH6PtaUwXyaXuInXO2BqvaafP9ydHK711KlL5DZmvMlMEb63bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiNfJ7k6aNS1Oki3Fdx7yiw1CkwMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvT0kxOG51VHBvMUxVNlNMY1YzSHZLTERVS1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/OSMA0G
CSqGSIb3DQEBCwUAA4IBAQACfd4ZPt5tt4NsJZrmFaaqCx9hPhlXw8iapj0B4EUx
tN3LqU0c1CtcSNFiWCtS/wWZ4ftQ2vzMx2snInSi/3oMY+wTCnO3znhTg+O7oLpz
BkDDlLgJ1DRg8BuFFLz+tEjrYxJ+jDG2aMjiyr30LaKSvB0oVH8QSdWK1yzUzeDb
jHAqczbaX78MWn6YpI4MwKcMHrG1gypZsHTvbb8i/psloRJP7LBQISeoK5zxIpSH
DToSStcj2IAnlx/Wb8v1Qjs6jB3o/6/9aLwSCHo8mYb4j0DYlRa6pOgCd0lXJZkq
UaW6qi3nbE5WVVVILk2ALbm1zbDT623Cux5ePOatmUyf
-----END CERTIFICATE-----