Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/D__4odSNIa7zgg_X-Q2kuqRpDvo.roa
File:                     D__4odSNIa7zgg_X-Q2kuqRpDvo.roa (raw, json)
Hash identifier:          DxkLbpEcJ2EQoyeXxL9yvsJOdKQnjcIAOFhvW0QsUXo=
Subject key identifier:   0F:FF:F8:A1:D4:8D:21:AE:F3:82:0F:D7:F9:0D:A4:BA:A4:69:0E:FA
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E4E30728A6B1EAE31B7355370B694090A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/D__4odSNIa7zgg_X-Q2kuqRpDvo.roa
Signing time:             Fri 22 May 2026 05:37:38 +0000
ROA not before:           Fri 22 May 2026 05:37:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402508
IP address blocks:        151.246.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:30:72:8a:6b:1e:ae:31:b7:35:53:70:b6:94:09:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 22 05:37:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ffff8a1d48d21aef3820fd7f90da4baa4690efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9f:71:bd:18:37:f1:a0:fb:4e:e1:80:fe:f7:
                    5b:7f:7d:9a:12:c9:18:7d:a7:16:89:8e:97:cd:bf:
                    87:c9:35:6a:52:13:35:bc:a9:ab:f6:79:2a:3a:be:
                    c6:b8:53:b5:69:12:2c:0d:e6:2c:4c:77:10:5e:80:
                    15:e6:9c:6e:b4:67:b1:b1:07:70:ae:b0:de:1b:c3:
                    ac:43:86:63:fd:ce:4c:a1:c7:39:c6:7b:ac:3e:07:
                    32:a8:5d:bc:5a:1f:30:5c:b1:c7:fb:78:e3:49:06:
                    fa:d8:25:dd:97:11:c4:de:16:cc:cf:2c:5d:3f:49:
                    1b:21:95:57:61:2c:f4:e1:d8:d8:45:e3:0c:ed:66:
                    fe:4e:db:24:ec:25:f9:21:c5:11:46:7b:60:cd:13:
                    71:f5:68:cf:87:9c:b4:d2:d0:19:de:56:82:52:08:
                    0a:cd:36:7d:f7:1c:87:ea:0c:e9:c3:39:9c:fc:d7:
                    53:38:b6:5f:71:09:b8:15:4c:4c:33:f4:a9:cb:56:
                    18:e5:a8:cd:cf:ed:76:53:d7:a8:0a:e6:48:a2:28:
                    69:d2:5f:03:ba:77:9a:b0:4d:b4:b9:9d:31:a7:73:
                    e2:05:bc:23:bd:f4:10:8d:ea:4e:d0:da:f7:48:e8:
                    ac:7e:2e:a7:45:53:10:f7:63:f6:72:10:80:95:63:
                    22:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:FF:F8:A1:D4:8D:21:AE:F3:82:0F:D7:F9:0D:A4:BA:A4:69:0E:FA
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/D__4odSNIa7zgg_X-Q2kuqRpDvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:4d:31:2b:dc:8c:b0:c2:93:89:1f:93:2f:61:7b:81:7c:83:
         f6:7a:d9:fa:1c:3c:cc:d2:90:f4:d6:1c:38:13:c2:fa:61:c9:
         e6:25:65:50:2b:0f:ec:d0:78:2f:99:2b:12:6a:29:a4:f9:93:
         99:17:2f:42:26:58:99:cd:43:0e:d2:cb:2a:32:2e:c5:31:b1:
         70:12:fa:4c:85:7a:f8:e8:24:3f:0b:99:02:d6:5d:b1:3c:01:
         88:30:e2:8b:81:e6:73:da:86:8d:77:a3:b5:1d:71:57:67:dc:
         f2:10:54:3c:77:96:5f:ae:f2:a2:bf:4b:94:85:aa:dc:47:63:
         39:63:f6:2c:b2:09:ac:3a:49:88:99:aa:39:87:29:1f:2d:6e:
         22:e3:94:42:dc:8a:15:b5:36:4c:45:61:49:15:c2:01:5f:74:
         ef:8b:b8:9e:bd:f4:bf:3d:5b:f4:4c:7b:f1:5e:be:c1:60:9a:
         04:ba:b3:84:8f:65:d8:fa:cc:70:84:91:69:c1:66:18:a6:a6:
         84:74:ba:b6:40:54:85:dd:0b:94:97:9b:c0:31:6a:17:01:0f:
         07:de:34:10:a2:b9:fd:7f:5e:e1:98:5a:a8:26:f2:5a:c2:08:
         99:4b:64:31:30:e2:84:9e:10:87:e9:bb:66:bd:78:8d:bc:f2:
         e8:c4:de:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5OMHKKax6uMbc1U3C2lAkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTIyMDUzNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmZmZjhhMWQ0OGQyMWFlZjM4MjBmZDdmOTBkYTRiYWE0NjkwZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ9xvRg38aD7TuGA/vdbf32aEskY
facWiY6Xzb+HyTVqUhM1vKmr9nkqOr7GuFO1aRIsDeYsTHcQXoAV5pxutGexsQdw
rrDeG8OsQ4Zj/c5Mocc5xnusPgcyqF28Wh8wXLHH+3jjSQb62CXdlxHE3hbMzyxd
P0kbIZVXYSz04djYReMM7Wb+Ttsk7CX5IcURRntgzRNx9WjPh5y00tAZ3laCUggK
zTZ99xyH6gzpwzmc/NdTOLZfcQm4FUxMM/Spy1YY5ajNz+12U9eoCuZIoihp0l8D
uneasE20uZ0xp3PiBbwjvfQQjepO0Nr3SOisfi6nRVMQ92P2chCAlWMijQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA//+KHUjSGu84IP1/kNpLqkaQ76MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRF9fNG9kU05JYTd6Z2dfWC1RMmt1cVJwRHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/b1MA0G
CSqGSIb3DQEBCwUAA4IBAQAUTTEr3IywwpOJH5MvYXuBfIP2etn6HDzM0pD01hw4
E8L6YcnmJWVQKw/s0HgvmSsSaimk+ZOZFy9CJliZzUMO0ssqMi7FMbFwEvpMhXr4
6CQ/C5kC1l2xPAGIMOKLgeZz2oaNd6O1HXFXZ9zyEFQ8d5ZfrvKiv0uUharcR2M5
Y/YssgmsOkmImao5hykfLW4i45RC3IoVtTZMRWFJFcIBX3Tvi7ievfS/PVv0THvx
Xr7BYJoEurOEj2XY+sxwhJFpwWYYpqaEdLq2QFSF3QuUl5vAMWoXAQ8H3jQQorn9
f17hmFqoJvJawgiZS2QxMOKEnhCH6btmvXiNvPLoxN6U
-----END CERTIFICATE-----