Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zfFT8c91hYjIdpF27Q-OYeQpcEk.roa
File:                     zfFT8c91hYjIdpF27Q-OYeQpcEk.roa (raw, json)
Hash identifier:          1jkky98qloWk46zYET2Jgk5nG9hDEsNR8gWt1kvyx+0=
Subject key identifier:   CD:F1:53:F1:CF:75:85:88:C8:76:91:76:ED:0F:8E:61:E4:29:70:49
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E17D46F093AA786A4430A4211F37F88D6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zfFT8c91hYjIdpF27Q-OYeQpcEk.roa
Signing time:             Mon 11 May 2026 16:17:38 +0000
ROA not before:           Mon 11 May 2026 16:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153671
IP address blocks:        151.242.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:d4:6f:09:3a:a7:86:a4:43:0a:42:11:f3:7f:88:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 11 16:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdf153f1cf758588c8769176ed0f8e61e4297049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c8:3e:53:33:90:5e:6b:dd:c3:39:2f:47:4f:
                    75:e5:1c:d9:19:e6:cb:dd:a0:23:da:71:f8:cf:39:
                    57:67:0b:c8:14:7c:10:fd:06:08:92:73:31:a1:61:
                    f5:16:a5:06:12:b8:f3:2f:e9:ed:a7:83:f6:80:f5:
                    4a:76:56:a9:5d:9a:52:cd:69:aa:09:5d:63:0d:e4:
                    86:d1:5b:86:90:fd:72:96:4b:e3:42:b5:8a:25:1f:
                    b3:49:33:e7:47:e4:d8:49:3e:2b:cf:47:aa:05:60:
                    fb:8b:7a:b6:fb:81:28:3e:32:84:66:ab:dd:d4:ff:
                    d2:fd:b5:f6:f6:5e:1b:9f:0b:a0:e7:d0:ea:1e:7a:
                    e4:04:7a:29:53:df:6f:e1:0f:c8:0a:bc:9f:50:6d:
                    ca:de:d2:88:a1:4c:a5:fc:53:9e:9e:36:f7:d6:7c:
                    85:77:3e:d5:a7:ab:1c:fa:26:87:2c:f1:e4:d5:3f:
                    8e:a6:20:be:96:b3:fd:f3:57:da:21:4d:df:a1:79:
                    6d:72:b1:ce:96:31:13:d3:38:30:b6:08:36:3f:18:
                    43:ea:6e:a4:7a:c2:92:2b:a6:3e:91:d3:53:6c:23:
                    77:40:12:3f:73:c2:34:b4:9f:6a:bb:e0:73:46:ea:
                    6c:e5:20:a3:f3:81:9e:bb:d6:b2:5a:c5:ec:67:f9:
                    1f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F1:53:F1:CF:75:85:88:C8:76:91:76:ED:0F:8E:61:E4:29:70:49
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zfFT8c91hYjIdpF27Q-OYeQpcEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:72:a6:f6:30:46:52:e4:26:34:6d:21:24:a9:7c:93:0f:da:
         b9:b2:cf:10:be:93:b5:0f:c4:63:96:40:0f:11:02:78:7a:fa:
         67:f6:04:00:cb:bb:30:e0:1e:4e:36:ce:89:2b:75:7d:cf:00:
         d3:4b:d7:a3:6a:f7:a6:0d:d2:f3:46:82:b6:e6:8d:cc:15:f9:
         a2:2b:a4:e7:5f:ce:cc:94:02:e3:19:7d:ca:30:c0:ca:52:25:
         1e:be:d5:2b:44:e5:5d:31:87:7e:02:da:02:b3:d7:4e:71:aa:
         a0:8b:a1:9b:1b:b8:51:70:c1:64:3a:ee:0c:63:a3:15:91:c2:
         80:bf:17:e8:ce:e8:75:a1:3d:76:81:f1:ff:b1:27:93:17:5b:
         00:b8:d9:2b:61:17:c5:95:9a:ce:af:18:e3:e3:2f:a3:4c:9a:
         cd:f8:5f:32:42:4a:f6:a8:a1:b3:1c:70:16:94:26:87:d0:01:
         79:5e:46:cd:2d:9b:80:ec:a8:94:8f:4d:08:76:1f:7c:04:d9:
         d0:4f:5a:7d:ca:9f:40:96:bd:13:f2:4b:4a:82:fc:ef:ba:f4:
         74:19:be:57:10:05:e2:15:30:98:0f:33:c6:18:c1:3e:b4:75:
         62:ff:a3:74:4f:8a:f6:20:37:3f:d2:51:8f:d5:39:0c:6a:74:
         7c:88:f7:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4X1G8JOqeGpEMKQhHzf4jWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTExMTYxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGYxNTNmMWNmNzU4NTg4Yzg3NjkxNzZlZDBmOGU2MWU0Mjk3MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcg+UzOQXmvdwzkvR0915RzZGebL
3aAj2nH4zzlXZwvIFHwQ/QYIknMxoWH1FqUGErjzL+ntp4P2gPVKdlapXZpSzWmq
CV1jDeSG0VuGkP1ylkvjQrWKJR+zSTPnR+TYST4rz0eqBWD7i3q2+4EoPjKEZqvd
1P/S/bX29l4bnwug59DqHnrkBHopU99v4Q/ICryfUG3K3tKIoUyl/FOenjb31nyF
dz7Vp6sc+iaHLPHk1T+OpiC+lrP981faIU3foXltcrHOljET0zgwtgg2PxhD6m6k
esKSK6Y+kdNTbCN3QBI/c8I0tJ9qu+BzRups5SCj84Geu9ayWsXsZ/kfAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3xU/HPdYWIyHaRdu0PjmHkKXBJMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvemZGVDhjOTFoWWpJZHBGMjdRLU9ZZVFwY0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KBMA0G
CSqGSIb3DQEBCwUAA4IBAQABcqb2MEZS5CY0bSEkqXyTD9q5ss8QvpO1D8RjlkAP
EQJ4evpn9gQAy7sw4B5ONs6JK3V9zwDTS9ejavemDdLzRoK25o3MFfmiK6TnX87M
lALjGX3KMMDKUiUevtUrROVdMYd+AtoCs9dOcaqgi6GbG7hRcMFkOu4MY6MVkcKA
vxfozuh1oT12gfH/sSeTF1sAuNkrYRfFlZrOrxjj4y+jTJrN+F8yQkr2qKGzHHAW
lCaH0AF5XkbNLZuA7KiUj00Idh98BNnQT1p9yp9Alr0T8ktKgvzvuvR0Gb5XEAXi
FTCYDzPGGME+tHVi/6N0T4r2IDc/0lGP1TkManR8iPfl
-----END CERTIFICATE-----