Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JJGmLv66kQUt_1ruvKauv5rQEpU.roa
File:                     JJGmLv66kQUt_1ruvKauv5rQEpU.roa (raw, json)
Hash identifier:          Y39ihs4WPMpBaswDVECB02hI3l/5jTlh4i4FkqJT6Qw=
Subject key identifier:   24:91:A6:2E:FE:BA:91:05:2D:FF:5A:EE:BC:A6:AE:BF:9A:D0:12:95
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DBAC9002E49962C58EB53D2EBEA0B21F5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JJGmLv66kQUt_1ruvKauv5rQEpU.roa
Signing time:             Thu 23 Apr 2026 14:40:28 +0000
ROA not before:           Thu 23 Apr 2026 14:40:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        151.243.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:c9:00:2e:49:96:2c:58:eb:53:d2:eb:ea:0b:21:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 23 14:40:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2491a62efeba91052dff5aeebca6aebf9ad01295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:32:88:93:29:5a:2c:b4:39:98:1a:28:78:8f:
                    d0:81:b6:08:51:65:de:66:eb:a0:b1:d4:72:97:54:
                    66:d7:b7:2e:f1:ca:9a:fb:4f:29:83:d8:6c:83:d4:
                    50:23:96:9b:d0:d9:ee:4c:f4:95:18:e0:f6:e0:64:
                    1a:f0:90:92:7c:b6:2c:02:d1:87:04:21:68:31:d8:
                    17:a2:53:f6:d6:b5:5a:0e:b2:49:ee:65:c6:bb:ff:
                    1e:53:12:d8:f7:0b:99:df:da:cf:ca:61:2d:30:7a:
                    0a:b5:3a:86:59:63:5f:53:bf:10:0f:76:d1:4b:02:
                    70:25:52:c8:de:96:ef:9c:29:73:99:bb:3b:28:df:
                    a1:3e:39:db:82:19:c1:d9:ec:74:14:74:db:9d:7b:
                    53:73:bb:de:8d:36:e3:21:d3:62:d6:0d:41:87:b2:
                    4e:87:17:e9:c4:73:b9:a7:94:55:57:bf:9e:eb:d1:
                    b1:da:ba:ee:97:e3:4e:a3:69:b3:dc:93:9a:47:e9:
                    e9:a2:2c:db:ef:09:62:35:e1:97:90:12:21:df:c0:
                    21:6d:a5:6e:c5:67:c2:3b:b0:d0:67:e0:3d:52:5e:
                    52:df:14:91:ce:ed:47:b3:71:5c:1d:2c:e7:f5:eb:
                    09:48:2a:02:0f:28:f0:7b:14:14:c8:61:c3:ba:89:
                    f6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:91:A6:2E:FE:BA:91:05:2D:FF:5A:EE:BC:A6:AE:BF:9A:D0:12:95
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JJGmLv66kQUt_1ruvKauv5rQEpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:69:fb:2b:f1:90:42:ab:06:b2:0b:7e:95:f3:36:21:24:33:
         ca:94:6b:c7:7e:c4:1a:a1:50:b0:94:5c:e8:5e:b1:df:7c:8f:
         81:0d:44:57:36:ac:d8:b6:74:73:cb:a0:62:5b:42:ce:1f:79:
         f4:31:98:5d:6a:67:c8:22:ec:42:08:96:af:8c:51:2e:63:32:
         26:86:bf:6f:52:47:57:cc:b8:f5:9a:1a:ea:fe:a6:80:4a:fd:
         06:fa:6a:c4:25:c3:23:43:fe:44:2f:0b:f9:fd:c2:53:db:df:
         a1:9a:18:43:42:01:08:3c:e5:75:50:09:cc:73:04:36:2e:4a:
         2c:94:b0:5c:20:f7:37:16:3c:46:a4:37:26:e6:8f:60:f2:ef:
         13:35:79:17:88:75:cd:f7:c6:7e:2a:3a:c4:2d:33:a3:f7:ed:
         2a:a8:03:41:7d:5a:c9:3c:55:e3:24:c8:97:04:65:6e:be:50:
         8c:dd:d1:d0:be:3c:9c:d1:6d:db:d3:78:6a:27:a9:66:e7:19:
         bd:c6:77:0d:b5:3c:a4:85:d8:1f:dc:94:a0:ad:df:43:09:a3:
         a2:3d:64:6e:86:5c:39:18:8d:1b:d8:a7:20:fd:67:3b:21:63:
         57:4b:01:54:b0:e9:21:f4:fb:6c:d5:f8:63:81:86:f8:81:1b:
         ae:bc:73:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ26yQAuSZYsWOtT0uvqCyH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDIzMTQ0MDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDkxYTYyZWZlYmE5MTA1MmRmZjVhZWViY2E2YWViZjlhZDAxMjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DKIkylaLLQ5mBooeI/QgbYIUWXe
ZuugsdRyl1Rm17cu8cqa+08pg9hsg9RQI5ab0NnuTPSVGOD24GQa8JCSfLYsAtGH
BCFoMdgXolP21rVaDrJJ7mXGu/8eUxLY9wuZ39rPymEtMHoKtTqGWWNfU78QD3bR
SwJwJVLI3pbvnClzmbs7KN+hPjnbghnB2ex0FHTbnXtTc7vejTbjIdNi1g1Bh7JO
hxfpxHO5p5RVV7+e69Gx2rrul+NOo2mz3JOaR+npoizb7wliNeGXkBIh38AhbaVu
xWfCO7DQZ+A9Ul5S3xSRzu1Hs3FcHSzn9esJSCoCDyjwexQUyGHDuon2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSRpi7+upEFLf9a7rymrr+a0BKVMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSkpHbUx2NjZrUVV0XzFydXZLYXV2NXJRRXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/OdMA0G
CSqGSIb3DQEBCwUAA4IBAQAFafsr8ZBCqwayC36V8zYhJDPKlGvHfsQaoVCwlFzo
XrHffI+BDURXNqzYtnRzy6BiW0LOH3n0MZhdamfIIuxCCJavjFEuYzImhr9vUkdX
zLj1mhrq/qaASv0G+mrEJcMjQ/5ELwv5/cJT29+hmhhDQgEIPOV1UAnMcwQ2Lkos
lLBcIPc3FjxGpDcm5o9g8u8TNXkXiHXN98Z+KjrELTOj9+0qqANBfVrJPFXjJMiX
BGVuvlCM3dHQvjyc0W3b03hqJ6lm5xm9xncNtTykhdgf3JSgrd9DCaOiPWRuhlw5
GI0b2Kcg/Wc7IWNXSwFUsOkh9Pts1fhjgYb4gRuuvHNg
-----END CERTIFICATE-----