Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yeWytudaIOL-Mq5EFdGHRChJah4.roa
File:                     yeWytudaIOL-Mq5EFdGHRChJah4.roa (raw, json)
Hash identifier:          8JbK9AUX0DvcZlH83/1kfnMvy3HLKocq0bawuwwSXB4=
Subject key identifier:   C9:E5:B2:B6:E7:5A:20:E2:FE:32:AE:44:15:D1:87:44:28:49:6A:1E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019CCA02363BDD13B38241B7B77BF05434FD
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yeWytudaIOL-Mq5EFdGHRChJah4.roa
Signing time:             Sat 07 Mar 2026 20:34:28 +0000
ROA not before:           Sat 07 Mar 2026 20:34:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64315
IP address blocks:        151.245.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ca:02:36:3b:dd:13:b3:82:41:b7:b7:7b:f0:54:34:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar  7 20:34:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9e5b2b6e75a20e2fe32ae4415d1874428496a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5f:3c:ee:da:b8:17:37:4f:ea:27:d0:a7:db:
                    aa:84:f8:ef:3f:85:6d:c4:02:6c:29:b2:0c:e3:1b:
                    54:d8:06:97:13:77:9a:70:f7:93:3f:b2:65:9e:7c:
                    f7:48:12:b2:2e:21:f0:ef:3b:11:d3:99:cf:da:da:
                    a8:31:eb:b7:9e:75:1a:7e:c3:52:0f:1f:ed:11:34:
                    a2:11:b6:08:43:47:df:ab:32:8b:93:c9:b7:53:7e:
                    7b:cf:81:4b:59:81:ef:86:a3:ef:4b:01:bb:85:29:
                    33:db:9d:c6:ac:d3:fc:f3:6b:fb:9e:e9:3b:e5:fc:
                    d0:41:6d:18:a4:02:9c:e4:4e:6d:2f:9e:bb:4c:2a:
                    e7:23:b5:70:4e:f5:9f:94:46:8a:b5:14:09:e3:0c:
                    75:e9:83:9d:6b:4d:74:df:77:69:72:91:20:d1:ef:
                    51:a6:35:1b:dc:8c:a7:76:34:cb:4c:87:6d:7a:aa:
                    db:1b:fa:d4:e4:7a:ab:5f:15:59:ab:35:88:5a:39:
                    72:66:46:bd:1c:d8:ba:fc:b9:e9:9d:c8:60:23:16:
                    86:6a:56:8d:03:57:00:3d:7d:9d:7f:49:b7:49:9d:
                    95:22:27:74:b1:39:68:22:d3:4b:90:02:64:5b:b0:
                    72:5c:58:40:38:ee:ff:7c:64:1a:93:d4:9c:6c:16:
                    4f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E5:B2:B6:E7:5A:20:E2:FE:32:AE:44:15:D1:87:44:28:49:6A:1E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yeWytudaIOL-Mq5EFdGHRChJah4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:66:22:bb:ec:34:3d:97:38:61:6a:44:01:07:cc:31:51:45:
         51:89:e5:2a:c1:6c:79:63:c8:72:81:83:b3:7e:4e:81:d3:dd:
         ca:1c:90:01:8c:6f:9f:e2:98:fe:69:2e:bf:27:9c:df:40:79:
         6c:d4:d9:db:98:52:6e:15:29:d2:da:85:b4:7c:da:14:d0:32:
         c6:97:81:14:53:00:fb:bb:d3:15:2b:35:82:0e:c2:40:bd:c4:
         30:92:80:a0:e8:81:01:88:04:7e:85:3d:d1:46:45:a3:36:3f:
         a2:22:72:94:9e:84:1b:f3:2c:c8:69:15:be:a6:87:6b:3d:b3:
         76:4f:68:43:67:f5:24:18:eb:33:b8:6e:89:3f:68:6c:ca:2b:
         1f:c0:11:c7:3e:13:25:10:99:17:a4:2f:f2:a8:72:07:34:45:
         f3:99:a7:7a:90:00:0e:eb:31:b7:60:72:a0:1b:57:38:d5:27:
         17:f0:ab:d7:dd:5e:4b:27:1e:00:de:21:1b:a9:1b:d2:87:9f:
         ee:28:16:cc:22:3f:2b:d3:90:47:25:65:42:7c:3a:51:96:21:
         f6:f1:d3:30:23:4d:06:3c:94:1a:32:87:c4:78:ba:16:b1:82:
         60:fc:18:91:c9:b3:85:53:0b:f2:87:d0:dd:db:c1:69:c7:a4:
         38:67:c6:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzKAjY73ROzgkG3t3vwVDT9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzA3MjAzNDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWU1YjJiNmU3NWEyMGUyZmUzMmFlNDQxNWQxODc0NDI4NDk2YTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul887tq4FzdP6ifQp9uqhPjvP4Vt
xAJsKbIM4xtU2AaXE3eacPeTP7Jlnnz3SBKyLiHw7zsR05nP2tqoMeu3nnUafsNS
Dx/tETSiEbYIQ0ffqzKLk8m3U357z4FLWYHvhqPvSwG7hSkz253GrNP882v7nuk7
5fzQQW0YpAKc5E5tL567TCrnI7VwTvWflEaKtRQJ4wx16YOda01033dpcpEg0e9R
pjUb3IyndjTLTIdteqrbG/rU5HqrXxVZqzWIWjlyZka9HNi6/LnpnchgIxaGalaN
A1cAPX2df0m3SZ2VIid0sTloItNLkAJkW7ByXFhAOO7/fGQak9ScbBZP6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnlsrbnWiDi/jKuRBXRh0QoSWoeMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveWVXeXR1ZGFJT0wtTXE1RUZkR0hSQ2hKYWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/UAMA0G
CSqGSIb3DQEBCwUAA4IBAQB6ZiK77DQ9lzhhakQBB8wxUUVRieUqwWx5Y8hygYOz
fk6B093KHJABjG+f4pj+aS6/J5zfQHls1NnbmFJuFSnS2oW0fNoU0DLGl4EUUwD7
u9MVKzWCDsJAvcQwkoCg6IEBiAR+hT3RRkWjNj+iInKUnoQb8yzIaRW+podrPbN2
T2hDZ/UkGOszuG6JP2hsyisfwBHHPhMlEJkXpC/yqHIHNEXzmad6kAAO6zG3YHKg
G1c41ScX8KvX3V5LJx4A3iEbqRvSh5/uKBbMIj8r05BHJWVCfDpRliH28dMwI00G
PJQaMofEeLoWsYJg/BiRybOFUwvyh9Dd28Fpx6Q4Z8Yq
-----END CERTIFICATE-----