Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qW_HiW8eM0KEIF_i_xajsnA5J8Q.roa
File:                     qW_HiW8eM0KEIF_i_xajsnA5J8Q.roa (raw, json)
Hash identifier:          BcHm+E/Efbu8busT50rldbMpmodRQqtOC9XZaCbmyVg=
Subject key identifier:   A9:6F:C7:89:6F:1E:33:42:84:20:5F:E2:FF:16:A3:B2:70:39:27:C4
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DF83BAF281EDBD4E5CA1A4D7967A1F654
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qW_HiW8eM0KEIF_i_xajsnA5J8Q.roa
Signing time:             Tue 05 May 2026 13:02:34 +0000
ROA not before:           Tue 05 May 2026 13:02:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     275723
IP address blocks:        151.247.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:3b:af:28:1e:db:d4:e5:ca:1a:4d:79:67:a1:f6:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  5 13:02:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a96fc7896f1e334284205fe2ff16a3b2703927c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a2:fb:a0:40:ad:5f:3d:aa:64:e8:88:70:8c:
                    82:25:16:d1:4f:f8:c5:fc:be:92:49:56:56:b5:ac:
                    d8:36:9d:44:cb:62:a6:1b:29:c4:c2:12:2d:2f:4d:
                    57:a5:8f:86:10:78:a0:f0:5d:7c:31:5a:ab:a7:91:
                    96:09:85:4c:1c:26:ca:6c:d2:cc:1f:95:b0:48:22:
                    4c:ab:77:6d:49:98:08:55:b2:c1:67:45:31:3b:16:
                    50:e0:60:06:85:7b:97:21:49:34:34:9b:7a:8c:6a:
                    39:66:28:f5:58:97:e6:b2:59:b9:2c:ef:cd:cb:20:
                    4f:cb:30:b0:9e:ae:df:ba:51:d3:0b:d8:64:dd:ea:
                    e1:1f:77:d1:c4:63:1e:54:f8:dd:14:86:3d:45:b8:
                    74:d1:c6:9f:e4:c9:5e:f1:74:de:bd:f2:1a:00:97:
                    11:fd:39:54:43:04:ef:bb:77:11:ea:a9:f2:ec:03:
                    1d:37:39:f6:d1:7b:2e:15:ba:1d:85:4d:0c:47:57:
                    60:b6:47:49:35:4a:69:5e:8d:e4:43:dd:01:28:81:
                    8e:23:80:3c:fe:51:22:e9:d4:65:bc:7f:2b:e2:fd:
                    1d:19:74:20:09:5c:a3:66:a2:76:7b:5f:ca:21:c5:
                    d3:ad:8d:9e:e1:5a:90:f6:77:86:0f:b1:bf:8d:0b:
                    aa:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6F:C7:89:6F:1E:33:42:84:20:5F:E2:FF:16:A3:B2:70:39:27:C4
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qW_HiW8eM0KEIF_i_xajsnA5J8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:ab:56:5d:ce:b8:fd:72:ae:f2:e5:2c:21:29:2d:bd:61:8b:
         c7:e7:e2:32:39:bd:d3:8f:ac:34:0f:ed:51:2e:a1:40:4b:5f:
         bd:33:93:77:09:a5:e2:74:26:0c:5f:f1:80:ff:2c:a1:25:68:
         bd:b1:98:b4:ad:23:07:f1:b0:d4:14:3f:d2:5d:76:94:4a:62:
         42:d3:5b:62:92:9a:cc:b8:e7:16:cb:73:0a:a2:c2:ca:14:dd:
         d9:a3:93:9d:63:08:6e:3e:e7:69:12:af:3c:09:ea:84:fd:77:
         64:3a:87:25:88:71:07:57:7d:c1:fc:fa:cc:85:cd:16:96:9e:
         7b:68:c2:53:89:7e:be:de:b3:94:b1:db:9b:e8:b9:9a:d6:35:
         9e:2e:8a:b3:c7:6f:26:2c:fe:e0:6e:54:76:fe:cb:99:03:65:
         13:78:f2:3b:84:fe:31:61:d7:83:85:a9:99:a1:56:2d:87:d3:
         75:9c:51:bf:9a:b6:8f:0a:4d:19:cb:d7:f3:c9:c4:f4:e3:77:
         03:f8:60:9c:f5:b8:b4:ac:0c:e3:7a:02:f4:98:8d:3d:5d:85:
         5f:43:de:2d:f8:97:e4:7d:95:5c:ec:cc:01:08:f4:66:12:0c:
         db:df:1b:bd:da:03:90:d0:b4:9a:cf:94:55:5e:8a:04:27:8f:
         0e:23:c5:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34O68oHtvU5coaTXlnofZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTA1MTMwMjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZmYzc4OTZmMWUzMzQyODQyMDVmZTJmZjE2YTNiMjcwMzkyN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKL7oECtXz2qZOiIcIyCJRbRT/jF
/L6SSVZWtazYNp1Ey2KmGynEwhItL01XpY+GEHig8F18MVqrp5GWCYVMHCbKbNLM
H5WwSCJMq3dtSZgIVbLBZ0UxOxZQ4GAGhXuXIUk0NJt6jGo5Zij1WJfmslm5LO/N
yyBPyzCwnq7fulHTC9hk3erhH3fRxGMeVPjdFIY9Rbh00caf5Mle8XTevfIaAJcR
/TlUQwTvu3cR6qny7AMdNzn20XsuFbodhU0MR1dgtkdJNUppXo3kQ90BKIGOI4A8
/lEi6dRlvH8r4v0dGXQgCVyjZqJ2e1/KIcXTrY2e4VqQ9neGD7G/jQuqKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlvx4lvHjNChCBf4v8Wo7JwOSfEMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcVdfSGlXOGVNMEtFSUZfaV94YWpzbkE1SjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/evMA0G
CSqGSIb3DQEBCwUAA4IBAQANq1Zdzrj9cq7y5SwhKS29YYvH5+IyOb3Tj6w0D+1R
LqFAS1+9M5N3CaXidCYMX/GA/yyhJWi9sZi0rSMH8bDUFD/SXXaUSmJC01tikprM
uOcWy3MKosLKFN3Zo5OdYwhuPudpEq88CeqE/XdkOocliHEHV33B/PrMhc0Wlp57
aMJTiX6+3rOUsdub6Lma1jWeLoqzx28mLP7gblR2/suZA2UTePI7hP4xYdeDhamZ
oVYth9N1nFG/mraPCk0Zy9fzycT043cD+GCc9bi0rAzjegL0mI09XYVfQ94t+Jfk
fZVc7MwBCPRmEgzb3xu92gOQ0LSaz5RVXooEJ48OI8XF
-----END CERTIFICATE-----