Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/c75SJMPjOwkKPVisgkLAtwFHtbE.roa
File:                     c75SJMPjOwkKPVisgkLAtwFHtbE.roa (raw, json)
Hash identifier:          bYx01FNatVvrfChSBkyM64AZzrEzPQIteXsNAlUu+jo=
Subject key identifier:   73:BE:52:24:C3:E3:3B:09:0A:3D:58:AC:82:42:C0:B7:01:47:B5:B1
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D0B41236FB28F40E5B6A70B6EF38348F2
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/c75SJMPjOwkKPVisgkLAtwFHtbE.roa
Signing time:             Fri 20 Mar 2026 12:38:31 +0000
ROA not before:           Fri 20 Mar 2026 12:38:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402309
IP address blocks:        151.247.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:56:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:41:23:6f:b2:8f:40:e5:b6:a7:0b:6e:f3:83:48:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 20 12:38:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73be5224c3e33b090a3d58ac8242c0b70147b5b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6d:7b:11:18:f4:b2:d3:fb:6a:63:df:b7:0f:
                    16:1b:06:78:e6:8e:60:c5:a7:78:c2:ca:e8:3b:d0:
                    ad:cc:62:60:83:fa:ce:ea:56:bb:62:c8:4b:3a:b6:
                    16:41:12:d2:f1:22:03:26:f1:f5:55:dc:d1:e3:53:
                    a6:74:58:8b:f5:00:7a:6e:29:3a:f6:09:c5:73:f4:
                    1a:b9:5d:ec:43:1a:48:6b:3c:f2:56:54:35:64:89:
                    80:fd:70:ba:bb:0a:ea:9e:2e:be:ee:57:38:ab:a1:
                    ad:6e:0a:67:4a:38:c4:be:93:f8:79:20:67:d2:9c:
                    e1:2f:8e:f3:7d:23:c3:9a:41:79:83:f3:e9:96:ea:
                    33:df:19:3b:4d:68:df:75:a1:26:fe:9d:36:5b:f5:
                    d4:82:bf:9a:0c:7e:4b:f2:53:8c:67:6f:5f:c9:59:
                    21:1a:6b:f1:38:65:13:a0:ec:8c:e8:8e:de:78:9c:
                    44:ba:d2:47:fe:5a:ee:45:3c:e6:d9:88:fc:3a:e8:
                    b3:eb:0b:1b:3c:bd:7f:e6:81:58:e9:b3:a5:3b:e9:
                    2e:ba:86:c5:04:ae:42:ac:8e:43:c5:ab:f8:d2:fd:
                    1a:09:6b:4a:c7:7a:07:82:82:47:88:5b:1c:6e:3c:
                    45:52:a0:8e:e7:e7:bb:3a:92:ca:e6:87:57:03:76:
                    50:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BE:52:24:C3:E3:3B:09:0A:3D:58:AC:82:42:C0:B7:01:47:B5:B1
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/c75SJMPjOwkKPVisgkLAtwFHtbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e6:45:de:bc:49:23:aa:c8:a7:c1:9b:80:c3:eb:bb:03:d5:
         f1:ce:a0:36:eb:50:fd:c5:7e:dd:f4:74:2a:f0:42:f4:61:66:
         7e:1b:aa:91:d1:de:dd:d4:f1:d8:86:71:12:22:19:af:c7:be:
         eb:58:12:19:1b:f4:3c:07:f9:d9:54:e4:b3:65:bb:07:a0:6b:
         1c:72:bb:b6:f5:d7:3f:d4:0e:5a:9e:25:bd:bd:b6:cf:27:5e:
         93:da:34:b4:48:7f:fb:db:11:08:a4:b0:c6:77:09:d3:c7:2f:
         1f:8d:10:d9:a0:eb:91:5c:8a:61:6f:1d:82:d9:83:0c:10:45:
         cd:d1:c7:ce:7b:73:8e:e9:a1:35:a8:15:e9:a7:97:ac:fb:9b:
         1f:cd:84:e4:6b:40:5c:86:13:f8:40:14:39:b8:43:a0:1c:5c:
         ec:39:2c:69:a4:43:64:79:d6:0b:22:59:ea:28:c3:64:9a:08:
         27:4c:f1:37:d4:94:f3:c5:ad:92:39:f0:93:ad:40:7d:1c:fb:
         36:0e:66:0c:07:53:f1:c0:8a:bc:f3:e4:33:68:1c:17:6c:4b:
         f1:87:67:43:07:af:bb:68:8a:c5:cc:c0:09:0b:49:dc:cc:91:
         26:f2:e2:94:60:1f:bb:a9:60:91:97:62:ca:c6:77:38:72:55:
         c6:3e:41:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0LQSNvso9A5banC27zg0jyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzIwMTIzODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JlNTIyNGMzZTMzYjA5MGEzZDU4YWM4MjQyYzBiNzAxNDdiNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy217ERj0stP7amPftw8WGwZ45o5g
xad4wsroO9CtzGJgg/rO6la7YshLOrYWQRLS8SIDJvH1VdzR41OmdFiL9QB6bik6
9gnFc/QauV3sQxpIazzyVlQ1ZImA/XC6uwrqni6+7lc4q6GtbgpnSjjEvpP4eSBn
0pzhL47zfSPDmkF5g/Ppluoz3xk7TWjfdaEm/p02W/XUgr+aDH5L8lOMZ29fyVkh
GmvxOGUToOyM6I7eeJxEutJH/lruRTzm2Yj8Ouiz6wsbPL1/5oFY6bOlO+kuuobF
BK5CrI5Dxav40v0aCWtKx3oHgoJHiFscbjxFUqCO5+e7OpLK5odXA3ZQwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHO+UiTD4zsJCj1YrIJCwLcBR7WxMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvYzc1U0pNUGpPd2tLUFZpc2drTEF0d0ZIdGJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/emMA0G
CSqGSIb3DQEBCwUAA4IBAQBV5kXevEkjqsinwZuAw+u7A9XxzqA261D9xX7d9HQq
8EL0YWZ+G6qR0d7d1PHYhnESIhmvx77rWBIZG/Q8B/nZVOSzZbsHoGsccru29dc/
1A5aniW9vbbPJ16T2jS0SH/72xEIpLDGdwnTxy8fjRDZoOuRXIphbx2C2YMMEEXN
0cfOe3OO6aE1qBXpp5es+5sfzYTka0BchhP4QBQ5uEOgHFzsOSxppENkedYLIlnq
KMNkmggnTPE31JTzxa2SOfCTrUB9HPs2DmYMB1PxwIq88+QzaBwXbEvxh2dDB6+7
aIrFzMAJC0nczJEm8uKUYB+7qWCRl2LKxnc4clXGPkGZ
-----END CERTIFICATE-----