Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NScYLrSYgy9LVVVbXew1TdIfDn4.roa
File:                     NScYLrSYgy9LVVVbXew1TdIfDn4.roa (raw, json)
Hash identifier:          0v/58XREyhcSvO0Go25HQNE2dZSKIb6sIUc9es3wnHY=
Subject key identifier:   35:27:18:2E:B4:98:83:2F:4B:55:55:5B:5D:EC:35:4D:D2:1F:0E:7E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D51ECCF3426DD0FC820A526FA3DD96743
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NScYLrSYgy9LVVVbXew1TdIfDn4.roa
Signing time:             Fri 03 Apr 2026 05:59:27 +0000
ROA not before:           Fri 03 Apr 2026 05:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49367
IP address blocks:        151.246.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:51:ec:cf:34:26:dd:0f:c8:20:a5:26:fa:3d:d9:67:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr  3 05:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3527182eb498832f4b55555b5dec354dd21f0e7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a3:c8:2b:16:67:40:4b:67:38:d7:9d:36:53:
                    52:73:c0:75:67:ef:af:e7:11:e3:7b:3a:f1:2e:08:
                    ad:c2:fa:e1:16:09:75:25:b5:cb:44:b6:ac:40:6b:
                    77:27:e3:9e:0c:e6:4d:28:f8:26:44:35:80:64:ff:
                    92:54:01:0a:33:17:ff:60:ab:2d:e7:d4:2b:f0:59:
                    d8:44:c2:87:36:a3:9f:51:7a:88:c1:f4:3d:c4:17:
                    43:d2:cd:50:8b:04:fd:11:e8:a5:52:b7:b2:22:eb:
                    f2:33:86:17:59:9b:04:16:05:eb:c3:d9:19:b1:e4:
                    26:b1:b4:26:aa:1b:27:d2:e0:dc:97:a4:69:13:04:
                    ca:61:cd:03:dc:38:60:d8:75:ac:d2:78:d5:c0:f4:
                    5e:02:5b:2a:7f:81:e2:20:49:9d:2c:ff:2c:3c:fb:
                    32:c6:2a:21:bf:1f:6e:25:3b:e3:a5:4e:4f:2c:3e:
                    d4:b7:f9:a3:c6:4a:80:16:db:53:74:d4:8a:fd:14:
                    11:17:ed:48:09:51:64:7b:4a:50:b0:2c:4e:92:08:
                    f3:dc:42:fb:a5:23:42:ac:3b:ed:af:a0:2c:f6:0c:
                    db:cc:8c:0e:c7:7a:5c:39:b1:77:18:22:0a:51:39:
                    fa:46:17:9c:b7:18:9f:e2:97:85:25:e8:3c:a3:c4:
                    a2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:27:18:2E:B4:98:83:2F:4B:55:55:5B:5D:EC:35:4D:D2:1F:0E:7E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NScYLrSYgy9LVVVbXew1TdIfDn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:26:ae:53:a1:0f:27:24:89:83:3e:b2:dd:48:20:77:db:64:
         4c:f8:4f:89:d9:d1:5b:64:be:0f:09:17:a8:b1:99:d3:f8:36:
         f6:71:89:9e:73:74:cc:35:4d:8b:38:ea:2b:df:63:13:12:ab:
         ac:ef:52:84:09:da:ab:fa:e2:2e:1f:c0:93:20:30:14:32:03:
         58:0e:7d:07:46:21:61:21:45:76:28:7e:eb:22:e2:c6:7f:7f:
         38:e7:55:ed:95:cc:ca:94:6e:39:16:4c:34:a2:32:89:7c:99:
         e8:ed:7d:34:66:86:88:fb:43:91:33:b7:9c:9c:1d:d1:46:d3:
         59:39:a2:1c:7b:cc:68:81:6b:63:fa:09:30:0d:0b:9b:7c:36:
         64:ce:c5:14:00:f0:c4:67:b2:5e:02:db:0d:2d:4f:1f:43:ed:
         ab:5a:82:5c:93:95:c2:8c:10:60:e1:76:dd:fc:a6:33:58:34:
         af:21:b8:1f:ad:18:18:65:dc:1f:e7:42:de:a7:44:72:d5:8b:
         1a:55:a9:ff:f4:bb:1b:42:da:25:64:ce:8b:c2:9e:2f:11:44:
         f7:91:0e:16:ff:2d:ed:01:75:12:d7:6e:62:78:51:f0:11:cf:
         98:cb:e7:d6:a8:e9:f0:e9:0e:b7:b4:54:80:2a:d5:be:7d:fe:
         e8:00:25:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1R7M80Jt0PyCClJvo92WdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDAzMDU1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTI3MTgyZWI0OTg4MzJmNGI1NTU1NWI1ZGVjMzU0ZGQyMWYwZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqPIKxZnQEtnONedNlNSc8B1Z++v
5xHjezrxLgitwvrhFgl1JbXLRLasQGt3J+OeDOZNKPgmRDWAZP+SVAEKMxf/YKst
59Qr8FnYRMKHNqOfUXqIwfQ9xBdD0s1QiwT9EeilUreyIuvyM4YXWZsEFgXrw9kZ
seQmsbQmqhsn0uDcl6RpEwTKYc0D3Dhg2HWs0njVwPReAlsqf4HiIEmdLP8sPPsy
xiohvx9uJTvjpU5PLD7Ut/mjxkqAFttTdNSK/RQRF+1ICVFke0pQsCxOkgjz3EL7
pSNCrDvtr6As9gzbzIwOx3pcObF3GCIKUTn6Rhectxif4peFJeg8o8SitwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUnGC60mIMvS1VVW13sNU3SHw5+MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTlNjWUxyU1lneTlMVlZWYlhldzFUZElmRG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/bGMA0G
CSqGSIb3DQEBCwUAA4IBAQAvJq5ToQ8nJImDPrLdSCB322RM+E+J2dFbZL4PCReo
sZnT+Db2cYmec3TMNU2LOOor32MTEqus71KECdqr+uIuH8CTIDAUMgNYDn0HRiFh
IUV2KH7rIuLGf38451XtlczKlG45Fkw0ojKJfJno7X00ZoaI+0ORM7ecnB3RRtNZ
OaIce8xogWtj+gkwDQubfDZkzsUUAPDEZ7JeAtsNLU8fQ+2rWoJck5XCjBBg4Xbd
/KYzWDSvIbgfrRgYZdwf50Lep0Ry1YsaVan/9LsbQtolZM6Lwp4vEUT3kQ4W/y3t
AXUS125ieFHwEc+Yy+fWqOnw6Q63tFSAKtW+ff7oACWG
-----END CERTIFICATE-----