Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U4uYwGGaTSjQ7BkP1QvhGGYANpA.roa
File:                     U4uYwGGaTSjQ7BkP1QvhGGYANpA.roa (raw, json)
Hash identifier:          AGSbqRzp6D4VI72g4feI8Ij8dd8gxXTH7ba9ye2rk3g=
Subject key identifier:   53:8B:98:C0:61:9A:4D:28:D0:EC:19:0F:D5:0B:E1:18:66:00:36:90
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DFE6E72857267FF65FEAC71C27E3A2ED2
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U4uYwGGaTSjQ7BkP1QvhGGYANpA.roa
Signing time:             Wed 06 May 2026 17:55:44 +0000
ROA not before:           Wed 06 May 2026 17:55:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154408
IP address blocks:        151.245.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 02:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:6e:72:85:72:67:ff:65:fe:ac:71:c2:7e:3a:2e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  6 17:55:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=538b98c0619a4d28d0ec190fd50be11866003690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f7:79:ef:f6:3f:53:03:04:77:0c:04:9a:06:
                    a8:09:2d:e0:3d:f2:31:d2:91:6e:25:07:10:b6:de:
                    c8:6b:a4:eb:70:d1:dc:eb:7e:de:1a:25:8f:6a:3b:
                    00:af:43:07:d2:6d:56:59:2d:21:bd:45:32:b5:88:
                    e7:73:3d:d5:7c:3a:da:fa:38:20:bc:ca:93:34:06:
                    17:65:a3:bb:f1:6c:46:6d:69:ef:4e:67:ad:d7:73:
                    db:02:35:79:12:26:ed:a7:95:65:ae:63:d6:9f:10:
                    5e:0b:1a:85:11:f6:51:56:97:e7:a8:e7:93:6c:98:
                    b9:23:b7:48:6c:36:7d:99:e2:ea:ca:e6:3f:b4:13:
                    15:db:a4:e4:2e:7c:d1:28:50:e0:60:a7:d3:c6:e4:
                    39:c7:f2:88:b3:be:ca:f3:7e:c3:d2:8e:62:b0:4a:
                    f9:b8:44:48:16:ef:41:b2:9b:f8:93:35:e3:a3:47:
                    29:5d:30:e3:b8:82:2d:82:a8:fa:ab:cd:7d:ee:e7:
                    bf:b0:78:c5:01:50:7b:c0:d4:02:27:b7:68:52:34:
                    6c:c1:f7:e9:9e:7d:b5:08:42:9e:c2:bb:e1:cb:fa:
                    24:00:dc:21:c8:ce:41:b9:f4:02:b0:52:38:59:43:
                    99:5d:52:ba:c9:bc:56:41:58:a6:1d:ce:f2:c3:66:
                    59:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:8B:98:C0:61:9A:4D:28:D0:EC:19:0F:D5:0B:E1:18:66:00:36:90
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U4uYwGGaTSjQ7BkP1QvhGGYANpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ba:44:4d:d3:db:75:3f:77:10:55:99:2d:98:38:7c:a8:6d:
         75:58:c3:be:9e:df:27:ea:d9:06:99:e1:a6:49:7c:53:cb:d8:
         74:d7:c2:e8:f9:27:13:9b:e3:51:09:23:83:24:aa:2f:6c:58:
         4c:44:38:c5:14:7c:75:cf:12:5d:f1:b8:73:cd:6d:8b:e3:1c:
         30:bc:c8:30:a9:24:65:6a:6c:3d:b0:17:6c:7e:06:64:81:eb:
         9f:f5:fa:40:c3:78:62:24:83:75:f5:6f:71:0f:16:b4:77:ff:
         b4:1e:a5:d8:46:82:43:e3:7c:a7:e1:04:73:cb:c7:8c:d8:86:
         b6:a7:52:b2:f0:3e:cc:d6:c6:7c:69:91:35:65:04:84:61:23:
         fe:13:29:25:95:89:41:56:b6:40:e3:5b:64:59:09:1f:d2:9a:
         0f:03:de:c8:c2:ee:8d:97:4c:d2:1c:e0:bc:3a:a4:58:3c:ba:
         e3:5b:2d:97:8e:08:12:1f:6e:16:99:24:5d:64:73:44:48:cf:
         5d:bd:49:39:3f:c3:f6:61:3b:8f:92:6f:a8:ca:a9:82:41:08:
         04:32:38:c4:08:26:99:97:a3:ac:e9:63:4d:5b:cf:78:8e:af:
         d4:32:b4:98:0e:13:7f:a5:17:34:91:5c:67:c5:ff:b3:f0:93:
         90:8a:64:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+bnKFcmf/Zf6sccJ+Oi7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTA2MTc1NTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzhiOThjMDYxOWE0ZDI4ZDBlYzE5MGZkNTBiZTExODY2MDAzNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovd57/Y/UwMEdwwEmgaoCS3gPfIx
0pFuJQcQtt7Ia6TrcNHc637eGiWPajsAr0MH0m1WWS0hvUUytYjncz3VfDra+jgg
vMqTNAYXZaO78WxGbWnvTmet13PbAjV5Eibtp5VlrmPWnxBeCxqFEfZRVpfnqOeT
bJi5I7dIbDZ9meLqyuY/tBMV26TkLnzRKFDgYKfTxuQ5x/KIs77K837D0o5isEr5
uERIFu9Bspv4kzXjo0cpXTDjuIItgqj6q8197ue/sHjFAVB7wNQCJ7doUjRswffp
nn21CEKewrvhy/okANwhyM5BufQCsFI4WUOZXVK6ybxWQVimHc7yw2ZZ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOLmMBhmk0o0OwZD9UL4RhmADaQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVTR1WXdHR2FUU2pRN0JrUDFRdmhHR1lBTnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/W2MA0G
CSqGSIb3DQEBCwUAA4IBAQBmukRN09t1P3cQVZktmDh8qG11WMO+nt8n6tkGmeGm
SXxTy9h018Lo+ScTm+NRCSODJKovbFhMRDjFFHx1zxJd8bhzzW2L4xwwvMgwqSRl
amw9sBdsfgZkgeuf9fpAw3hiJIN19W9xDxa0d/+0HqXYRoJD43yn4QRzy8eM2Ia2
p1Ky8D7M1sZ8aZE1ZQSEYSP+EykllYlBVrZA41tkWQkf0poPA97Iwu6Nl0zSHOC8
OqRYPLrjWy2XjggSH24WmSRdZHNESM9dvUk5P8P2YTuPkm+oyqmCQQgEMjjECCaZ
l6Os6WNNW894jq/UMrSYDhN/pRc0kVxnxf+z8JOQimQT
-----END CERTIFICATE-----