Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JDAayHTs-0YIM6JuBN-LWwvc4FI.roa
File:                     JDAayHTs-0YIM6JuBN-LWwvc4FI.roa (raw, json)
Hash identifier:          dGoLJn3VIrKm/c+auSb9ptL+R/Kh2rzmBIBd4MeJI3o=
Subject key identifier:   24:30:1A:C8:74:EC:FB:46:08:33:A2:6E:04:DF:8B:5B:0B:DC:E0:52
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EA5AD81B45E194703464AAC91994AE2C4
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JDAayHTs-0YIM6JuBN-LWwvc4FI.roa
Signing time:             Mon 08 Jun 2026 05:21:12 +0000
ROA not before:           Mon 08 Jun 2026 05:21:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33355
IP address blocks:        151.244.213.0/24 maxlen: 24
                          151.247.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:ad:81:b4:5e:19:47:03:46:4a:ac:91:99:4a:e2:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  8 05:21:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24301ac874ecfb460833a26e04df8b5b0bdce052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f7:57:06:8e:57:8b:0b:15:1e:3e:8b:dc:5a:
                    3a:9b:5f:b4:9d:8d:0e:73:d1:af:c1:9e:f8:25:31:
                    8b:92:ad:8a:a3:35:b5:73:06:b2:db:f0:db:2f:db:
                    71:2c:67:c8:62:b2:3a:90:be:81:f2:d1:8c:4d:f9:
                    b6:e4:89:d7:6a:6e:b8:60:2f:2c:d9:57:4e:11:4b:
                    b7:47:05:36:16:e1:8b:1f:8f:9d:0b:ee:35:01:e5:
                    31:ff:99:81:a8:60:c0:c3:e7:4b:93:30:87:57:fa:
                    e1:f6:c9:33:bd:e7:59:18:5b:6b:80:64:b0:1c:ec:
                    43:03:f0:a5:78:eb:20:dd:ed:5d:39:e0:c5:f2:c1:
                    96:ac:4a:9b:85:b0:aa:42:09:d1:3d:4a:f4:9c:83:
                    a8:42:84:48:46:bb:b0:be:f3:5a:44:d7:11:8f:c3:
                    05:42:a1:4d:0b:22:77:2c:d2:be:38:08:9a:c4:c2:
                    40:87:d7:19:9a:b7:0c:02:ce:2e:c1:ea:8e:8e:be:
                    ed:d9:ba:1b:b0:33:cc:7a:c5:0a:00:04:58:c0:b0:
                    72:73:3f:c7:4f:c3:c1:ff:d5:b7:8d:a2:19:ed:03:
                    6e:88:4e:e0:a7:aa:43:3a:66:0e:b6:2f:be:e8:3d:
                    7e:fb:cb:0f:dc:f5:87:a6:2b:30:53:d3:e6:15:05:
                    f0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:30:1A:C8:74:EC:FB:46:08:33:A2:6E:04:DF:8B:5B:0B:DC:E0:52
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JDAayHTs-0YIM6JuBN-LWwvc4FI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.213.0/24
                  151.247.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:ec:c4:52:a2:aa:93:79:12:e9:62:c9:8d:df:28:28:4f:96:
         6f:e0:5d:ad:dd:7d:56:c3:94:e2:71:23:26:0d:b2:32:19:8f:
         a6:ea:ca:59:84:17:87:69:79:7d:b0:b3:f2:61:06:38:e8:1a:
         17:24:72:14:a7:d6:e9:f5:d3:dd:2a:9a:45:51:8d:68:a2:a0:
         31:d0:ab:86:dc:a6:fd:95:47:d6:86:85:0f:42:f9:b2:cc:32:
         45:36:9a:aa:d7:49:09:30:5d:c2:3c:2a:f2:35:21:98:f7:b8:
         b1:34:f7:df:f2:84:1e:48:0e:74:d6:3f:41:70:04:ad:56:e4:
         fd:ac:bf:8c:31:d9:10:31:4b:e3:79:cb:6b:e9:ae:4a:86:18:
         a5:54:4b:e7:69:fe:ce:d7:6f:b7:93:c1:51:f4:e2:8a:38:a9:
         5e:10:ed:35:fd:85:e9:14:d9:eb:53:95:48:7b:c0:66:d9:f2:
         02:8d:ea:89:23:3d:3f:ee:21:39:27:2a:79:73:15:6e:7b:8b:
         cc:a2:be:09:ea:e9:c8:98:37:2a:5e:cf:39:d0:fd:52:70:68:
         fc:7b:e3:8e:d6:62:56:35:93:e6:b8:92:52:c7:9d:3e:d8:4d:
         42:bd:05:eb:07:fd:3c:f1:a8:a1:02:cd:b0:67:7e:05:38:c7:
         43:56:ea:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6lrYG0XhlHA0ZKrJGZSuLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA4MDUyMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDMwMWFjODc0ZWNmYjQ2MDgzM2EyNmUwNGRmOGI1YjBiZGNlMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/dXBo5XiwsVHj6L3Fo6m1+0nY0O
c9GvwZ74JTGLkq2KozW1cway2/DbL9txLGfIYrI6kL6B8tGMTfm25InXam64YC8s
2VdOEUu3RwU2FuGLH4+dC+41AeUx/5mBqGDAw+dLkzCHV/rh9skzvedZGFtrgGSw
HOxDA/CleOsg3e1dOeDF8sGWrEqbhbCqQgnRPUr0nIOoQoRIRruwvvNaRNcRj8MF
QqFNCyJ3LNK+OAiaxMJAh9cZmrcMAs4uweqOjr7t2bobsDPMesUKAARYwLBycz/H
T8PB/9W3jaIZ7QNuiE7gp6pDOmYOti++6D1++8sP3PWHpiswU9PmFQXwuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCQwGsh07PtGCDOibgTfi1sL3OBSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSkRBYXlIVHMtMFlJTTZKdUJOLUxXd3ZjNEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/TVAwQA
l/ckMA0GCSqGSIb3DQEBCwUAA4IBAQBO7MRSoqqTeRLpYsmN3ygoT5Zv4F2t3X1W
w5TicSMmDbIyGY+m6spZhBeHaXl9sLPyYQY46BoXJHIUp9bp9dPdKppFUY1ooqAx
0KuG3Kb9lUfWhoUPQvmyzDJFNpqq10kJMF3CPCryNSGY97ixNPff8oQeSA501j9B
cAStVuT9rL+MMdkQMUvjectr6a5KhhilVEvnaf7O12+3k8FR9OKKOKleEO01/YXp
FNnrU5VIe8Bm2fICjeqJIz0/7iE5Jyp5cxVue4vMor4J6unImDcqXs850P1ScGj8
e+OO1mJWNZPmuJJSx50+2E1CvQXrB/088aihAs2wZ34FOMdDVupc
-----END CERTIFICATE-----