Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cKW0srCdjEnjPjCfB8IYmNao0EY.roa
File:                     cKW0srCdjEnjPjCfB8IYmNao0EY.roa (raw, json)
Hash identifier:          Sv2Y0kHqV6U+S4e+2nN6E5DIi6BcNc3IVn4OQqfdw0k=
Subject key identifier:   70:A5:B4:B2:B0:9D:8C:49:E3:3E:30:9F:07:C2:18:98:D6:A8:D0:46
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D1018C21565035AEB63C1105F3AEC9E4E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cKW0srCdjEnjPjCfB8IYmNao0EY.roa
Signing time:             Sat 21 Mar 2026 11:12:31 +0000
ROA not before:           Sat 21 Mar 2026 11:12:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135682
IP address blocks:        151.242.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:10:18:c2:15:65:03:5a:eb:63:c1:10:5f:3a:ec:9e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 21 11:12:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70a5b4b2b09d8c49e33e309f07c21898d6a8d046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ca:95:03:d9:bf:65:f8:6f:35:4c:01:86:36:
                    5a:72:ab:1f:1c:af:88:58:4d:ea:93:f1:7d:b3:c7:
                    86:d5:74:88:c1:c4:14:a6:fe:de:3f:f3:44:df:12:
                    ef:87:5b:a4:6a:c4:79:7c:38:e4:ed:99:50:26:fd:
                    d6:38:62:e4:54:96:b7:5d:73:15:0c:cf:c1:60:4d:
                    34:09:6c:45:e8:c9:32:18:bf:0e:f9:ba:f6:1b:2f:
                    23:a6:c6:2f:95:42:6d:7e:4e:f5:06:e8:76:a6:30:
                    f1:48:05:f1:c5:0c:69:f0:30:e8:d5:dc:bc:ed:23:
                    70:db:af:18:28:0a:10:6e:d8:9a:34:04:29:e0:ce:
                    b3:e8:a0:d6:ea:31:95:84:be:19:79:70:54:db:41:
                    d7:b5:c5:1f:64:e5:df:45:ab:5e:e0:4d:1a:f5:8c:
                    39:e2:3b:2d:3a:5b:b3:02:a9:07:ce:d3:c6:96:4c:
                    32:17:27:01:9d:13:60:b3:68:85:a5:da:1f:ce:e4:
                    d2:d1:98:6a:94:11:76:69:37:b6:68:75:c2:37:f7:
                    03:70:25:7b:39:b8:00:05:1f:5d:b7:84:0d:ab:32:
                    dc:cb:02:fc:84:0e:63:cb:4b:49:a4:9f:64:3f:ba:
                    f1:91:ce:ba:fb:df:0f:c5:60:52:7b:f1:89:2a:e6:
                    f4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A5:B4:B2:B0:9D:8C:49:E3:3E:30:9F:07:C2:18:98:D6:A8:D0:46
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cKW0srCdjEnjPjCfB8IYmNao0EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:58:43:2e:3d:66:f6:a6:cc:28:3f:83:fa:11:cf:e2:d8:1b:
         6c:8e:49:3e:67:5f:62:21:3e:89:9b:5b:f5:94:88:b6:fc:b5:
         86:17:28:89:00:1f:4f:f2:0a:a1:0a:e3:50:06:57:76:da:bb:
         f9:a7:6a:18:3c:c9:62:68:6f:ad:69:88:b3:8e:27:d8:a9:1e:
         b9:4c:2e:a4:6b:25:1a:76:4f:86:04:90:6d:a5:9e:56:f4:15:
         de:f3:d6:6b:99:22:93:65:75:1f:6f:c8:08:4e:27:b6:39:e7:
         4e:88:7c:08:94:c7:d3:0a:bc:4d:a5:a1:62:35:1c:dd:a7:94:
         e3:b7:46:b6:6e:69:ee:5e:d4:fd:c5:7b:4e:3a:7c:9a:9d:cc:
         3e:4f:3a:13:63:ab:ca:ea:b7:84:d0:88:e0:12:ad:62:27:5f:
         54:b1:2d:b6:7b:ec:e6:cf:69:5b:95:9a:a3:42:1f:48:f0:0f:
         09:e6:bc:3d:3c:f6:64:8b:7b:7b:fc:66:46:06:be:c0:d3:f5:
         5f:28:32:7b:db:7b:fa:08:c2:81:01:c4:e7:ad:b6:3f:ff:94:
         2b:7c:0e:88:42:65:23:4c:ea:86:22:e4:37:da:fc:ea:7f:d1:
         1c:dd:af:86:b1:0a:6b:93:55:ff:79:d8:b5:9a:62:a8:a2:b6:
         d5:98:90:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0QGMIVZQNa62PBEF867J5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzIxMTExMjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGE1YjRiMmIwOWQ4YzQ5ZTMzZTMwOWYwN2MyMTg5OGQ2YThkMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsqVA9m/ZfhvNUwBhjZacqsfHK+I
WE3qk/F9s8eG1XSIwcQUpv7eP/NE3xLvh1ukasR5fDjk7ZlQJv3WOGLkVJa3XXMV
DM/BYE00CWxF6MkyGL8O+br2Gy8jpsYvlUJtfk71Buh2pjDxSAXxxQxp8DDo1dy8
7SNw268YKAoQbtiaNAQp4M6z6KDW6jGVhL4ZeXBU20HXtcUfZOXfRate4E0a9Yw5
4jstOluzAqkHztPGlkwyFycBnRNgs2iFpdofzuTS0ZhqlBF2aTe2aHXCN/cDcCV7
ObgABR9dt4QNqzLcywL8hA5jy0tJpJ9kP7rxkc66+98PxWBSe/GJKub0wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCltLKwnYxJ4z4wnwfCGJjWqNBGMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvY0tXMHNyQ2RqRW5qUGpDZkI4SVltTmFvMEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IlMA0G
CSqGSIb3DQEBCwUAA4IBAQAYWEMuPWb2pswoP4P6Ec/i2Btsjkk+Z19iIT6Jm1v1
lIi2/LWGFyiJAB9P8gqhCuNQBld22rv5p2oYPMliaG+taYizjifYqR65TC6kayUa
dk+GBJBtpZ5W9BXe89ZrmSKTZXUfb8gITie2OedOiHwIlMfTCrxNpaFiNRzdp5Tj
t0a2bmnuXtT9xXtOOnyancw+TzoTY6vK6reE0IjgEq1iJ19UsS22e+zmz2lblZqj
Qh9I8A8J5rw9PPZki3t7/GZGBr7A0/VfKDJ723v6CMKBAcTnrbY//5QrfA6IQmUj
TOqGIuQ32vzqf9Ec3a+GsQprk1X/edi1mmKoorbVmJA+
-----END CERTIFICATE-----