Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7Ju8Y71URS3seAvWpM2iA27c_z8.roa
File:                     7Ju8Y71URS3seAvWpM2iA27c_z8.roa (raw, json)
Hash identifier:          otC/gMF6eY8YCojxv40ujezPLBM1/ptGVr6nobbEs/c=
Subject key identifier:   EC:9B:BC:63:BD:54:45:2D:EC:78:0B:D6:A4:CD:A2:03:6E:DC:FF:3F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DFDD76100CA91EB3C49CFD482E4749395
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7Ju8Y71URS3seAvWpM2iA27c_z8.roa
Signing time:             Wed 06 May 2026 15:10:43 +0000
ROA not before:           Wed 06 May 2026 15:10:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198487
IP address blocks:        151.242.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:d7:61:00:ca:91:eb:3c:49:cf:d4:82:e4:74:93:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  6 15:10:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec9bbc63bd54452dec780bd6a4cda2036edcff3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d6:2e:04:6e:89:26:8a:1d:90:0d:a5:a0:36:
                    3c:98:ca:00:4a:cc:83:10:a8:62:20:8f:23:ce:9b:
                    1a:5c:31:23:76:94:eb:17:5c:f8:2c:16:5c:5c:82:
                    1c:17:e5:d2:b2:6a:69:c4:a3:94:03:c3:45:4b:f8:
                    b3:2e:19:93:41:d5:1b:0a:98:06:0b:5a:24:a2:90:
                    59:fb:a0:c8:1a:f4:d4:a2:5c:84:99:02:20:3d:a2:
                    22:b9:2b:99:7d:1f:57:ef:e2:c9:e1:d5:b6:53:fb:
                    d3:89:91:94:b5:29:85:d4:99:ca:48:ae:f8:aa:ee:
                    a2:7a:8f:9f:d8:fd:8c:57:85:d9:0a:08:55:11:44:
                    f0:d9:dc:5c:1e:67:81:79:8c:7e:b1:8b:25:58:8c:
                    b4:4f:e6:8f:17:78:8e:f2:b5:63:94:c7:06:8e:77:
                    6a:c8:d3:4a:4c:da:3b:6f:e1:f1:75:01:72:7b:69:
                    db:66:91:3c:bc:9a:9b:0e:bd:59:52:39:dc:2c:4d:
                    16:42:e3:da:06:e9:25:06:b7:00:ea:33:90:ed:af:
                    63:b9:78:e7:c9:ff:c6:50:76:73:96:2b:9f:14:3d:
                    68:c2:c3:c5:ac:c8:73:7c:aa:20:d7:cd:89:d9:cd:
                    fa:ae:c2:f3:0d:d2:e0:c2:ca:be:40:2d:89:3c:a6:
                    a3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:9B:BC:63:BD:54:45:2D:EC:78:0B:D6:A4:CD:A2:03:6E:DC:FF:3F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7Ju8Y71URS3seAvWpM2iA27c_z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:e9:ab:6d:26:66:cd:8e:ef:2a:d3:41:73:6d:83:4f:b8:cb:
         2c:c2:69:f5:b4:0f:99:9a:52:86:81:98:2d:48:4b:4e:2a:c1:
         5d:aa:38:e3:8b:d9:48:42:66:95:6a:f0:28:09:19:c2:4a:e7:
         4e:3a:9a:75:5d:0d:29:56:ef:5e:3e:e0:ac:d1:fd:03:78:cc:
         5c:40:49:9b:e8:79:de:a8:d3:a7:d5:b0:b4:91:b0:7e:85:6c:
         8b:14:f3:65:52:6c:5d:73:1c:43:b9:09:df:fb:c2:52:37:91:
         2c:86:a4:c1:b0:da:0b:ed:2e:88:59:6d:95:33:c2:fb:63:63:
         a2:7c:1d:c2:a5:31:38:89:78:e8:05:d9:32:4a:05:92:0f:e5:
         ba:2f:b9:82:a1:30:dd:d8:23:ee:f6:a1:a9:ea:2b:03:ac:9a:
         8a:9d:80:d8:13:48:0e:57:d7:6b:ab:bb:c3:78:e2:db:2a:b4:
         22:90:62:bc:04:2d:52:fa:d6:b3:f0:81:a2:0c:de:d8:90:91:
         8c:ca:7c:73:4c:ab:56:9b:ee:58:bb:32:f0:0e:ac:30:c1:bd:
         2e:34:04:e1:43:a4:61:8b:d8:4b:6b:90:2a:fe:87:4d:99:53:
         1f:5a:1a:16:88:8e:0c:91:29:29:e6:73:7f:24:40:d5:38:e0:
         6d:73:76:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3912EAypHrPEnP1ILkdJOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTA2MTUxMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzliYmM2M2JkNTQ0NTJkZWM3ODBiZDZhNGNkYTIwMzZlZGNmZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19YuBG6JJoodkA2loDY8mMoASsyD
EKhiII8jzpsaXDEjdpTrF1z4LBZcXIIcF+XSsmppxKOUA8NFS/izLhmTQdUbCpgG
C1okopBZ+6DIGvTUolyEmQIgPaIiuSuZfR9X7+LJ4dW2U/vTiZGUtSmF1JnKSK74
qu6ieo+f2P2MV4XZCghVEUTw2dxcHmeBeYx+sYslWIy0T+aPF3iO8rVjlMcGjndq
yNNKTNo7b+HxdQFye2nbZpE8vJqbDr1ZUjncLE0WQuPaBuklBrcA6jOQ7a9juXjn
yf/GUHZzliufFD1owsPFrMhzfKog182J2c36rsLzDdLgwsq+QC2JPKajqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOybvGO9VEUt7HgL1qTNogNu3P8/MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvN0p1OFk3MVVSUzNzZUF2V3BNMmlBMjdjX3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KzMA0G
CSqGSIb3DQEBCwUAA4IBAQB56attJmbNju8q00FzbYNPuMsswmn1tA+ZmlKGgZgt
SEtOKsFdqjjji9lIQmaVavAoCRnCSudOOpp1XQ0pVu9ePuCs0f0DeMxcQEmb6Hne
qNOn1bC0kbB+hWyLFPNlUmxdcxxDuQnf+8JSN5EshqTBsNoL7S6IWW2VM8L7Y2Oi
fB3CpTE4iXjoBdkySgWSD+W6L7mCoTDd2CPu9qGp6isDrJqKnYDYE0gOV9drq7vD
eOLbKrQikGK8BC1S+taz8IGiDN7YkJGMynxzTKtWm+5YuzLwDqwwwb0uNAThQ6Rh
i9hLa5Aq/odNmVMfWhoWiI4MkSkp5nN/JEDVOOBtc3Yr
-----END CERTIFICATE-----