Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/JbrmZx_AT3pmyG0jABKqqkEW_Eo.roa
File:                     JbrmZx_AT3pmyG0jABKqqkEW_Eo.roa (raw, json)
Hash identifier:          6XLRDxqpZHnooInzCLWSjiuadrdaJP7kr0aS72Yu3jY=
Subject key identifier:   25:BA:E6:67:1F:C0:4F:7A:66:C8:6D:23:00:12:AA:AA:41:16:FC:4A
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D4CEA22361533AECF31961EBACBFB1B5F
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/JbrmZx_AT3pmyG0jABKqqkEW_Eo.roa
Signing time:             Thu 02 Apr 2026 06:38:25 +0000
ROA not before:           Thu 02 Apr 2026 06:38:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212890
IP address blocks:        150.251.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4c:ea:22:36:15:33:ae:cf:31:96:1e:ba:cb:fb:1b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Apr  2 06:38:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25bae6671fc04f7a66c86d230012aaaa4116fc4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9e:34:61:c5:e4:4a:7f:eb:c7:18:bf:ea:34:
                    b0:9f:8e:98:7c:bf:2a:3b:d0:32:44:4c:7a:39:72:
                    1c:1c:5d:05:10:09:80:0f:85:af:84:75:d1:7a:bd:
                    40:d2:38:fd:f6:e9:fa:e1:66:bb:f9:7b:1d:e9:55:
                    b3:84:df:95:b4:10:8d:8a:34:20:36:69:ab:6b:13:
                    a9:26:f9:3e:34:1a:9c:78:b1:ff:fd:64:9a:65:a4:
                    cf:ce:a5:51:c9:99:92:ef:1b:76:ec:38:7b:cd:88:
                    3b:09:25:7f:cd:aa:5a:7b:37:2f:49:30:d3:18:1f:
                    19:e6:31:b8:1b:ee:f8:58:f9:72:fb:6f:26:bd:38:
                    59:1e:bf:6f:99:b8:b6:cd:e3:7c:cc:0a:19:8c:c8:
                    dd:b2:74:65:79:bc:e9:b1:f3:ed:3c:27:38:a0:96:
                    d3:cf:e2:82:26:dd:10:6c:22:8d:90:16:5c:2b:50:
                    17:f2:18:da:56:85:b3:87:96:30:95:42:a4:8b:ba:
                    7f:32:8b:c5:05:9c:fa:d0:85:8d:ea:19:d7:f1:dd:
                    bb:6d:c7:d2:87:97:b6:91:ac:aa:71:6f:ef:cb:64:
                    e3:27:fb:1e:8b:c6:38:e0:4c:dc:8d:44:55:b1:dc:
                    56:d3:2b:b0:5a:31:73:ca:89:0d:fe:4b:fe:f1:14:
                    8d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BA:E6:67:1F:C0:4F:7A:66:C8:6D:23:00:12:AA:AA:41:16:FC:4A
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/JbrmZx_AT3pmyG0jABKqqkEW_Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b6:90:cd:83:33:90:51:d9:35:c8:bd:44:b8:67:e2:cc:96:
         1f:7a:6e:c5:53:fd:bd:30:e2:94:87:da:2e:8e:4c:fe:d8:2a:
         73:de:98:d9:04:27:5b:4a:e8:84:aa:be:1a:40:3a:6a:4d:56:
         65:fe:8b:80:8f:03:7d:15:a9:94:95:c6:1a:a0:00:56:cd:e1:
         c5:27:10:0c:17:b5:5c:cd:6a:c5:94:d0:a6:3e:20:7c:a2:fd:
         31:05:b8:d5:b3:ee:e7:b7:fd:2f:08:af:c1:0a:29:ab:2f:c1:
         b9:b6:c3:76:24:09:be:93:ff:88:2f:01:30:93:01:07:54:da:
         e1:e6:5c:00:51:3e:06:e7:f8:21:ae:87:27:57:b3:0a:5e:31:
         f1:a8:8f:55:36:51:fb:7b:84:e6:6c:3a:e7:02:9c:a7:ac:ca:
         07:7d:f3:84:03:f5:37:eb:27:1e:f9:91:f2:6c:f1:d0:32:46:
         b5:48:cf:78:0d:f6:51:a0:80:18:6b:c1:ba:f2:ab:ad:ad:33:
         ea:32:f5:f6:e5:c0:59:bb:f4:df:80:60:29:cd:0f:bd:38:f1:
         d9:92:2d:f0:72:01:ae:bf:9e:1e:1a:07:39:07:2e:8b:cd:9c:
         92:96:ae:af:35:d6:27:40:a0:f6:07:c8:95:f4:8e:d5:27:58:
         f8:2d:e3:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1M6iI2FTOuzzGWHrrL+xtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNDAyMDYzODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWJhZTY2NzFmYzA0ZjdhNjZjODZkMjMwMDEyYWFhYTQxMTZmYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyp40YcXkSn/rxxi/6jSwn46YfL8q
O9AyREx6OXIcHF0FEAmAD4WvhHXRer1A0jj99un64Wa7+Xsd6VWzhN+VtBCNijQg
NmmraxOpJvk+NBqceLH//WSaZaTPzqVRyZmS7xt27Dh7zYg7CSV/zapaezcvSTDT
GB8Z5jG4G+74WPly+28mvThZHr9vmbi2zeN8zAoZjMjdsnRlebzpsfPtPCc4oJbT
z+KCJt0QbCKNkBZcK1AX8hjaVoWzh5YwlUKki7p/MovFBZz60IWN6hnX8d27bcfS
h5e2kayqcW/vy2TjJ/sei8Y44EzcjURVsdxW0yuwWjFzyokN/kv+8RSN/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCW65mcfwE96ZshtIwASqqpBFvxKMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvSmJybVp4X0FUM3BteUcwakFCS3Fxa0VXX0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuWMA0G
CSqGSIb3DQEBCwUAA4IBAQAJtpDNgzOQUdk1yL1EuGfizJYfem7FU/29MOKUh9ou
jkz+2Cpz3pjZBCdbSuiEqr4aQDpqTVZl/ouAjwN9FamUlcYaoABWzeHFJxAMF7Vc
zWrFlNCmPiB8ov0xBbjVs+7nt/0vCK/BCimrL8G5tsN2JAm+k/+ILwEwkwEHVNrh
5lwAUT4G5/ghrocnV7MKXjHxqI9VNlH7e4TmbDrnApynrMoHffOEA/U36yce+ZHy
bPHQMka1SM94DfZRoIAYa8G68qutrTPqMvX25cBZu/TfgGApzQ+9OPHZki3wcgGu
v54eGgc5By6LzZySlq6vNdYnQKD2B8iV9I7VJ1j4LePo
-----END CERTIFICATE-----