Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/TW0z_Ay5Z_IEhlSrtA3-wF1J5ng.roa
File:                     TW0z_Ay5Z_IEhlSrtA3-wF1J5ng.roa (raw, json)
Hash identifier:          +9GbbKvnFWPBty1X54DIBrVoEb+Pznqjp1+aK1BZ5Vo=
Subject key identifier:   4D:6D:33:FC:0C:B9:67:F2:04:86:54:AB:B4:0D:FE:C0:5D:49:E6:78
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D00747C5DF3090E407A7310962431FD14
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/TW0z_Ay5Z_IEhlSrtA3-wF1J5ng.roa
Signing time:             Wed 18 Mar 2026 10:18:47 +0000
ROA not before:           Wed 18 Mar 2026 10:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211484
IP address blocks:        151.246.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:74:7c:5d:f3:09:0e:40:7a:73:10:96:24:31:fd:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 18 10:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d6d33fc0cb967f2048654abb40dfec05d49e678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:cc:9f:73:1e:d0:2f:16:55:90:a8:fd:10:04:
                    a2:75:01:f4:4a:d1:9c:e4:81:92:5a:68:9a:67:30:
                    b4:3c:1f:17:ef:3d:cf:cd:9d:f5:d6:7a:69:8a:6e:
                    a4:4a:26:40:36:67:9c:a1:d8:1d:eb:02:95:1b:67:
                    c9:a2:ae:63:1f:10:02:38:d9:69:be:fb:7c:ea:e5:
                    58:92:19:56:da:56:25:da:55:11:2f:70:1a:ec:8e:
                    84:ee:16:8e:45:fd:99:04:49:00:32:f9:6f:ec:26:
                    42:b1:ee:3e:36:ba:5c:f3:84:a5:49:fd:f5:67:79:
                    77:61:5d:6a:2a:8c:92:12:6a:fe:29:2c:fe:4e:45:
                    b1:35:c6:66:68:25:f0:14:5d:05:90:09:c2:4f:66:
                    ef:d5:bf:7f:55:3f:c7:6b:da:d5:e6:e9:00:29:a7:
                    ea:f7:82:68:1d:06:16:ce:52:1f:8b:76:b0:c2:d8:
                    57:3c:41:16:f8:e4:db:5b:72:03:d9:38:2d:82:03:
                    dd:5f:01:42:e1:ee:64:a7:87:a2:70:60:25:fe:33:
                    22:aa:17:3e:a1:c8:48:12:06:3e:a9:03:e3:c2:55:
                    88:53:86:88:11:f9:1d:57:dd:a7:0f:b7:2b:33:ea:
                    22:90:90:63:90:6a:04:83:09:9e:76:76:a5:5b:53:
                    29:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:6D:33:FC:0C:B9:67:F2:04:86:54:AB:B4:0D:FE:C0:5D:49:E6:78
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/TW0z_Ay5Z_IEhlSrtA3-wF1J5ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         3d:e2:c1:aa:84:7f:3a:ba:fb:90:93:49:89:6c:33:dc:88:a8:
         69:cc:6f:d7:49:38:4c:8e:76:a0:79:41:5d:26:ad:0f:34:e4:
         89:3e:da:53:0c:6e:5e:a2:35:6d:b1:85:c4:14:34:49:2d:9d:
         ce:ab:4e:e3:09:4e:4e:65:73:c7:de:57:bd:7f:39:3e:d2:8b:
         41:24:32:75:7d:9e:f4:82:69:e4:38:07:43:03:3f:92:97:1d:
         9d:91:09:0c:6a:20:fc:fa:31:4b:ff:94:6f:e0:4c:25:1e:47:
         11:64:aa:c0:59:60:d2:de:3f:fd:a5:ea:41:40:83:50:ed:22:
         c7:75:69:65:45:29:51:45:38:39:70:7a:2a:32:7f:47:04:d0:
         61:55:99:64:68:65:04:b3:d4:65:ce:4c:f8:51:c7:6a:20:1f:
         9c:6c:64:34:0d:3d:9f:fc:df:ba:3a:d2:55:9f:a1:8f:7a:24:
         6a:a5:07:62:a9:4e:df:55:86:1e:d3:55:4f:13:16:d5:b9:14:
         e6:b8:c3:0b:57:0e:13:ad:0e:2f:a7:49:a9:ec:ee:f8:3d:94:
         79:51:9b:3b:ac:29:78:5e:87:55:14:d6:04:97:fd:21:9d:8f:
         82:2e:99:74:73:ff:7f:8b:78:7d:ba:6a:3b:b8:7c:12:61:f2:
         31:9f:84:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AdHxd8wkOQHpzEJYkMf0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzE4MTAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDZkMzNmYzBjYjk2N2YyMDQ4NjU0YWJiNDBkZmVjMDVkNDllNjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Myfcx7QLxZVkKj9EASidQH0StGc
5IGSWmiaZzC0PB8X7z3PzZ311nppim6kSiZANmecodgd6wKVG2fJoq5jHxACONlp
vvt86uVYkhlW2lYl2lURL3Aa7I6E7haORf2ZBEkAMvlv7CZCse4+Nrpc84SlSf31
Z3l3YV1qKoySEmr+KSz+TkWxNcZmaCXwFF0FkAnCT2bv1b9/VT/Ha9rV5ukAKafq
94JoHQYWzlIfi3awwthXPEEW+OTbW3ID2TgtggPdXwFC4e5kp4eicGAl/jMiqhc+
ochIEgY+qQPjwlWIU4aIEfkdV92nD7crM+oikJBjkGoEgwmednalW1MpXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1tM/wMuWfyBIZUq7QN/sBdSeZ4MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVFcwel9BeTVaX0lFaGxTcnRBMy13RjFKNW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHl/aAMA0G
CSqGSIb3DQEBCwUAA4IBAQA94sGqhH86uvuQk0mJbDPciKhpzG/XSThMjnageUFd
Jq0PNOSJPtpTDG5eojVtsYXEFDRJLZ3Oq07jCU5OZXPH3le9fzk+0otBJDJ1fZ70
gmnkOAdDAz+Slx2dkQkMaiD8+jFL/5Rv4EwlHkcRZKrAWWDS3j/9pepBQINQ7SLH
dWllRSlRRTg5cHoqMn9HBNBhVZlkaGUEs9Rlzkz4UcdqIB+cbGQ0DT2f/N+6OtJV
n6GPeiRqpQdiqU7fVYYe01VPExbVuRTmuMMLVw4TrQ4vp0mp7O74PZR5UZs7rCl4
XodVFNYEl/0hnY+CLpl0c/9/i3h9umo7uHwSYfIxn4RY
-----END CERTIFICATE-----