Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o4SkdoGgx9Cx3_V8Y90MfOyLdco.roa
File:                     o4SkdoGgx9Cx3_V8Y90MfOyLdco.roa (raw, json)
Hash identifier:          T/NpZ1PTYFCo6UPtRiBGSO22PO9XOSgnMeGvUJgHLhY=
Subject key identifier:   A3:84:A4:76:81:A0:C7:D0:B1:DF:F5:7C:63:DD:0C:7C:EC:8B:75:CA
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019CED62A4F3D7BDD8815044E866FF5EEEF0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o4SkdoGgx9Cx3_V8Y90MfOyLdco.roa
Signing time:             Sat 14 Mar 2026 17:26:30 +0000
ROA not before:           Sat 14 Mar 2026 17:26:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402252
IP address blocks:        151.247.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ed:62:a4:f3:d7:bd:d8:81:50:44:e8:66:ff:5e:ee:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar 14 17:26:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a384a47681a0c7d0b1dff57c63dd0c7cec8b75ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:68:b0:ee:99:07:cb:43:e6:18:7c:c3:e4:9e:
                    04:bb:42:3d:45:db:1a:14:74:6c:6e:cd:a0:fb:6b:
                    f6:56:08:e5:30:ca:16:1c:96:3a:7f:0b:29:31:c1:
                    36:19:71:b9:c0:7e:6a:97:23:5a:de:82:d2:a1:5e:
                    af:d5:49:8f:5c:d0:a3:f9:ef:0e:20:a9:53:87:a4:
                    90:ab:7e:69:81:78:c0:a8:4f:aa:8b:fc:8d:9f:f6:
                    1e:4c:8e:fd:c6:f8:11:50:d1:80:c8:dd:59:4f:b6:
                    8d:2e:b9:52:60:6d:46:a3:03:82:8a:57:31:eb:a8:
                    3b:df:11:d8:16:0a:0e:2b:ca:ba:47:c3:4e:a4:b0:
                    10:81:79:16:43:10:88:60:3d:5e:cb:dd:d2:d1:18:
                    a9:2a:a4:3f:e4:91:2e:51:10:ac:a9:77:2a:dd:47:
                    0c:22:f1:ae:ae:16:9e:b5:b4:7f:3d:6c:81:0e:03:
                    11:c4:7c:0c:a9:ee:d5:77:70:18:15:2b:49:1b:ff:
                    7e:5e:64:4f:47:fd:6a:52:cc:12:2f:03:de:14:fa:
                    43:52:2c:df:e0:1d:d8:15:d5:ba:99:d7:43:5b:32:
                    09:bf:fb:bf:01:98:fa:b6:05:22:43:98:97:c1:2c:
                    a6:bf:c9:ef:78:aa:84:2a:55:d6:51:c2:7f:ac:fd:
                    87:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:84:A4:76:81:A0:C7:D0:B1:DF:F5:7C:63:DD:0C:7C:EC:8B:75:CA
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/o4SkdoGgx9Cx3_V8Y90MfOyLdco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:33:3d:4c:69:19:55:79:82:06:64:8f:bb:9c:9e:84:42:d5:
         2c:e3:c4:d1:62:5e:39:72:02:16:1f:ee:b5:ad:32:1c:84:cb:
         9a:7d:1b:9f:3a:f0:4b:e2:73:bc:c1:b2:58:ab:0e:df:21:a7:
         99:73:1d:08:9f:af:3d:9a:ce:5e:e0:3e:c2:a3:e6:65:d1:c6:
         02:eb:4b:81:83:2a:4e:8e:0c:e5:b9:01:7b:67:bb:f9:9b:78:
         75:a2:d4:de:53:4b:02:0d:75:ee:a0:64:d4:b7:19:dc:da:f2:
         ca:f6:02:40:3f:75:bc:45:a2:04:b8:1f:c8:8a:71:33:23:4a:
         bd:e2:2f:d8:d3:ae:29:e8:62:33:34:5f:78:86:45:d7:e9:5c:
         dc:38:b2:cd:07:9c:85:5d:5e:0c:b2:ad:95:dc:20:15:6a:3a:
         8c:3c:4b:fa:75:12:01:0d:76:ba:78:fb:eb:35:ff:6e:ec:00:
         fd:03:dc:4b:b0:3c:42:bf:70:bd:a9:c8:f6:75:3a:54:78:60:
         d3:a1:5c:c1:1b:57:8d:32:7b:73:1f:2d:a4:ed:d5:99:d9:10:
         19:46:68:b6:6c:0a:4e:6b:43:71:9b:38:7d:b8:5a:a0:8f:09:
         44:f2:65:11:5a:30:db:98:cb:38:cd:cb:43:6a:a2:2a:71:84:
         17:72:22:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZztYqTz173YgVBE6Gb/Xu7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzE0MTcyNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg0YTQ3NjgxYTBjN2QwYjFkZmY1N2M2M2RkMGM3Y2VjOGI3NWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmiw7pkHy0PmGHzD5J4Eu0I9Rdsa
FHRsbs2g+2v2VgjlMMoWHJY6fwspMcE2GXG5wH5qlyNa3oLSoV6v1UmPXNCj+e8O
IKlTh6SQq35pgXjAqE+qi/yNn/YeTI79xvgRUNGAyN1ZT7aNLrlSYG1GowOCilcx
66g73xHYFgoOK8q6R8NOpLAQgXkWQxCIYD1ey93S0RipKqQ/5JEuURCsqXcq3UcM
IvGurhaetbR/PWyBDgMRxHwMqe7Vd3AYFStJG/9+XmRPR/1qUswSLwPeFPpDUizf
4B3YFdW6mddDWzIJv/u/AZj6tgUiQ5iXwSymv8nveKqEKlXWUcJ/rP2HSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOEpHaBoMfQsd/1fGPdDHzsi3XKMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbzRTa2RvR2d4OUN4M19WOFk5ME1mT3lMZGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/dfMA0G
CSqGSIb3DQEBCwUAA4IBAQBMMz1MaRlVeYIGZI+7nJ6EQtUs48TRYl45cgIWH+61
rTIchMuafRufOvBL4nO8wbJYqw7fIaeZcx0In689ms5e4D7Co+Zl0cYC60uBgypO
jgzluQF7Z7v5m3h1otTeU0sCDXXuoGTUtxnc2vLK9gJAP3W8RaIEuB/IinEzI0q9
4i/Y064p6GIzNF94hkXX6VzcOLLNB5yFXV4Msq2V3CAVajqMPEv6dRIBDXa6ePvr
Nf9u7AD9A9xLsDxCv3C9qcj2dTpUeGDToVzBG1eNMntzHy2k7dWZ2RAZRmi2bApO
a0Nxmzh9uFqgjwlE8mURWjDbmMs4zctDaqIqcYQXciKX
-----END CERTIFICATE-----