Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JtCmN8NaM6utGk43agc0cX3r9D0.roa
File:                     JtCmN8NaM6utGk43agc0cX3r9D0.roa (raw, json)
Hash identifier:          69L3MfuqghGrRFriuegr/GpwzIBa3bCbG+x+zlS+7o8=
Subject key identifier:   26:D0:A6:37:C3:5A:33:AB:AD:1A:4E:37:6A:07:34:71:7D:EB:F4:3D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DAB29FBA2BBEBD26FA1B3592DD2202526
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JtCmN8NaM6utGk43agc0cX3r9D0.roa
Signing time:             Mon 20 Apr 2026 13:52:28 +0000
ROA not before:           Mon 20 Apr 2026 13:52:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        151.243.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 05:13:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:29:fb:a2:bb:eb:d2:6f:a1:b3:59:2d:d2:20:25:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 20 13:52:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26d0a637c35a33abad1a4e376a0734717debf43d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:57:0f:9c:b4:d1:aa:8e:2a:72:91:2a:35:b0:
                    7f:4b:49:d4:db:f2:f9:42:b1:04:d6:44:dd:32:cd:
                    e9:7c:15:4c:cf:8b:b8:6f:d1:b5:a0:41:09:d9:18:
                    a2:ce:29:95:e1:47:24:19:3d:47:15:e6:50:e1:6f:
                    df:6f:5d:00:c9:c2:a4:83:82:5f:08:20:2f:95:1a:
                    3b:86:c6:72:41:9f:92:d8:2a:44:9f:8c:e3:f7:33:
                    33:20:1b:ad:6d:ac:74:65:45:43:76:95:3b:da:07:
                    78:ec:3a:63:38:94:67:35:0e:47:48:ad:ea:87:c6:
                    6a:4d:7e:08:1e:bc:42:c4:b9:ba:b5:57:36:8e:dd:
                    8f:9f:5c:96:00:d3:3d:d7:42:72:f7:68:e7:bb:7a:
                    04:dd:60:cb:3e:17:f1:14:ef:f5:ad:f3:f3:86:bc:
                    c7:de:3d:ed:0d:c3:d3:5a:6d:93:64:94:ca:a5:c6:
                    f6:51:1b:4f:ef:ee:87:21:bd:d5:41:3e:16:34:95:
                    b2:da:57:2f:ac:d2:5a:4d:be:ce:33:ae:d1:5a:b2:
                    95:73:4f:04:d7:a2:b5:60:7f:6b:6d:33:d4:00:1d:
                    c8:45:96:16:1e:23:07:dc:4e:33:37:a7:ec:50:b0:
                    af:84:dc:46:0c:31:fd:d1:56:0a:e5:3f:f6:c4:63:
                    9f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D0:A6:37:C3:5A:33:AB:AD:1A:4E:37:6A:07:34:71:7D:EB:F4:3D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JtCmN8NaM6utGk43agc0cX3r9D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:4e:69:00:d5:2b:db:96:7c:b6:fe:b3:b2:62:aa:52:05:07:
         f1:25:6d:75:c0:5a:ce:0b:13:ec:3d:9b:71:ab:09:55:e0:3f:
         77:85:60:61:fd:b7:41:fd:14:5b:87:0d:d5:6d:60:d1:8f:03:
         c7:1b:8f:47:21:9f:58:f6:68:5c:73:93:f8:ee:3e:43:eb:1b:
         70:da:43:9b:6d:96:fa:b3:c2:fa:4d:43:0a:67:1c:44:a6:4f:
         70:b3:79:05:6d:ad:2c:d2:20:c7:99:90:c0:56:2e:1b:c6:30:
         9b:a0:ee:97:1a:16:b4:d3:86:f8:0c:ce:77:e6:d1:8d:f9:bb:
         9f:07:e3:65:c6:3d:31:53:a4:a6:1d:98:18:34:6d:99:49:02:
         89:2c:5e:0a:f1:cd:f9:cd:09:7e:43:89:f2:3b:55:e3:31:ee:
         4f:d7:b0:68:27:05:f3:24:e9:f6:2b:d9:c6:3b:1a:45:83:38:
         48:53:20:65:bd:ce:2c:d4:06:02:a9:1f:07:ad:79:91:a0:05:
         f2:3a:c1:dc:72:44:2c:15:6f:2a:49:b4:24:d0:a0:3e:7b:c7:
         bd:b6:ac:ac:f9:09:7e:ca:fe:c7:d3:2f:d9:81:3c:45:6e:86:
         9e:08:bf:4e:7d:8d:cd:9a:a1:88:92:22:20:c2:10:f1:e6:36:
         cb:8f:ae:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rKfuiu+vSb6GzWS3SICUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDIwMTM1MjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQwYTYzN2MzNWEzM2FiYWQxYTRlMzc2YTA3MzQ3MTdkZWJmNDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1cPnLTRqo4qcpEqNbB/S0nU2/L5
QrEE1kTdMs3pfBVMz4u4b9G1oEEJ2RiizimV4UckGT1HFeZQ4W/fb10AycKkg4Jf
CCAvlRo7hsZyQZ+S2CpEn4zj9zMzIButbax0ZUVDdpU72gd47DpjOJRnNQ5HSK3q
h8ZqTX4IHrxCxLm6tVc2jt2Pn1yWANM910Jy92jnu3oE3WDLPhfxFO/1rfPzhrzH
3j3tDcPTWm2TZJTKpcb2URtP7+6HIb3VQT4WNJWy2lcvrNJaTb7OM67RWrKVc08E
16K1YH9rbTPUAB3IRZYWHiMH3E4zN6fsULCvhNxGDDH90VYK5T/2xGOfOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbQpjfDWjOrrRpON2oHNHF96/Q9MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSnRDbU44TmFNNnV0R2s0M2FnYzBjWDNyOUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/OmMA0G
CSqGSIb3DQEBCwUAA4IBAQAYTmkA1Svblny2/rOyYqpSBQfxJW11wFrOCxPsPZtx
qwlV4D93hWBh/bdB/RRbhw3VbWDRjwPHG49HIZ9Y9mhcc5P47j5D6xtw2kObbZb6
s8L6TUMKZxxEpk9ws3kFba0s0iDHmZDAVi4bxjCboO6XGha004b4DM535tGN+buf
B+Nlxj0xU6SmHZgYNG2ZSQKJLF4K8c35zQl+Q4nyO1XjMe5P17BoJwXzJOn2K9nG
OxpFgzhIUyBlvc4s1AYCqR8HrXmRoAXyOsHcckQsFW8qSbQk0KA+e8e9tqys+Ql+
yv7H0y/ZgTxFboaeCL9OfY3NmqGIkiIgwhDx5jbLj64d
-----END CERTIFICATE-----