Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YcW3LoC82TEfjSjH9JxDUDeEwG8.roa
File:                     YcW3LoC82TEfjSjH9JxDUDeEwG8.roa (raw, json)
Hash identifier:          vE/zTFlQW1KhG2NxL44J/EDLxgaHlX+9AuqmHKYXqdM=
Subject key identifier:   61:C5:B7:2E:80:BC:D9:31:1F:8D:28:C7:F4:9C:43:50:37:84:C0:6F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D48D8498B07C65292930C3573DAB844FC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YcW3LoC82TEfjSjH9JxDUDeEwG8.roa
Signing time:             Wed 01 Apr 2026 11:40:27 +0000
ROA not before:           Wed 01 Apr 2026 11:40:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402281
IP address blocks:        151.245.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:d8:49:8b:07:c6:52:92:93:0c:35:73:da:b8:44:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr  1 11:40:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61c5b72e80bcd9311f8d28c7f49c43503784c06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:38:37:42:79:21:ce:20:2c:9a:33:c6:61:ce:
                    23:91:93:c8:77:5d:22:7c:74:1a:a6:dc:92:1c:4f:
                    b8:ed:14:c7:ee:6c:c0:64:59:86:70:0b:49:9f:de:
                    55:37:56:7b:8e:3d:ac:d8:ed:16:f0:3b:c3:02:2e:
                    36:83:ab:32:2c:ef:5f:83:89:bf:83:6d:84:a5:d4:
                    14:1c:cb:c2:95:71:1b:61:d3:ad:1e:41:3f:d4:c1:
                    1a:0e:b4:92:32:70:9f:09:66:8a:67:f4:82:81:2e:
                    fb:4c:41:03:8f:74:5b:d0:9e:5e:cf:17:21:90:87:
                    e1:d3:11:48:a3:d7:fc:b4:36:5c:c6:48:cb:22:b0:
                    88:5f:2b:ec:73:4c:64:38:ff:d7:62:72:ef:54:58:
                    33:ba:35:70:50:47:f7:f2:5f:a8:e7:e1:6d:2d:e9:
                    a6:3c:07:d8:d1:b7:c9:2a:d9:6b:ac:39:6b:f0:46:
                    7e:89:d3:d7:bd:13:d8:cc:b7:f1:9c:26:ed:33:e2:
                    3c:e0:d2:36:80:f6:d9:48:30:d0:8a:20:2d:e0:63:
                    44:29:7c:5b:63:6d:ae:85:fd:ad:0c:50:7c:1c:54:
                    7a:89:f3:23:93:5d:5a:46:86:4d:71:b2:1f:d5:4b:
                    1b:13:e0:76:18:14:2c:ed:06:be:cd:18:75:59:16:
                    16:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C5:B7:2E:80:BC:D9:31:1F:8D:28:C7:F4:9C:43:50:37:84:C0:6F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YcW3LoC82TEfjSjH9JxDUDeEwG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:8e:69:3f:c3:2b:1d:dc:29:8d:92:3c:54:fc:1c:38:86:ef:
         f7:a3:e3:b1:6b:19:55:5b:41:c0:df:96:9d:d2:47:6b:c0:d8:
         d1:5e:3f:8d:20:3f:7a:d8:ca:4b:db:25:01:68:65:41:c8:71:
         ff:a3:1c:f6:55:90:ea:e3:0b:8c:8f:9f:99:76:d7:9e:d6:fe:
         c8:d2:a7:dd:59:70:e5:79:e9:89:05:c5:0d:fd:d7:05:6c:bb:
         5f:2c:7e:d2:41:5e:3c:60:97:75:2f:a5:9b:3c:4a:31:c3:1d:
         89:fc:2b:55:fe:f3:95:92:0b:33:4f:fe:3f:f0:d6:be:cc:0c:
         c7:61:51:df:9e:9a:d7:f3:91:3a:1b:f6:a7:85:90:ab:54:46:
         47:b2:4c:f8:dd:35:22:bb:72:27:ad:18:fd:b1:4f:c1:73:28:
         f4:14:ea:7c:37:99:43:91:ce:5e:7d:62:66:79:6f:ef:d4:6a:
         91:7f:a8:8e:05:59:ea:48:bf:27:33:5a:76:ec:c6:e4:c0:ba:
         fc:63:fa:e7:44:28:b1:eb:f0:b5:7c:36:b3:29:8d:5b:0e:ae:
         81:d9:11:9e:57:d6:d3:11:29:7b:3d:67:05:bf:c2:31:77:ee:
         92:5b:4e:56:fd:3c:e0:e4:48:31:1d:5a:5f:b0:38:55:5e:6a:
         18:71:31:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1I2EmLB8ZSkpMMNXPauET8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDAxMTE0MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWM1YjcyZTgwYmNkOTMxMWY4ZDI4YzdmNDljNDM1MDM3ODRjMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jg3QnkhziAsmjPGYc4jkZPId10i
fHQaptySHE+47RTH7mzAZFmGcAtJn95VN1Z7jj2s2O0W8DvDAi42g6syLO9fg4m/
g22EpdQUHMvClXEbYdOtHkE/1MEaDrSSMnCfCWaKZ/SCgS77TEEDj3Rb0J5ezxch
kIfh0xFIo9f8tDZcxkjLIrCIXyvsc0xkOP/XYnLvVFgzujVwUEf38l+o5+FtLemm
PAfY0bfJKtlrrDlr8EZ+idPXvRPYzLfxnCbtM+I84NI2gPbZSDDQiiAt4GNEKXxb
Y22uhf2tDFB8HFR6ifMjk11aRoZNcbIf1UsbE+B2GBQs7Qa+zRh1WRYWWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHFty6AvNkxH40ox/ScQ1A3hMBvMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWWNXM0xvQzgyVEVmalNqSDlKeERVRGVFd0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/UkMA0G
CSqGSIb3DQEBCwUAA4IBAQCIjmk/wysd3CmNkjxU/Bw4hu/3o+OxaxlVW0HA35ad
0kdrwNjRXj+NID962MpL2yUBaGVByHH/oxz2VZDq4wuMj5+Zdtee1v7I0qfdWXDl
eemJBcUN/dcFbLtfLH7SQV48YJd1L6WbPEoxwx2J/CtV/vOVkgszT/4/8Na+zAzH
YVHfnprX85E6G/anhZCrVEZHskz43TUiu3InrRj9sU/Bcyj0FOp8N5lDkc5efWJm
eW/v1GqRf6iOBVnqSL8nM1p27MbkwLr8Y/rnRCix6/C1fDazKY1bDq6B2RGeV9bT
ESl7PWcFv8Ixd+6SW05W/Tzg5EgxHVpfsDhVXmoYcTFW
-----END CERTIFICATE-----