Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fwsTGi26-mDTI0_G2bHAymmvfGY.roa
File:                     fwsTGi26-mDTI0_G2bHAymmvfGY.roa (raw, json)
Hash identifier:          XVsQtjp16dZwdaKUI7PUk4mOUKeMj6QMYFUByuhPlns=
Subject key identifier:   7F:0B:13:1A:2D:BA:FA:60:D3:23:4F:C6:D9:B1:C0:CA:69:AF:7C:66
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DCD2CA57F09D9BC41134E567EF096F873
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fwsTGi26-mDTI0_G2bHAymmvfGY.roa
Signing time:             Mon 27 Apr 2026 04:22:28 +0000
ROA not before:           Mon 27 Apr 2026 04:22:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213001
IP address blocks:        151.241.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cd:2c:a5:7f:09:d9:bc:41:13:4e:56:7e:f0:96:f8:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 27 04:22:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f0b131a2dbafa60d3234fc6d9b1c0ca69af7c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7a:79:fd:9b:f7:8a:f4:73:94:1a:df:c7:ea:
                    c5:7b:48:ba:62:6b:72:ec:58:79:d9:40:21:9c:54:
                    e0:08:d6:d3:ab:48:51:e6:15:b2:d4:f4:75:e7:95:
                    f9:21:5c:ae:69:35:17:b6:73:78:ef:43:85:56:22:
                    9e:4f:e5:9d:f0:0c:d9:4d:f2:68:e3:ef:6d:aa:33:
                    24:f3:ef:37:56:65:f7:7d:75:1b:10:86:54:2f:dd:
                    db:14:d1:41:f8:7d:cc:f7:b1:cf:89:7f:1b:71:86:
                    4d:83:8d:c2:38:57:9f:52:48:ac:4f:b1:47:55:71:
                    47:6a:74:06:60:41:f2:4e:0c:61:a8:39:c1:94:54:
                    11:f8:ba:2d:ce:0f:71:65:fd:48:11:db:65:30:e4:
                    56:19:7b:b4:7d:91:04:b0:33:c8:ab:71:1a:29:18:
                    c4:e5:0d:c9:42:11:92:c8:33:7c:ab:10:4d:4f:63:
                    75:f9:a2:cd:19:9e:9c:3b:c7:d5:1a:f6:b9:4d:5a:
                    3a:68:a8:61:09:8f:a0:fe:9a:ec:57:1e:3a:ac:c2:
                    16:70:9b:68:f3:74:41:d6:07:8f:bf:df:6a:1b:7d:
                    27:73:be:08:5d:22:57:10:4f:5b:09:05:47:3a:4b:
                    79:78:d0:74:67:f2:01:0b:9b:ad:02:07:bb:80:9b:
                    12:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:0B:13:1A:2D:BA:FA:60:D3:23:4F:C6:D9:B1:C0:CA:69:AF:7C:66
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fwsTGi26-mDTI0_G2bHAymmvfGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:15:0b:94:af:12:c8:63:01:ca:49:d4:bc:53:6e:14:e2:50:
         49:40:74:1b:71:1c:ed:e6:e9:48:fa:57:16:c7:e7:de:a6:7f:
         66:24:6d:95:cc:e6:86:9c:5f:0b:a9:16:6a:79:26:06:41:f2:
         c9:1c:1f:7f:cd:39:38:be:7a:4d:b8:f7:05:30:4d:7d:46:91:
         18:89:32:b9:cc:06:97:29:82:1a:b7:ba:a8:65:f9:92:4a:d3:
         94:1a:05:49:da:be:72:39:54:04:98:35:17:d3:32:17:95:2e:
         50:33:54:cb:a2:21:60:22:a0:89:fd:ae:fe:17:b3:9e:9b:14:
         ef:c9:d2:b8:8e:12:d7:f5:37:f4:ee:76:e7:b4:96:c4:6f:6d:
         d1:c5:97:52:80:56:57:42:5f:91:58:2e:ff:ee:ee:78:07:4c:
         10:3f:3f:62:f4:b8:dd:84:88:a9:4a:0f:ae:f7:9c:a2:0b:7b:
         11:70:e6:b8:be:46:c7:59:f2:15:52:37:df:30:80:2c:bd:05:
         4c:cf:97:55:94:47:63:79:66:4e:42:da:8c:a1:68:3a:f8:f1:
         ed:76:e1:13:9d:5b:f5:68:42:15:df:d1:55:ab:e3:5a:d8:51:
         c4:61:8d:37:89:4a:f8:c9:44:c6:10:80:b0:f5:66:b6:f5:c9:
         74:01:ec:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3NLKV/Cdm8QRNOVn7wlvhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDI3MDQyMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjBiMTMxYTJkYmFmYTYwZDMyMzRmYzZkOWIxYzBjYTY5YWY3YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXp5/Zv3ivRzlBrfx+rFe0i6Ymty
7Fh52UAhnFTgCNbTq0hR5hWy1PR155X5IVyuaTUXtnN470OFViKeT+Wd8AzZTfJo
4+9tqjMk8+83VmX3fXUbEIZUL93bFNFB+H3M97HPiX8bcYZNg43COFefUkisT7FH
VXFHanQGYEHyTgxhqDnBlFQR+Lotzg9xZf1IEdtlMORWGXu0fZEEsDPIq3EaKRjE
5Q3JQhGSyDN8qxBNT2N1+aLNGZ6cO8fVGva5TVo6aKhhCY+g/prsVx46rMIWcJto
83RB1gePv99qG30nc74IXSJXEE9bCQVHOkt5eNB0Z/IBC5utAge7gJsSVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8LExotuvpg0yNPxtmxwMppr3xmMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZndzVEdpMjYtbURUSTBfRzJiSEF5bW12ZkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/HhMA0G
CSqGSIb3DQEBCwUAA4IBAQC1FQuUrxLIYwHKSdS8U24U4lBJQHQbcRzt5ulI+lcW
x+fepn9mJG2VzOaGnF8LqRZqeSYGQfLJHB9/zTk4vnpNuPcFME19RpEYiTK5zAaX
KYIat7qoZfmSStOUGgVJ2r5yOVQEmDUX0zIXlS5QM1TLoiFgIqCJ/a7+F7OemxTv
ydK4jhLX9Tf07nbntJbEb23RxZdSgFZXQl+RWC7/7u54B0wQPz9i9LjdhIipSg+u
95yiC3sRcOa4vkbHWfIVUjffMIAsvQVMz5dVlEdjeWZOQtqMoWg6+PHtduETnVv1
aEIV39FVq+Na2FHEYY03iUr4yUTGEICw9Wa29cl0Aewp
-----END CERTIFICATE-----