Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JS7x44ls3zmAnP177DxHG3B8jxg.roa
File:                     JS7x44ls3zmAnP177DxHG3B8jxg.roa (raw, json)
Hash identifier:          bGZn5ZB+4e51JcweyD0BsLT5vJvb4i7v0hX/apkCU1w=
Subject key identifier:   25:2E:F1:E3:89:6C:DF:39:80:9C:FD:7B:EC:3C:47:1B:70:7C:8F:18
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DB08674FF0788D41E11AE975D43491F17
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JS7x44ls3zmAnP177DxHG3B8jxg.roa
Signing time:             Tue 21 Apr 2026 14:51:34 +0000
ROA not before:           Tue 21 Apr 2026 14:51:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215224
IP address blocks:        151.241.116.0/24 maxlen: 24
                          151.245.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:04:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:86:74:ff:07:88:d4:1e:11:ae:97:5d:43:49:1f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 21 14:51:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=252ef1e3896cdf39809cfd7bec3c471b707c8f18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1b:8b:38:3e:6a:e9:11:b3:de:56:95:2d:e4:
                    22:52:2f:9f:26:fd:34:e2:d4:37:e3:ab:2b:51:b7:
                    c9:1a:79:c4:90:e0:7a:51:43:5a:0a:5f:9d:3d:f2:
                    ee:e0:0f:75:df:37:fa:19:76:83:b5:6c:b1:a2:37:
                    d8:47:f6:85:71:76:f4:d9:1e:ea:64:5b:f7:60:73:
                    40:43:c5:c9:8c:ec:46:20:31:00:64:96:ec:ee:2f:
                    00:4a:cd:b2:4e:fd:b6:00:56:a8:99:24:21:9f:1f:
                    a4:8a:78:4e:48:a4:a1:c4:c9:55:22:67:a0:89:1e:
                    70:bb:fb:24:10:e8:df:a1:58:13:62:57:fb:2e:e7:
                    e7:51:a1:ca:5a:a7:66:55:cc:11:fa:ae:a7:b0:92:
                    46:63:c7:85:00:16:c5:82:c3:a6:b8:f8:d1:34:27:
                    b3:4c:2a:13:a0:ba:24:fc:a8:19:db:e9:78:ac:78:
                    ea:e4:0b:d4:8e:95:2e:ea:09:e4:e7:4e:80:3d:78:
                    12:5b:b6:7d:91:ff:a8:0f:fe:ca:93:f3:49:f0:e0:
                    32:a5:a8:74:00:92:eb:5f:99:de:7f:e3:d4:0c:c3:
                    27:e5:31:05:13:95:b8:d9:3f:cb:30:e4:68:16:90:
                    82:95:56:d9:33:e7:b7:ed:bc:fe:5e:d0:4f:e4:6f:
                    3c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2E:F1:E3:89:6C:DF:39:80:9C:FD:7B:EC:3C:47:1B:70:7C:8F:18
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JS7x44ls3zmAnP177DxHG3B8jxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.116.0/24
                  151.245.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:aa:a5:6e:ac:d3:8e:cd:54:c0:59:02:59:aa:4c:7e:95:70:
         2e:54:4f:db:4a:aa:64:2e:ae:8a:3e:b7:cc:c9:c2:6f:e8:b3:
         e5:db:7c:d3:58:ac:56:dc:ae:4a:65:58:53:f7:44:f0:6c:b9:
         74:9f:fc:b4:da:5e:a9:13:49:0b:4d:23:44:45:b5:14:b4:14:
         fa:ef:84:53:43:af:08:d8:07:06:06:b4:af:65:d3:8b:1a:28:
         20:a5:ac:01:a3:1e:8a:1a:1f:44:97:f3:ba:56:01:dd:f0:10:
         81:db:d8:de:4b:9d:58:41:94:4f:89:75:d9:8a:fe:89:10:de:
         0a:e3:ce:0e:cb:1c:00:7d:d1:ae:c8:b4:1f:d0:f1:fd:77:d4:
         84:22:a9:21:02:56:f4:6f:80:01:7e:c8:66:36:d5:ff:26:28:
         9a:f6:f8:9f:24:c6:a0:66:42:cc:07:df:92:46:69:c4:52:5a:
         6f:bd:8e:22:94:4b:44:31:95:ff:12:32:6d:34:95:77:e8:ef:
         9f:22:bc:20:1e:40:ad:3a:97:f2:4b:8b:4e:2a:66:43:56:22:
         60:3b:fd:5a:a6:fc:3e:4c:1b:35:78:95:71:d4:3c:92:84:be:
         43:83:b4:5f:d6:50:57:59:e3:d7:97:3d:21:79:f8:98:c1:69:
         cc:6b:51:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2whnT/B4jUHhGul11DSR8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDIxMTQ1MTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJlZjFlMzg5NmNkZjM5ODA5Y2ZkN2JlYzNjNDcxYjcwN2M4ZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBuLOD5q6RGz3laVLeQiUi+fJv00
4tQ346srUbfJGnnEkOB6UUNaCl+dPfLu4A913zf6GXaDtWyxojfYR/aFcXb02R7q
ZFv3YHNAQ8XJjOxGIDEAZJbs7i8ASs2yTv22AFaomSQhnx+kinhOSKShxMlVImeg
iR5wu/skEOjfoVgTYlf7LufnUaHKWqdmVcwR+q6nsJJGY8eFABbFgsOmuPjRNCez
TCoToLok/KgZ2+l4rHjq5AvUjpUu6gnk506APXgSW7Z9kf+oD/7Kk/NJ8OAypah0
AJLrX5nef+PUDMMn5TEFE5W42T/LMORoFpCClVbZM+e37bz+XtBP5G88uQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCUu8eOJbN85gJz9e+w8RxtwfI8YMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSlM3eDQ0bHMzem1BblAxNzdEeEhHM0I4anhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/F0AwQA
l/WTMA0GCSqGSIb3DQEBCwUAA4IBAQCdqqVurNOOzVTAWQJZqkx+lXAuVE/bSqpk
Lq6KPrfMycJv6LPl23zTWKxW3K5KZVhT90TwbLl0n/y02l6pE0kLTSNERbUUtBT6
74RTQ68I2AcGBrSvZdOLGiggpawBox6KGh9El/O6VgHd8BCB29jeS51YQZRPiXXZ
iv6JEN4K484OyxwAfdGuyLQf0PH9d9SEIqkhAlb0b4ABfshmNtX/Jiia9vifJMag
ZkLMB9+SRmnEUlpvvY4ilEtEMZX/EjJtNJV36O+fIrwgHkCtOpfyS4tOKmZDViJg
O/1apvw+TBs1eJVx1DyShL5Dg7Rf1lBXWePXlz0hefiYwWnMa1Gm
-----END CERTIFICATE-----