Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ot_yp4DA8YBbxd-kGVpRyguFfac.roa
File:                     Ot_yp4DA8YBbxd-kGVpRyguFfac.roa (raw, json)
Hash identifier:          9yTNPEavsl+M5VbnD1/qut5GCa+Wj2a4o6zr+TnvK8M=
Subject key identifier:   3A:DF:F2:A7:80:C0:F1:80:5B:C5:DF:A4:19:5A:51:CA:0B:85:7D:A7
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D434EEE05F85ACF8045DB2BECB7135640
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ot_yp4DA8YBbxd-kGVpRyguFfac.roa
Signing time:             Tue 31 Mar 2026 09:52:19 +0000
ROA not before:           Tue 31 Mar 2026 09:52:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401857
IP address blocks:        151.245.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 05:15:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:4e:ee:05:f8:5a:cf:80:45:db:2b:ec:b7:13:56:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 31 09:52:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3adff2a780c0f1805bc5dfa4195a51ca0b857da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0d:e7:45:86:79:79:45:6b:18:ce:7d:99:4c:
                    97:6c:39:7f:28:6c:e0:21:89:e9:72:c5:85:49:b3:
                    21:56:8f:1f:86:68:ae:06:04:3e:82:59:25:1f:25:
                    47:59:19:ee:35:98:39:ba:53:b9:cd:ce:eb:db:18:
                    08:96:76:f5:22:84:4d:05:fc:be:e7:22:26:62:94:
                    47:df:10:95:f7:b7:1d:0b:fb:35:2c:00:6f:a0:69:
                    90:75:e3:66:69:29:66:b9:4d:07:f4:a1:2c:0f:5f:
                    84:17:30:d6:83:31:a3:c9:e9:ff:7a:81:aa:f2:29:
                    5f:ae:00:04:41:8d:5d:28:90:56:d1:23:1b:09:f8:
                    88:8c:cc:5d:d1:9e:16:30:4b:e2:6f:43:c9:7f:86:
                    8c:0c:3f:a1:c1:8f:51:49:51:6d:ec:9e:cd:fe:d6:
                    ca:10:09:1f:21:d3:2e:11:d6:91:66:aa:63:e5:97:
                    f5:7c:e7:8b:e6:c0:24:f9:66:bc:11:d0:4f:50:2d:
                    e8:db:85:cb:b9:2a:54:02:c6:ce:90:9b:7e:f7:a4:
                    65:7c:da:a6:40:e3:e7:14:00:5b:0a:0e:0d:64:3f:
                    01:77:68:75:d8:fb:fa:a3:8e:9a:ed:21:37:65:09:
                    10:d2:6b:75:f1:b8:64:03:5b:9b:9d:dd:73:35:80:
                    51:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:DF:F2:A7:80:C0:F1:80:5B:C5:DF:A4:19:5A:51:CA:0B:85:7D:A7
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ot_yp4DA8YBbxd-kGVpRyguFfac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f3:61:74:d1:bf:3c:4b:72:88:7a:fc:ec:db:e5:40:d0:c6:
         77:3c:78:15:da:cf:aa:46:57:ba:27:fd:20:22:08:e1:20:b3:
         71:bc:a5:83:06:b9:87:56:fc:c2:65:9d:de:29:c6:30:87:77:
         af:07:e7:57:9a:75:eb:00:b1:e4:77:19:98:52:86:96:51:e0:
         3f:39:4a:10:9f:91:9d:8f:83:72:4e:a9:97:70:24:2a:f4:56:
         b0:70:b6:20:88:2e:69:56:8c:4d:c0:c1:1c:e4:fe:a3:ab:50:
         52:71:ee:71:a2:e8:dc:1b:2a:ab:a3:d5:43:4e:22:91:8b:39:
         de:b4:2c:d9:ad:56:19:3c:14:8a:bf:66:d9:5d:ff:f3:8f:0f:
         61:52:18:29:9f:dd:5d:56:5d:dc:39:c3:cd:ad:1c:07:56:0e:
         43:8f:03:9c:f7:cd:c0:e9:f8:bd:fb:d5:75:30:f5:08:a4:63:
         dd:09:f6:7c:47:e2:de:a0:76:1e:f2:13:48:9f:cc:25:b6:fe:
         f3:c5:25:ee:4f:c1:2e:18:37:8b:3c:dd:77:f9:35:25:7a:18:
         63:92:66:7e:7a:fc:aa:7b:d7:1d:2d:64:14:1b:35:3e:db:87:
         ca:b4:2d:f3:40:4a:09:ed:94:a9:65:55:87:71:62:7d:bb:cf:
         ef:30:07:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1DTu4F+FrPgEXbK+y3E1ZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzMxMDk1MjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWRmZjJhNzgwYzBmMTgwNWJjNWRmYTQxOTVhNTFjYTBiODU3ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqg3nRYZ5eUVrGM59mUyXbDl/KGzg
IYnpcsWFSbMhVo8fhmiuBgQ+glklHyVHWRnuNZg5ulO5zc7r2xgIlnb1IoRNBfy+
5yImYpRH3xCV97cdC/s1LABvoGmQdeNmaSlmuU0H9KEsD1+EFzDWgzGjyen/eoGq
8ilfrgAEQY1dKJBW0SMbCfiIjMxd0Z4WMEvib0PJf4aMDD+hwY9RSVFt7J7N/tbK
EAkfIdMuEdaRZqpj5Zf1fOeL5sAk+Wa8EdBPUC3o24XLuSpUAsbOkJt+96RlfNqm
QOPnFABbCg4NZD8Bd2h12Pv6o46a7SE3ZQkQ0mt18bhkA1ubnd1zNYBRZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrf8qeAwPGAW8XfpBlaUcoLhX2nMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvT3RfeXA0REE4WUJieGQta0dWcFJ5Z3VGZmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/UEMA0G
CSqGSIb3DQEBCwUAA4IBAQBV82F00b88S3KIevzs2+VA0MZ3PHgV2s+qRle6J/0g
IgjhILNxvKWDBrmHVvzCZZ3eKcYwh3evB+dXmnXrALHkdxmYUoaWUeA/OUoQn5Gd
j4NyTqmXcCQq9FawcLYgiC5pVoxNwMEc5P6jq1BSce5xoujcGyqro9VDTiKRizne
tCzZrVYZPBSKv2bZXf/zjw9hUhgpn91dVl3cOcPNrRwHVg5DjwOc983A6fi9+9V1
MPUIpGPdCfZ8R+LeoHYe8hNIn8wltv7zxSXuT8EuGDeLPN13+TUlehhjkmZ+evyq
e9cdLWQUGzU+24fKtC3zQEoJ7ZSpZVWHcWJ9u8/vMAeb
-----END CERTIFICATE-----