Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hi3TJCasxRb_LfxKvbhJ8FmbwuI.roa
File:                     hi3TJCasxRb_LfxKvbhJ8FmbwuI.roa (raw, json)
Hash identifier:          Jl5orrCV6eWkdNaUTsK8iIVEhY3JwQxNnYGdyfwtmWE=
Subject key identifier:   86:2D:D3:24:26:AC:C5:16:FF:2D:FC:4A:BD:B8:49:F0:59:9B:C2:E2
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D240BB4FBE5F5658910A8A8BF7946B060
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hi3TJCasxRb_LfxKvbhJ8FmbwuI.roa
Signing time:             Wed 25 Mar 2026 08:10:40 +0000
ROA not before:           Wed 25 Mar 2026 08:10:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199835
IP address blocks:        151.240.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:0b:b4:fb:e5:f5:65:89:10:a8:a8:bf:79:46:b0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 25 08:10:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=862dd32426acc516ff2dfc4abdb849f0599bc2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a1:0d:dc:17:b7:53:9a:7a:ac:bc:50:d3:59:
                    db:f1:06:8d:9b:17:bb:18:29:17:3c:78:33:6d:77:
                    9f:2f:cc:0b:cc:8a:cd:4b:a8:11:97:ba:cd:db:19:
                    59:20:2e:78:af:4a:c0:be:f3:68:23:56:ab:c9:de:
                    bf:0f:cd:8e:a5:24:7e:9c:dc:0a:65:26:75:12:12:
                    4e:64:f1:d7:34:b9:39:1b:05:0f:33:f4:c8:b7:3f:
                    f2:0a:e5:12:e7:a8:ef:1e:be:41:63:92:e0:a0:2b:
                    c5:22:d4:93:57:da:3b:9f:c0:8d:63:d4:1b:b3:7d:
                    4f:cf:61:dc:e8:68:76:5d:03:30:14:f1:0e:b3:bf:
                    dc:ba:6a:75:19:dc:99:2e:f3:92:df:6b:85:ab:49:
                    fa:2e:0a:53:9b:30:8c:c7:35:de:54:1c:62:54:8b:
                    84:15:fa:b9:59:df:27:d9:58:79:b7:bc:a4:e9:1e:
                    65:40:9a:a2:49:8e:5a:81:37:08:d9:bb:34:16:3a:
                    2c:80:9d:06:c1:c7:56:27:df:31:d0:f5:f3:1f:4c:
                    98:08:ea:50:81:a8:96:67:59:6d:1b:47:76:30:9a:
                    28:b7:d3:8d:fa:1b:3f:a2:0c:97:7a:f2:e6:f6:11:
                    6f:b8:19:67:79:31:12:45:1c:80:89:91:b2:65:8b:
                    84:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2D:D3:24:26:AC:C5:16:FF:2D:FC:4A:BD:B8:49:F0:59:9B:C2:E2
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/hi3TJCasxRb_LfxKvbhJ8FmbwuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:14:89:0f:71:36:7a:18:e2:c9:4a:25:f6:c5:dd:af:bb:35:
         4e:e3:11:64:44:d9:85:2c:22:6f:e5:5d:05:44:25:b8:3d:eb:
         51:9f:dd:a5:0b:95:56:5a:a2:7c:ed:b2:93:71:b9:d2:e4:74:
         fe:e9:df:af:f6:82:63:0e:55:e5:d0:13:f5:56:55:4f:c7:a1:
         a9:2c:8f:40:68:d8:02:54:ca:87:a7:02:6d:29:b9:51:4f:de:
         bb:da:60:57:58:59:b4:08:05:26:e3:65:3f:d5:b8:0b:bb:f1:
         e1:d8:c8:a7:8d:5e:92:fc:a6:f1:c0:4f:13:03:ab:25:38:fa:
         7b:2e:44:d8:81:2b:cf:da:c7:4a:92:e8:33:83:f0:f4:0b:16:
         30:e8:a8:62:e6:bf:d1:ef:55:24:16:9f:bc:5a:7c:74:ec:55:
         50:46:35:2f:5f:e6:22:e5:7e:7d:39:74:99:22:54:1f:9d:27:
         5b:1a:8f:f8:9d:02:4b:2a:8a:3b:45:b3:85:5f:e9:b8:74:40:
         e2:f9:95:73:d3:8a:14:21:2e:dc:3a:41:d2:5c:cc:0e:33:51:
         8d:02:69:ab:49:ba:b3:aa:67:4a:59:e1:e7:fd:31:2a:98:21:
         12:4b:e2:79:a8:cb:c0:e1:b7:6f:37:f6:e0:72:dd:e3:3f:55:
         83:2f:35:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kC7T75fVliRCoqL95RrBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzI1MDgxMDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJkZDMyNDI2YWNjNTE2ZmYyZGZjNGFiZGI4NDlmMDU5OWJjMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06EN3Be3U5p6rLxQ01nb8QaNmxe7
GCkXPHgzbXefL8wLzIrNS6gRl7rN2xlZIC54r0rAvvNoI1aryd6/D82OpSR+nNwK
ZSZ1EhJOZPHXNLk5GwUPM/TItz/yCuUS56jvHr5BY5LgoCvFItSTV9o7n8CNY9Qb
s31Pz2Hc6Gh2XQMwFPEOs7/cump1GdyZLvOS32uFq0n6LgpTmzCMxzXeVBxiVIuE
Ffq5Wd8n2Vh5t7yk6R5lQJqiSY5agTcI2bs0FjosgJ0GwcdWJ98x0PXzH0yYCOpQ
gaiWZ1ltG0d2MJoot9ON+hs/ogyXevLm9hFvuBlneTESRRyAiZGyZYuEzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYt0yQmrMUW/y38Sr24SfBZm8LiMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvaGkzVEpDYXN4UmJfTGZ4S3ZiaEo4Rm1id3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/BXMA0G
CSqGSIb3DQEBCwUAA4IBAQB/FIkPcTZ6GOLJSiX2xd2vuzVO4xFkRNmFLCJv5V0F
RCW4PetRn92lC5VWWqJ87bKTcbnS5HT+6d+v9oJjDlXl0BP1VlVPx6GpLI9AaNgC
VMqHpwJtKblRT9672mBXWFm0CAUm42U/1bgLu/Hh2MinjV6S/KbxwE8TA6slOPp7
LkTYgSvP2sdKkugzg/D0CxYw6Khi5r/R71UkFp+8Wnx07FVQRjUvX+Yi5X59OXSZ
IlQfnSdbGo/4nQJLKoo7RbOFX+m4dEDi+ZVz04oUIS7cOkHSXMwOM1GNAmmrSbqz
qmdKWeHn/TEqmCESS+J5qMvA4bdvN/bgct3jP1WDLzU4
-----END CERTIFICATE-----