Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b1oGf46N9PfZXvLzShu7GvmqsZE.roa
File:                     b1oGf46N9PfZXvLzShu7GvmqsZE.roa (raw, json)
Hash identifier:          SkHJlg0x1uvst5/JZxlxIv16iHcVi5Uv3idFnyETRDQ=
Subject key identifier:   6F:5A:06:7F:8E:8D:F4:F7:D9:5E:F2:F3:4A:1B:BB:1A:F9:AA:B1:91
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D1FB81CBB003C5B29FE0AAD496CB53399
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b1oGf46N9PfZXvLzShu7GvmqsZE.roa
Signing time:             Tue 24 Mar 2026 12:00:52 +0000
ROA not before:           Tue 24 Mar 2026 12:00:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402047
IP address blocks:        151.243.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:56:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:b8:1c:bb:00:3c:5b:29:fe:0a:ad:49:6c:b5:33:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 24 12:00:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f5a067f8e8df4f7d95ef2f34a1bbb1af9aab191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:39:36:fd:6e:10:bb:92:d7:b0:f7:74:ae:3c:
                    12:8c:e8:51:32:eb:73:70:e0:c2:cb:d7:74:52:b6:
                    47:e1:c4:9d:6d:91:c1:6e:a9:1f:00:b4:90:b8:de:
                    7a:18:28:78:81:73:e1:8d:1a:05:20:16:18:14:f7:
                    15:eb:04:6a:bc:4a:cb:78:6e:c2:2d:e3:62:70:ab:
                    4b:93:cd:ca:b9:92:66:3e:7f:a8:83:f6:0b:98:85:
                    66:33:22:38:9b:08:0c:2d:65:fb:cb:55:01:e3:cc:
                    72:6e:63:d1:3b:4e:cd:30:60:b6:54:f4:21:aa:7a:
                    01:69:ba:29:c8:46:f8:9c:59:f1:34:b7:57:92:28:
                    47:fa:0f:17:0e:8f:6d:26:b3:ee:6b:a7:0d:4b:95:
                    f2:a5:cf:2d:01:90:c6:e5:97:34:aa:be:79:d4:66:
                    1b:5b:8b:d6:8a:de:6f:dd:c5:4d:b3:6d:00:ca:fe:
                    0c:8b:5c:64:b1:7c:c4:87:8e:60:23:c9:57:e1:7c:
                    76:0b:80:fd:62:5e:fc:5b:45:93:d4:ee:b7:20:52:
                    50:51:6f:70:aa:71:36:af:c5:88:06:05:c5:dc:02:
                    c5:8f:3f:8f:b4:d7:a6:5b:d9:3a:93:85:34:60:1b:
                    65:5e:90:be:b5:66:1b:70:ee:31:14:aa:5d:4e:74:
                    7e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:5A:06:7F:8E:8D:F4:F7:D9:5E:F2:F3:4A:1B:BB:1A:F9:AA:B1:91
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/b1oGf46N9PfZXvLzShu7GvmqsZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:04:29:a3:20:45:ca:15:14:98:0c:77:8f:be:65:57:e3:10:
         c4:88:ab:81:ae:48:6b:41:e7:70:2f:73:95:97:25:b1:79:f2:
         65:b3:95:c0:f2:9c:5e:ba:0a:9f:8c:a1:e9:36:d3:3c:b3:28:
         5b:c1:14:d9:99:c0:0f:34:fe:02:64:a4:5e:b6:c1:94:18:ec:
         01:f3:3a:8e:e1:c3:84:f9:78:54:c8:9d:42:f4:8b:9c:ad:26:
         dd:61:42:12:9c:14:4d:b1:35:a1:1a:77:f4:17:c4:47:d3:02:
         af:1d:cd:9f:b0:a1:ce:49:7b:37:cd:02:f1:22:ea:4e:e8:7a:
         02:7e:f7:ac:a5:31:26:a1:85:f5:34:05:ed:09:13:6d:e4:6d:
         27:09:f9:1b:fa:96:39:87:03:e2:87:24:cc:92:86:de:92:98:
         28:00:f2:02:c4:c4:d8:82:a8:5c:1f:d6:47:37:ac:d7:44:50:
         95:47:99:3c:eb:0d:5b:ef:ec:05:3f:fe:70:2c:d1:d9:60:77:
         f3:f5:ec:b0:76:e4:76:77:8a:0a:f2:f5:d5:9c:1c:ed:17:04:
         eb:46:22:60:d4:9c:2a:95:d4:a9:31:b6:ec:e4:d5:dd:30:0a:
         a8:e7:35:ae:26:d3:fa:2b:22:dc:be:8e:60:55:15:b0:ca:36:
         00:d0:c4:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0fuBy7ADxbKf4KrUlstTOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzI0MTIwMDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjVhMDY3ZjhlOGRmNGY3ZDk1ZWYyZjM0YTFiYmIxYWY5YWFiMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjk2/W4Qu5LXsPd0rjwSjOhRMutz
cODCy9d0UrZH4cSdbZHBbqkfALSQuN56GCh4gXPhjRoFIBYYFPcV6wRqvErLeG7C
LeNicKtLk83KuZJmPn+og/YLmIVmMyI4mwgMLWX7y1UB48xybmPRO07NMGC2VPQh
qnoBabopyEb4nFnxNLdXkihH+g8XDo9tJrPua6cNS5Xypc8tAZDG5Zc0qr551GYb
W4vWit5v3cVNs20Ayv4Mi1xksXzEh45gI8lX4Xx2C4D9Yl78W0WT1O63IFJQUW9w
qnE2r8WIBgXF3ALFjz+PtNemW9k6k4U0YBtlXpC+tWYbcO4xFKpdTnR+aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9aBn+OjfT32V7y80obuxr5qrGRMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYjFvR2Y0Nk45UGZaWHZMelNodTdHdm1xc1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/OnMA0G
CSqGSIb3DQEBCwUAA4IBAQCQBCmjIEXKFRSYDHePvmVX4xDEiKuBrkhrQedwL3OV
lyWxefJls5XA8pxeugqfjKHpNtM8syhbwRTZmcAPNP4CZKRetsGUGOwB8zqO4cOE
+XhUyJ1C9IucrSbdYUISnBRNsTWhGnf0F8RH0wKvHc2fsKHOSXs3zQLxIupO6HoC
fvespTEmoYX1NAXtCRNt5G0nCfkb+pY5hwPihyTMkobekpgoAPICxMTYgqhcH9ZH
N6zXRFCVR5k86w1b7+wFP/5wLNHZYHfz9eywduR2d4oK8vXVnBztFwTrRiJg1Jwq
ldSpMbbs5NXdMAqo5zWuJtP6KyLcvo5gVRWwyjYA0MTj
-----END CERTIFICATE-----