Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JLhU1jYJddmx08IZjR5NxHgP8Oo.roa
File:                     JLhU1jYJddmx08IZjR5NxHgP8Oo.roa (raw, json)
Hash identifier:          IOAlQH+Thkio/bSV7T0TM5zyXG5Ijh1Fo8sdVz0QLfU=
Subject key identifier:   24:B8:54:D6:36:09:75:D9:B1:D3:C2:19:8D:1E:4D:C4:78:0F:F0:EA
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D1017D75357A6E1F21FA4C41F5958D39A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JLhU1jYJddmx08IZjR5NxHgP8Oo.roa
Signing time:             Sat 21 Mar 2026 11:11:31 +0000
ROA not before:           Sat 21 Mar 2026 11:11:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49453
IP address blocks:        151.246.24.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:10:17:d7:53:57:a6:e1:f2:1f:a4:c4:1f:59:58:d3:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 21 11:11:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24b854d6360975d9b1d3c2198d1e4dc4780ff0ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:87:5f:0c:11:7b:e7:1c:07:ee:19:55:9d:4d:
                    be:b1:2d:fe:3b:9a:48:0b:1f:fd:29:4e:c3:bb:28:
                    45:24:a9:c6:3b:20:2c:70:00:0c:71:e1:87:93:ee:
                    5a:f2:b2:11:16:20:6c:67:0a:cf:12:80:30:e5:67:
                    35:5d:58:e0:5b:4a:86:b2:36:30:55:fb:21:53:1c:
                    dc:40:34:b8:c6:b0:36:c5:b5:54:71:de:8b:d8:99:
                    10:c7:9f:d5:19:b5:2f:6b:74:b4:a5:c3:1a:a0:d4:
                    e6:f0:5f:e2:c7:9e:15:c0:98:95:a0:16:e9:1b:76:
                    76:95:33:62:39:13:ae:e6:62:4f:61:a5:e6:c1:5b:
                    c7:ca:ea:da:b4:20:d0:14:05:6c:26:3d:73:ac:40:
                    00:8d:77:b0:20:34:8c:e3:5f:d6:c3:ae:68:3c:fa:
                    9c:4a:a1:76:e9:89:30:d4:8f:73:cc:ba:b8:a1:96:
                    06:56:be:21:f0:74:a2:01:80:05:b5:54:1d:c5:04:
                    32:a5:46:dc:20:03:aa:5f:14:f9:16:b8:70:66:a0:
                    d6:87:f8:41:45:f4:34:b2:c5:08:5d:b2:40:9f:c8:
                    88:14:6c:08:d4:8c:e0:14:e8:5d:75:74:8a:03:d3:
                    cc:e5:bd:29:c6:44:bd:3c:46:b0:0b:61:81:45:c5:
                    70:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:B8:54:D6:36:09:75:D9:B1:D3:C2:19:8D:1E:4D:C4:78:0F:F0:EA
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JLhU1jYJddmx08IZjR5NxHgP8Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:94:f3:3f:5a:e9:15:4b:2f:c9:66:87:66:15:43:51:82:47:
         76:a9:ca:30:b6:fd:c3:67:8d:f4:b7:76:da:1a:13:0b:f1:5e:
         55:87:c8:8b:4b:65:1e:e9:e6:fc:96:96:45:2c:6e:73:cf:ca:
         ff:d1:e7:4a:99:1f:83:12:18:e9:96:c7:bf:7e:d6:a0:95:84:
         8b:e0:50:14:fd:93:45:ff:d2:55:8a:f2:69:fa:e6:75:06:fb:
         d3:96:46:f3:a7:da:8b:a9:d6:01:55:0c:4f:a6:9f:cc:ab:e2:
         82:c3:e6:a2:34:50:c2:6f:2c:14:18:45:88:24:53:e1:be:e6:
         1d:8b:a8:95:45:c3:25:3e:a9:cd:f7:73:f9:91:a6:95:3c:c1:
         5f:20:34:e0:b8:f3:35:3f:b6:c1:d4:ce:c9:2f:63:30:df:52:
         41:bb:d2:f7:c4:36:88:7b:79:29:66:79:d9:4a:18:16:4f:46:
         05:d3:eb:5f:37:cb:b7:ac:02:9b:9e:4e:93:07:bf:3d:5e:92:
         12:e3:cd:bc:85:80:db:c3:ee:2b:f0:20:a2:7b:3e:a9:d0:0f:
         5a:6a:91:52:c4:0a:09:15:5d:3a:ab:9a:54:95:45:45:d0:1b:
         61:e3:98:83:cc:e4:d1:55:c9:9a:5d:10:d7:dd:04:2a:11:6a:
         99:43:30:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0QF9dTV6bh8h+kxB9ZWNOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzIxMTExMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGI4NTRkNjM2MDk3NWQ5YjFkM2MyMTk4ZDFlNGRjNDc4MGZmMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIdfDBF75xwH7hlVnU2+sS3+O5pI
Cx/9KU7DuyhFJKnGOyAscAAMceGHk+5a8rIRFiBsZwrPEoAw5Wc1XVjgW0qGsjYw
VfshUxzcQDS4xrA2xbVUcd6L2JkQx5/VGbUva3S0pcMaoNTm8F/ix54VwJiVoBbp
G3Z2lTNiOROu5mJPYaXmwVvHyuratCDQFAVsJj1zrEAAjXewIDSM41/Ww65oPPqc
SqF26Ykw1I9zzLq4oZYGVr4h8HSiAYAFtVQdxQQypUbcIAOqXxT5FrhwZqDWh/hB
RfQ0ssUIXbJAn8iIFGwI1IzgFOhddXSKA9PM5b0pxkS9PEawC2GBRcVw4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCS4VNY2CXXZsdPCGY0eTcR4D/DqMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSkxoVTFqWUpkZG14MDhJWmpSNU54SGdQOE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDl/YYMA0G
CSqGSIb3DQEBCwUAA4IBAQAHlPM/WukVSy/JZodmFUNRgkd2qcowtv3DZ430t3ba
GhML8V5Vh8iLS2Ue6eb8lpZFLG5zz8r/0edKmR+DEhjplse/ftaglYSL4FAU/ZNF
/9JVivJp+uZ1BvvTlkbzp9qLqdYBVQxPpp/Mq+KCw+aiNFDCbywUGEWIJFPhvuYd
i6iVRcMlPqnN93P5kaaVPMFfIDTguPM1P7bB1M7JL2Mw31JBu9L3xDaIe3kpZnnZ
ShgWT0YF0+tfN8u3rAKbnk6TB789XpIS4828hYDbw+4r8CCiez6p0A9aapFSxAoJ
FV06q5pUlUVF0Bth45iDzOTRVcmaXRDX3QQqEWqZQzA0
-----END CERTIFICATE-----