Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Njc7i2GgLmbDRh-qf_eprpIW0Bk.roa
File:                     Njc7i2GgLmbDRh-qf_eprpIW0Bk.roa (raw, json)
Hash identifier:          Hp1PzyqDTrrLsZUzqAjil0KOl5XIl2N1RTfLghCnUYg=
Subject key identifier:   36:37:3B:8B:61:A0:2E:66:C3:46:1F:AA:7F:F7:A9:AE:92:16:D0:19
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E750B80E623DDC006BBD340B214E367DD
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Njc7i2GgLmbDRh-qf_eprpIW0Bk.roa
Signing time:             Fri 29 May 2026 18:42:28 +0000
ROA not before:           Fri 29 May 2026 18:42:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154383
IP address blocks:        151.246.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:75:0b:80:e6:23:dd:c0:06:bb:d3:40:b2:14:e3:67:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 29 18:42:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36373b8b61a02e66c3461faa7ff7a9ae9216d019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b5:71:10:cb:8f:cf:c0:98:32:72:10:30:f0:
                    56:dc:d3:20:48:1e:12:d1:9a:a2:42:34:a1:5b:08:
                    44:70:e1:8e:8c:aa:13:70:f2:0d:05:bb:16:a3:72:
                    36:d2:00:54:d4:a3:53:05:66:97:b5:3c:02:45:2c:
                    bd:3d:c6:06:c2:97:d5:e7:63:37:03:df:d7:0c:5d:
                    a1:a1:0a:83:ab:6a:42:97:89:8c:6c:94:d4:8b:a9:
                    79:ce:40:2a:c7:a2:69:a3:2b:ec:2f:4d:1d:80:37:
                    ac:44:2c:ad:9d:f2:f1:e7:88:52:8b:85:60:d8:fb:
                    5e:c0:90:34:32:d5:d6:bc:84:52:9c:90:1c:fa:04:
                    86:b3:6d:d9:9e:a4:da:e3:cf:9d:ea:98:2a:e0:e6:
                    55:b5:9d:b0:0d:b2:cc:54:9d:56:13:0f:b9:e0:c9:
                    21:2c:93:55:84:48:19:3b:4a:05:26:24:00:87:d8:
                    65:a2:a7:2f:d7:84:fc:d9:da:c5:18:5d:0b:ed:64:
                    8f:3a:9c:d8:9e:d9:d5:8b:ac:0a:26:fb:a3:29:b1:
                    3f:91:73:a9:71:18:f8:19:b3:6d:b6:00:a4:9b:3e:
                    6e:7b:c1:ff:3f:7b:33:f7:14:ff:2b:c2:d3:40:63:
                    ff:ec:17:17:e0:f8:9a:14:a8:4d:48:19:0f:19:ed:
                    c5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:37:3B:8B:61:A0:2E:66:C3:46:1F:AA:7F:F7:A9:AE:92:16:D0:19
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Njc7i2GgLmbDRh-qf_eprpIW0Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.246.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:e0:5c:9d:3d:08:43:ab:da:f9:10:8c:23:27:07:01:60:0e:
         4c:9a:2a:07:75:8a:df:6b:b6:2c:0c:42:3f:20:15:d9:41:aa:
         aa:d7:e6:b5:3b:2a:bd:e3:5f:5b:65:95:aa:c7:f3:84:c3:2b:
         30:59:57:c8:74:1c:47:fd:10:68:23:03:88:ae:ba:b3:64:6a:
         d5:00:80:bc:99:72:da:f4:0f:d2:1e:55:6f:bf:db:ef:d0:0d:
         f0:ef:b0:9d:c7:a2:cb:87:d4:c4:38:89:6c:31:5e:b4:54:0a:
         4d:a9:e4:db:4c:e8:fb:04:61:69:b2:6e:a2:48:28:9a:ca:07:
         54:b5:cb:12:16:14:68:85:8b:5a:bc:69:09:4e:27:de:b0:40:
         a7:9b:ca:a0:7e:24:ce:b9:ce:27:17:82:89:40:f5:56:15:55:
         7a:0e:c8:17:ab:8c:0e:2f:75:f0:5d:47:80:e3:e6:4e:ba:78:
         3d:ce:fc:9d:54:4b:1c:80:76:e7:af:96:9e:ba:5d:b7:57:da:
         73:bd:1e:12:ed:86:56:91:3a:6d:23:09:03:01:5d:a6:1e:e9:
         92:06:16:c4:53:7c:15:ba:06:18:d8:ec:68:15:c7:3e:71:9b:
         96:e9:d9:51:6d:6b:92:33:aa:86:ee:33:b0:cf:9c:17:d9:53:
         5f:2c:e9:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ51C4DmI93ABrvTQLIU42fdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTI5MTg0MjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM3M2I4YjYxYTAyZTY2YzM0NjFmYWE3ZmY3YTlhZTkyMTZkMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbVxEMuPz8CYMnIQMPBW3NMgSB4S
0ZqiQjShWwhEcOGOjKoTcPINBbsWo3I20gBU1KNTBWaXtTwCRSy9PcYGwpfV52M3
A9/XDF2hoQqDq2pCl4mMbJTUi6l5zkAqx6JpoyvsL00dgDesRCytnfLx54hSi4Vg
2PtewJA0MtXWvIRSnJAc+gSGs23ZnqTa48+d6pgq4OZVtZ2wDbLMVJ1WEw+54Mkh
LJNVhEgZO0oFJiQAh9hloqcv14T82drFGF0L7WSPOpzYntnVi6wKJvujKbE/kXOp
cRj4GbNttgCkmz5ue8H/P3sz9xT/K8LTQGP/7BcX4PiaFKhNSBkPGe3FswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDY3O4thoC5mw0Yfqn/3qa6SFtAZMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTmpjN2kyR2dMbWJEUmgtcWZfZXBycElXMEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/bjMA0G
CSqGSIb3DQEBCwUAA4IBAQCq4FydPQhDq9r5EIwjJwcBYA5MmioHdYrfa7YsDEI/
IBXZQaqq1+a1Oyq9419bZZWqx/OEwyswWVfIdBxH/RBoIwOIrrqzZGrVAIC8mXLa
9A/SHlVvv9vv0A3w77Cdx6LLh9TEOIlsMV60VApNqeTbTOj7BGFpsm6iSCiaygdU
tcsSFhRohYtavGkJTifesECnm8qgfiTOuc4nF4KJQPVWFVV6DsgXq4wOL3XwXUeA
4+ZOung9zvydVEscgHbnr5aeul23V9pzvR4S7YZWkTptIwkDAV2mHumSBhbEU3wV
ugYY2OxoFcc+cZuW6dlRbWuSM6qG7jOwz5wX2VNfLOm+
-----END CERTIFICATE-----