Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JVoQxCz3QCaF75x6VPVn-8SgWqM.roa
File:                     JVoQxCz3QCaF75x6VPVn-8SgWqM.roa (raw, json)
Hash identifier:          L3DOynCXKxi6D8WaQWO9l15mcRK/rmTWfLd0OOunpbg=
Subject key identifier:   25:5A:10:C4:2C:F7:40:26:85:EF:9C:7A:54:F5:67:FB:C4:A0:5A:A3
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E649A0E6867EFCCCDA76F0F203A49FF8D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JVoQxCz3QCaF75x6VPVn-8SgWqM.roa
Signing time:             Tue 26 May 2026 14:04:38 +0000
ROA not before:           Tue 26 May 2026 14:04:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207343
IP address blocks:        151.241.21.0/24 maxlen: 24
                          151.247.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:9a:0e:68:67:ef:cc:cd:a7:6f:0f:20:3a:49:ff:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 26 14:04:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=255a10c42cf7402685ef9c7a54f567fbc4a05aa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d3:8a:cb:80:59:95:f6:44:64:17:59:96:c8:
                    91:49:6f:8a:71:0d:b8:4c:bf:2c:0d:9f:b8:9e:95:
                    c4:fa:a2:e5:17:5a:dc:46:38:4d:a9:8b:33:38:3c:
                    1e:95:dd:b7:00:69:db:e8:19:26:ae:fe:02:28:be:
                    72:24:56:9d:b0:b5:8d:96:7c:b6:46:db:f2:fa:8a:
                    a2:eb:ae:ef:e4:d9:85:ff:52:ba:24:3b:89:c0:b4:
                    d2:81:d7:f8:54:02:ad:9b:a4:87:a3:01:08:a2:d2:
                    74:09:e6:4e:4b:ef:b8:09:5e:f7:eb:6a:95:d0:82:
                    b7:96:4f:b2:04:47:b5:2b:94:1e:bb:1a:f3:54:4d:
                    fa:1a:3e:b9:61:c1:b9:aa:48:e4:bb:ea:e3:40:10:
                    09:19:92:67:c7:c3:d0:d7:17:03:8c:02:4b:cc:27:
                    e4:fe:55:76:4b:d1:49:df:b8:4c:77:29:2f:9a:df:
                    65:94:5e:97:88:d8:45:57:59:9d:b1:b4:f9:b6:30:
                    57:27:4e:82:b0:53:79:92:ed:02:a5:33:63:f0:d5:
                    b3:72:38:ee:f3:88:b7:b2:4f:ca:a4:fb:68:4b:a7:
                    ed:c1:21:4d:dd:0c:bb:a5:c5:fa:39:38:da:6d:67:
                    94:50:34:c1:b6:84:70:e9:a6:80:50:03:7b:d8:b1:
                    82:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:5A:10:C4:2C:F7:40:26:85:EF:9C:7A:54:F5:67:FB:C4:A0:5A:A3
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JVoQxCz3QCaF75x6VPVn-8SgWqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.21.0/24
                  151.247.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:b4:08:fd:5c:10:5c:c7:75:83:cd:b1:f2:f6:c4:7b:ac:56:
         51:93:5f:c5:2a:14:e9:73:57:d9:52:38:65:87:76:06:88:c2:
         62:9c:5f:da:6a:6d:96:35:4f:03:1f:8c:ed:40:e6:74:6d:e8:
         40:a5:e3:e0:36:23:a8:2f:68:62:15:3e:53:3c:7b:d8:8c:90:
         8d:37:ff:17:ef:da:d6:46:2a:da:7e:82:01:6a:67:6a:d2:f4:
         ef:28:07:62:a4:1e:9f:d4:80:ca:b7:44:b7:8b:dc:ed:64:5d:
         00:fd:9a:ae:46:8d:fc:c7:85:fa:50:bd:8d:6f:bc:93:af:76:
         d3:5e:9d:4e:7b:fa:92:c3:59:b3:6c:62:9b:c3:8b:ed:0f:b2:
         22:e3:00:71:81:cd:7d:4d:8e:14:a3:13:d6:3c:24:3f:25:40:
         50:af:6b:95:93:51:21:6c:65:e8:b1:88:b2:80:3e:1e:bd:4e:
         51:7d:df:58:52:fa:3d:a4:4b:9f:30:5c:3c:35:f9:91:a9:4a:
         27:13:5e:f8:4f:e4:57:4e:9b:90:21:a1:f8:ac:d5:e0:ee:13:
         99:33:8d:7b:80:c4:79:df:f8:f6:29:a3:bf:c6:66:19:81:26:
         ef:73:58:95:90:52:c3:75:7e:cc:ab:9f:67:ea:59:c6:7b:e5:
         15:e1:33:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5kmg5oZ+/MzadvDyA6Sf+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTI2MTQwNDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTVhMTBjNDJjZjc0MDI2ODVlZjljN2E1NGY1NjdmYmM0YTA1YWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9OKy4BZlfZEZBdZlsiRSW+KcQ24
TL8sDZ+4npXE+qLlF1rcRjhNqYszODweld23AGnb6Bkmrv4CKL5yJFadsLWNlny2
Rtvy+oqi667v5NmF/1K6JDuJwLTSgdf4VAKtm6SHowEIotJ0CeZOS++4CV7362qV
0IK3lk+yBEe1K5QeuxrzVE36Gj65YcG5qkjku+rjQBAJGZJnx8PQ1xcDjAJLzCfk
/lV2S9FJ37hMdykvmt9llF6XiNhFV1mdsbT5tjBXJ06CsFN5ku0CpTNj8NWzcjju
84i3sk/KpPtoS6ftwSFN3Qy7pcX6OTjabWeUUDTBtoRw6aaAUAN72LGCZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCVaEMQs90Amhe+celT1Z/vEoFqjMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSlZvUXhDejNRQ2FGNzV4NlZQVm4tOFNnV3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/EVAwQA
l/fHMA0GCSqGSIb3DQEBCwUAA4IBAQButAj9XBBcx3WDzbHy9sR7rFZRk1/FKhTp
c1fZUjhlh3YGiMJinF/aam2WNU8DH4ztQOZ0behApePgNiOoL2hiFT5TPHvYjJCN
N/8X79rWRirafoIBamdq0vTvKAdipB6f1IDKt0S3i9ztZF0A/ZquRo38x4X6UL2N
b7yTr3bTXp1Oe/qSw1mzbGKbw4vtD7Ii4wBxgc19TY4UoxPWPCQ/JUBQr2uVk1Eh
bGXosYiygD4evU5Rfd9YUvo9pEufMFw8NfmRqUonE174T+RXTpuQIaH4rNXg7hOZ
M417gMR53/j2KaO/xmYZgSbvc1iVkFLDdX7Mq59n6lnGe+UV4TOc
-----END CERTIFICATE-----