Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vdRRPNJ_4D1M-N7P5u4aaoca1II.roa
File:                     vdRRPNJ_4D1M-N7P5u4aaoca1II.roa (raw, json)
Hash identifier:          xieLrMmXmEqzbTxkSx8kPwaolyAu/1pI6MzZY5NSfkI=
Subject key identifier:   BD:D4:51:3C:D2:7F:E0:3D:4C:F8:DE:CF:E6:EE:1A:6A:87:1A:D4:82
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D1017D86B94E92BFB7F0F5A48B71B8210
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vdRRPNJ_4D1M-N7P5u4aaoca1II.roa
Signing time:             Sat 21 Mar 2026 11:11:31 +0000
ROA not before:           Sat 21 Mar 2026 11:11:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273532
IP address blocks:        151.240.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:56:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:10:17:d8:6b:94:e9:2b:fb:7f:0f:5a:48:b7:1b:82:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 21 11:11:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdd4513cd27fe03d4cf8decfe6ee1a6a871ad482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c6:f2:b1:cd:92:41:a7:ff:af:6a:db:b8:5c:
                    d6:8d:e2:e3:bb:d1:85:00:ef:a3:2a:a9:45:a8:5c:
                    fd:a1:c1:5a:90:5e:da:62:aa:37:c6:b9:f5:67:a5:
                    73:c4:b8:4e:70:c3:92:d7:f1:fc:24:90:61:82:fc:
                    11:6b:4c:69:c2:61:fc:47:a3:9f:b5:38:74:fd:66:
                    c3:81:06:74:d0:00:db:fc:5a:22:cb:60:fe:98:59:
                    77:82:94:df:31:cb:55:14:06:6f:1d:01:0d:87:87:
                    e2:e5:1d:73:5a:5b:c8:3a:95:e8:a1:c5:d0:b3:db:
                    71:57:b4:ee:e8:cf:f0:74:5a:fc:00:57:7a:4b:20:
                    8c:d8:ec:65:3f:7e:04:21:e5:fa:91:72:a5:69:17:
                    dd:28:5d:4e:2d:11:0b:bc:99:c9:ff:d4:3b:9b:8c:
                    ee:3d:4c:5d:8f:28:79:a4:c7:61:d9:5f:d9:94:11:
                    98:56:87:00:bc:95:ed:cd:d2:23:ad:e0:49:65:3c:
                    ae:54:e9:ba:a9:e1:31:3f:79:94:d6:cf:6a:4b:e1:
                    60:2f:18:3e:52:42:02:20:a9:f2:f1:18:0c:21:5d:
                    0a:ac:bb:a0:fc:c8:11:76:29:14:50:de:81:1b:46:
                    a4:da:28:10:a2:de:03:c9:07:11:e4:c0:2c:8a:ce:
                    56:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D4:51:3C:D2:7F:E0:3D:4C:F8:DE:CF:E6:EE:1A:6A:87:1A:D4:82
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vdRRPNJ_4D1M-N7P5u4aaoca1II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:5d:e5:b5:e5:cc:67:44:56:71:5d:f5:9e:3a:8b:cf:2b:d7:
         24:50:a3:41:59:9c:17:f3:2a:2f:11:d1:3a:39:1a:97:eb:90:
         ec:15:f6:ff:f1:64:6a:af:9c:05:96:e2:1c:30:b4:ef:81:bf:
         75:da:03:36:de:32:8c:1f:f5:5c:31:09:e0:66:b3:b6:7a:0f:
         a4:30:58:ff:24:2d:c2:48:74:f8:90:16:82:1b:84:94:94:51:
         e0:ce:0e:ee:0d:ed:4f:5a:aa:3b:0a:00:d4:ec:d8:30:45:48:
         6e:cd:e1:33:ed:23:57:44:45:c5:90:57:ef:33:44:15:29:c4:
         a5:ef:47:4b:06:e4:b6:76:c3:76:0c:41:ff:d9:38:fe:0d:49:
         c9:5a:64:20:17:84:c3:68:50:c6:48:d0:b1:f8:9c:64:09:71:
         68:89:b5:98:a1:56:2e:29:94:75:9a:e6:a1:6f:fc:5b:69:ea:
         95:c0:0c:3b:88:90:6c:25:61:1c:77:09:ac:99:da:02:39:c5:
         54:c2:66:c3:11:07:69:a2:5e:db:0e:5c:18:dc:d8:0c:3a:57:
         a3:15:98:70:b6:69:72:2d:b7:0f:96:7e:c0:0c:c7:60:6b:be:
         b6:36:a5:e9:d7:45:6b:5a:ab:a8:b6:c1:4c:c0:04:fc:fb:4b:
         aa:6f:e7:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0QF9hrlOkr+38PWki3G4IQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzIxMTExMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGQ0NTEzY2QyN2ZlMDNkNGNmOGRlY2ZlNmVlMWE2YTg3MWFkNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68bysc2SQaf/r2rbuFzWjeLju9GF
AO+jKqlFqFz9ocFakF7aYqo3xrn1Z6VzxLhOcMOS1/H8JJBhgvwRa0xpwmH8R6Of
tTh0/WbDgQZ00ADb/Foiy2D+mFl3gpTfMctVFAZvHQENh4fi5R1zWlvIOpXoocXQ
s9txV7Tu6M/wdFr8AFd6SyCM2OxlP34EIeX6kXKlaRfdKF1OLRELvJnJ/9Q7m4zu
PUxdjyh5pMdh2V/ZlBGYVocAvJXtzdIjreBJZTyuVOm6qeExP3mU1s9qS+FgLxg+
UkICIKny8RgMIV0KrLug/MgRdikUUN6BG0ak2igQot4DyQcR5MAsis5WIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3UUTzSf+A9TPjez+buGmqHGtSCMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdmRSUlBOSl80RDFNLU43UDV1NGFhb2NhMUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/DyMA0G
CSqGSIb3DQEBCwUAA4IBAQAcXeW15cxnRFZxXfWeOovPK9ckUKNBWZwX8yovEdE6
ORqX65DsFfb/8WRqr5wFluIcMLTvgb912gM23jKMH/VcMQngZrO2eg+kMFj/JC3C
SHT4kBaCG4SUlFHgzg7uDe1PWqo7CgDU7NgwRUhuzeEz7SNXREXFkFfvM0QVKcSl
70dLBuS2dsN2DEH/2Tj+DUnJWmQgF4TDaFDGSNCx+JxkCXFoibWYoVYuKZR1muah
b/xbaeqVwAw7iJBsJWEcdwmsmdoCOcVUwmbDEQdpol7bDlwY3NgMOlejFZhwtmly
LbcPln7ADMdga762NqXp10VrWquotsFMwAT8+0uqb+ey
-----END CERTIFICATE-----