Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OUCWb8WjbX6a-eovcOQ-WaP22_A.roa
File:                     OUCWb8WjbX6a-eovcOQ-WaP22_A.roa (raw, json)
Hash identifier:          B0GqfuO3RZ2ThhMtw4eawZ/bNRp2p3fZJ3pIbqDKiHM=
Subject key identifier:   39:40:96:6F:C5:A3:6D:7E:9A:F9:EA:2F:70:E4:3E:59:A3:F6:DB:F0
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019C5A5C2640DBF5EF00B812CD9AD24280CC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OUCWb8WjbX6a-eovcOQ-WaP22_A.roa
Signing time:             Sat 14 Feb 2026 04:15:14 +0000
ROA not before:           Sat 14 Feb 2026 04:15:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46559
IP address blocks:        151.247.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5a:5c:26:40:db:f5:ef:00:b8:12:cd:9a:d2:42:80:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 14 04:15:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3940966fc5a36d7e9af9ea2f70e43e59a3f6dbf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8f:8f:19:d3:58:de:94:7c:ee:a1:8c:d7:c8:
                    c5:de:15:19:ab:e4:cc:19:b6:9e:ac:24:00:61:e1:
                    23:80:35:9f:eb:e4:9a:5f:95:04:00:1b:fe:d2:65:
                    d9:ef:e0:9b:ac:88:c9:2e:f8:d4:48:b3:4b:03:8b:
                    7c:b0:c3:2c:5e:fc:fa:5d:ce:64:c2:d9:f5:30:63:
                    c7:c1:3c:f0:0f:95:37:99:50:a4:3f:4d:88:3c:ce:
                    3d:08:5f:1a:66:89:85:11:44:21:1b:e9:c5:9f:0c:
                    ad:0e:a5:6b:23:68:9b:eb:75:24:a2:49:a9:97:1f:
                    03:57:e3:ca:58:b1:37:fb:b3:79:b1:db:0a:52:8e:
                    07:53:49:60:be:38:b8:f0:25:39:1c:e9:7e:cf:49:
                    6f:00:eb:0f:54:5d:2d:ec:b9:a7:1c:34:b5:05:0d:
                    9c:40:05:34:fa:8a:e8:cb:f9:16:01:0a:1d:a1:1d:
                    ee:2b:0e:6d:62:ed:00:22:ca:06:30:0a:ed:b5:63:
                    80:3c:07:42:ab:a7:85:5f:65:1a:1a:66:75:c0:ae:
                    73:1a:6f:e2:6b:cc:a7:18:fa:77:e5:81:a2:2b:43:
                    db:c5:69:18:47:ec:28:80:e2:b9:00:11:4e:c8:b3:
                    41:a7:6f:96:69:70:52:35:b1:a9:b8:8f:21:d1:ab:
                    bb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:40:96:6F:C5:A3:6D:7E:9A:F9:EA:2F:70:E4:3E:59:A3:F6:DB:F0
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/OUCWb8WjbX6a-eovcOQ-WaP22_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:61:ee:b6:69:2c:3a:2d:19:f2:86:93:6d:41:cf:cf:a6:f5:
         02:28:8a:c1:f5:ff:a9:38:8c:68:7e:48:05:6a:8f:7d:7b:f5:
         f2:58:af:2d:cf:30:cc:0c:08:54:f4:7d:d5:38:64:24:4c:0d:
         56:67:39:34:d5:ec:90:6e:00:ac:8b:62:63:3c:0d:79:e0:5d:
         f9:95:cc:5c:26:d7:2f:a9:fb:43:41:b6:19:8c:82:42:b6:e7:
         9e:c5:fb:ec:ba:e2:e5:58:29:fa:b9:62:20:44:c5:56:7f:c8:
         7b:e4:f4:7e:18:f9:97:0e:2a:76:51:af:2a:6b:47:f0:b7:77:
         4f:41:64:0e:bc:98:83:63:41:41:56:b8:6a:f2:f3:fb:84:e9:
         94:54:35:86:f5:ca:33:4d:9a:d0:c4:7b:15:8f:6e:a4:42:0d:
         16:ad:7e:33:72:55:39:4d:92:e7:27:3f:5c:18:20:85:5c:76:
         91:48:2d:9f:3f:c8:23:69:82:f0:2d:f0:5a:1a:b9:54:5f:ac:
         32:75:3e:13:a3:77:26:79:34:4d:14:8c:e0:3a:7a:44:d4:51:
         e3:14:83:73:87:5a:1d:a3:4f:92:58:cf:4a:f7:ea:77:30:76:
         9a:16:35:e3:1b:00:13:4e:63:06:bc:6c:b4:47:da:63:1c:ce:
         3c:2c:07:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxaXCZA2/XvALgSzZrSQoDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjE0MDQxNTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQwOTY2ZmM1YTM2ZDdlOWFmOWVhMmY3MGU0M2U1OWEzZjZkYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI+PGdNY3pR87qGM18jF3hUZq+TM
GbaerCQAYeEjgDWf6+SaX5UEABv+0mXZ7+CbrIjJLvjUSLNLA4t8sMMsXvz6Xc5k
wtn1MGPHwTzwD5U3mVCkP02IPM49CF8aZomFEUQhG+nFnwytDqVrI2ib63Ukokmp
lx8DV+PKWLE3+7N5sdsKUo4HU0lgvji48CU5HOl+z0lvAOsPVF0t7LmnHDS1BQ2c
QAU0+oroy/kWAQodoR3uKw5tYu0AIsoGMArttWOAPAdCq6eFX2UaGmZ1wK5zGm/i
a8ynGPp35YGiK0PbxWkYR+wogOK5ABFOyLNBp2+WaXBSNbGpuI8h0au70wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlAlm/Fo21+mvnqL3DkPlmj9tvwMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvT1VDV2I4V2piWDZhLWVvdmNPUS1XYVAyMl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/eAMA0G
CSqGSIb3DQEBCwUAA4IBAQAhYe62aSw6LRnyhpNtQc/PpvUCKIrB9f+pOIxofkgF
ao99e/XyWK8tzzDMDAhU9H3VOGQkTA1WZzk01eyQbgCsi2JjPA154F35lcxcJtcv
qftDQbYZjIJCtueexfvsuuLlWCn6uWIgRMVWf8h75PR+GPmXDip2Ua8qa0fwt3dP
QWQOvJiDY0FBVrhq8vP7hOmUVDWG9cozTZrQxHsVj26kQg0WrX4zclU5TZLnJz9c
GCCFXHaRSC2fP8gjaYLwLfBaGrlUX6wydT4To3cmeTRNFIzgOnpE1FHjFINzh1od
o0+SWM9K9+p3MHaaFjXjGwATTmMGvGy0R9pjHM48LAfw
-----END CERTIFICATE-----