Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vd3exRi9OiE0YRCk9OSB0cCERgI.roa
File:                     vd3exRi9OiE0YRCk9OSB0cCERgI.roa (raw, json)
Hash identifier:          C7z2Bl5jF+FU6pwjWMGz93dZVLl+M9nVrhsTBsJG77I=
Subject key identifier:   BD:DD:DE:C5:18:BD:3A:21:34:61:10:A4:F4:E4:81:D1:C0:84:46:02
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DEC0DA5C116B4A1B182B319D2078309E5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vd3exRi9OiE0YRCk9OSB0cCERgI.roa
Signing time:             Sun 03 May 2026 04:16:50 +0000
ROA not before:           Sun 03 May 2026 04:16:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200835
IP address blocks:        151.246.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ec:0d:a5:c1:16:b4:a1:b1:82:b3:19:d2:07:83:09:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  3 04:16:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bddddec518bd3a21346110a4f4e481d1c0844602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e2:38:e8:5e:5f:84:63:9d:33:53:4a:43:c2:
                    36:9f:ed:58:d9:38:ba:74:92:48:e3:f6:eb:34:76:
                    1a:77:08:e7:9c:a0:97:38:44:a6:63:2c:67:53:09:
                    db:a8:b6:59:4f:3d:8f:78:fe:13:62:5c:44:ac:e9:
                    67:c3:68:57:06:d7:b9:65:43:b0:e0:43:aa:8c:23:
                    4b:5b:30:45:df:e3:b2:55:cf:31:ee:d2:cf:9e:95:
                    e3:78:67:5c:26:14:20:f4:54:ea:34:74:7b:72:ae:
                    b2:2e:6d:f9:f7:ee:a5:f8:c6:ff:c1:1a:28:7a:94:
                    08:db:d8:41:9c:88:03:52:50:37:b1:e4:26:3f:2e:
                    eb:c9:fc:1b:05:ce:28:0b:06:e7:ec:56:b6:a0:3f:
                    13:30:84:34:7c:66:de:70:1e:b2:1f:b8:cd:03:38:
                    19:ca:9b:bf:12:7d:9e:30:38:b5:c5:61:44:f1:5e:
                    44:bd:d2:5e:0d:6d:fb:69:a3:e6:3d:3c:98:0d:33:
                    0b:28:4c:a0:43:fd:2a:16:aa:d6:b2:e8:cc:dc:52:
                    cc:3f:ca:a6:86:e9:7a:61:a5:cd:5e:8d:10:2c:da:
                    3f:c3:bc:59:f6:c8:cf:67:ca:4e:31:f4:26:e4:77:
                    0c:c7:11:24:38:51:14:ed:8b:62:1a:ec:20:e5:31:
                    43:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:DD:DE:C5:18:BD:3A:21:34:61:10:A4:F4:E4:81:D1:C0:84:46:02
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vd3exRi9OiE0YRCk9OSB0cCERgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ea:7c:48:3f:10:41:1a:04:38:ca:36:95:9b:4b:e0:96:d7:
         88:e1:da:6c:33:d0:c1:8f:51:4f:b6:4a:f3:7c:c5:b0:56:43:
         ce:42:9c:1d:2c:b6:42:b0:bc:61:00:7b:c7:33:28:c3:0a:26:
         71:f3:dd:7b:e5:28:ab:df:71:e6:ee:0d:c8:88:3f:ee:ff:39:
         d7:9b:75:d8:3b:de:d2:ad:34:1c:a6:31:18:d6:cc:1a:3c:7b:
         e1:b8:93:3d:3d:87:43:8e:14:46:49:1f:cd:ba:88:54:51:f5:
         2b:c1:82:0c:55:b5:2d:cf:fc:70:a9:c9:c4:0c:3a:5f:fc:ba:
         c0:1a:2d:9a:cf:69:6f:90:20:e8:88:a7:69:92:bb:1d:1b:d2:
         99:77:34:f9:84:9a:85:86:2c:10:e6:d0:1d:fd:11:66:1c:42:
         e7:4a:9f:7b:2e:85:e7:da:0c:e2:1b:67:8b:37:8a:70:42:4c:
         ed:ec:36:77:3f:82:6a:62:42:a6:26:8b:73:ea:97:27:fa:ee:
         a1:15:4b:8c:8a:ff:86:ec:22:5b:b7:a9:a2:45:f5:25:26:ca:
         5c:ba:5b:b9:6e:7a:e8:ae:0f:26:a8:d1:ff:1e:8f:d4:b4:b2:
         b9:2e:af:b5:54:46:1f:a5:54:95:d3:86:5a:19:91:97:1e:41:
         12:7b:e8:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3sDaXBFrShsYKzGdIHgwnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTAzMDQxNjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGRkZGVjNTE4YmQzYTIxMzQ2MTEwYTRmNGU0ODFkMWMwODQ0NjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweI46F5fhGOdM1NKQ8I2n+1Y2Ti6
dJJI4/brNHYadwjnnKCXOESmYyxnUwnbqLZZTz2PeP4TYlxErOlnw2hXBte5ZUOw
4EOqjCNLWzBF3+OyVc8x7tLPnpXjeGdcJhQg9FTqNHR7cq6yLm359+6l+Mb/wRoo
epQI29hBnIgDUlA3seQmPy7ryfwbBc4oCwbn7Fa2oD8TMIQ0fGbecB6yH7jNAzgZ
ypu/En2eMDi1xWFE8V5EvdJeDW37aaPmPTyYDTMLKEygQ/0qFqrWsujM3FLMP8qm
hul6YaXNXo0QLNo/w7xZ9sjPZ8pOMfQm5HcMxxEkOFEU7YtiGuwg5TFDlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3d3sUYvTohNGEQpPTkgdHAhEYCMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdmQzZXhSaTlPaUUwWVJDazlPU0IwY0NFUmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/b2MA0G
CSqGSIb3DQEBCwUAA4IBAQBG6nxIPxBBGgQ4yjaVm0vglteI4dpsM9DBj1FPtkrz
fMWwVkPOQpwdLLZCsLxhAHvHMyjDCiZx89175Sir33Hm7g3IiD/u/znXm3XYO97S
rTQcpjEY1swaPHvhuJM9PYdDjhRGSR/NuohUUfUrwYIMVbUtz/xwqcnEDDpf/LrA
Gi2az2lvkCDoiKdpkrsdG9KZdzT5hJqFhiwQ5tAd/RFmHELnSp97LoXn2gziG2eL
N4pwQkzt7DZ3P4JqYkKmJotz6pcn+u6hFUuMiv+G7CJbt6miRfUlJspculu5bnro
rg8mqNH/Ho/UtLK5Lq+1VEYfpVSV04ZaGZGXHkESe+hF
-----END CERTIFICATE-----