Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/8LleVlpBeH6rvTVrtdlSQo7_Krc.roa
File:                     8LleVlpBeH6rvTVrtdlSQo7_Krc.roa (raw, json)
Hash identifier:          pr0ffVAFHumaLWPDJNcLOMJrBmKAb+juWG8ZwguB2Is=
Subject key identifier:   F0:B9:5E:56:5A:41:78:7E:AB:BD:35:6B:B5:D9:52:42:8E:FF:2A:B7
Certificate issuer:       /CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
Certificate serial:       019CC25BE0EBB28634B8C83AFEF7EDEC6596
Authority key identifier: 6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/8LleVlpBeH6rvTVrtdlSQo7_Krc.roa
Signing time:             Fri 06 Mar 2026 08:55:27 +0000
ROA not before:           Fri 06 Mar 2026 08:55:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212025
IP address blocks:        153.51.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:5b:e0:eb:b2:86:34:b8:c8:3a:fe:f7:ed:ec:65:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
        Validity
            Not Before: Mar  6 08:55:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0b95e565a41787eabbd356bb5d952428eff2ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fd:2f:93:8a:2b:ac:5f:fa:c6:41:b9:68:0e:
                    93:3d:f5:76:25:d1:ce:45:fb:82:e7:05:42:0a:55:
                    c5:89:a4:c1:db:ec:a4:81:c8:50:b9:54:94:d3:45:
                    cc:19:cf:db:5c:8a:15:c7:04:c1:a2:f4:2f:62:17:
                    98:bd:10:69:94:bd:60:f9:63:d2:a0:15:9a:57:b1:
                    ce:2e:e1:d3:73:eb:33:ef:b6:2f:d0:8d:45:22:e5:
                    bf:b7:bf:99:5b:12:26:57:d4:7c:1b:7e:6f:9f:4c:
                    28:ce:5a:1b:a0:3b:bd:e7:96:32:b7:f9:c0:2e:88:
                    a9:8b:49:ed:b9:ff:4b:cd:f7:e2:11:20:4c:d5:3c:
                    a7:9e:49:2a:55:54:c3:34:bf:db:9b:ac:33:2b:4b:
                    24:78:74:b7:2a:34:a1:77:5c:51:e7:44:78:89:75:
                    44:29:3a:94:52:ea:a0:c8:8a:8f:ff:77:a8:fd:8b:
                    f7:49:a9:f6:ce:3e:09:b4:17:81:21:ee:cb:2b:10:
                    7b:ad:4a:56:57:e0:75:d8:d0:cd:44:c8:57:38:d2:
                    c4:ff:94:d1:9a:9a:c3:74:d5:53:0c:41:5a:83:95:
                    ac:fe:60:0e:70:ce:e7:91:56:62:9a:d9:6c:78:05:
                    dd:21:b7:93:61:28:92:4a:a0:14:2e:c1:59:25:0a:
                    50:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B9:5E:56:5A:41:78:7E:AB:BD:35:6B:B5:D9:52:42:8E:FF:2A:B7
            X509v3 Authority Key Identifier:
                keyid:6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/8LleVlpBeH6rvTVrtdlSQo7_Krc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.51.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:37:e1:92:ac:29:4d:c7:c9:d2:53:f3:3c:10:f8:68:a5:e2:
         0c:8e:97:51:bd:4d:a9:0b:73:dc:32:5d:c3:10:eb:1f:e8:bc:
         69:b3:d8:2a:88:7d:ef:fe:10:f9:00:eb:41:19:57:fa:09:7f:
         0e:33:7c:53:c3:ce:6d:e5:9a:f5:63:01:ac:d8:71:81:76:61:
         c8:b5:8b:aa:2c:73:b6:6d:a8:c7:f7:07:e1:7d:25:f9:a8:cf:
         e9:a8:65:a4:29:3e:e5:c4:b7:a5:f8:b5:94:db:4b:c6:17:20:
         ca:77:3e:59:0b:05:98:0f:85:a7:ac:89:a8:c3:ca:c6:bc:30:
         83:8d:0c:b1:85:f3:f2:c9:ae:ee:db:75:6c:83:14:f8:ba:6c:
         f6:bc:b7:06:d2:bb:e4:cb:77:23:5a:00:0a:9b:9c:ef:d7:ca:
         30:47:2a:07:b0:2e:28:4a:ff:7c:52:3f:94:a3:a5:07:d4:fb:
         22:d2:16:05:8f:4d:93:75:5d:46:d9:e0:d7:55:93:77:bd:2a:
         7b:fe:b3:c4:85:b2:0e:51:df:8a:47:4b:46:f6:96:e7:78:15:
         7e:32:5d:21:61:ac:82:a7:11:21:8c:c0:5f:b9:3d:1a:8c:60:
         75:e6:8d:7e:7f:ff:20:d0:c9:d5:cf:28:14:a8:ae:4f:08:3c:
         bb:db:fb:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCW+DrsoY0uMg6/vft7GWWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTA0ZjFlNGFiYWVjMWVmZjgwZjI2MmM2MmY5NmMyNTQz
OGM4ZTEwHhcNMjYwMzA2MDg1NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGI5NWU1NjVhNDE3ODdlYWJiZDM1NmJiNWQ5NTI0MjhlZmYyYWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwP0vk4orrF/6xkG5aA6TPfV2JdHO
RfuC5wVCClXFiaTB2+ykgchQuVSU00XMGc/bXIoVxwTBovQvYheYvRBplL1g+WPS
oBWaV7HOLuHTc+sz77Yv0I1FIuW/t7+ZWxImV9R8G35vn0wozloboDu955Yyt/nA
Loipi0ntuf9LzffiESBM1TynnkkqVVTDNL/bm6wzK0skeHS3KjShd1xR50R4iXVE
KTqUUuqgyIqP/3eo/Yv3San2zj4JtBeBIe7LKxB7rUpWV+B12NDNRMhXONLE/5TR
mprDdNVTDEFag5Ws/mAOcM7nkVZimtlseAXdIbeTYSiSSqAULsFZJQpQtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPC5XlZaQXh+q701a7XZUkKO/yq3MB8GA1UdIwQY
MBaAFGsQTx5Kuuwe/4DyYsYvlsJUOMjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMt
MzBjOWRlMjA1YWZjLzEvOExsZVZscEJlSDZydlRWcnRkbFNRbzdfS3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMtMzBjOWRlMjA1YWZj
LzEvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTO+MA0G
CSqGSIb3DQEBCwUAA4IBAQATN+GSrClNx8nSU/M8EPhopeIMjpdRvU2pC3PcMl3D
EOsf6Lxps9gqiH3v/hD5AOtBGVf6CX8OM3xTw85t5Zr1YwGs2HGBdmHItYuqLHO2
bajH9wfhfSX5qM/pqGWkKT7lxLel+LWU20vGFyDKdz5ZCwWYD4WnrImow8rGvDCD
jQyxhfPyya7u23VsgxT4umz2vLcG0rvky3cjWgAKm5zv18owRyoHsC4oSv98Uj+U
o6UH1Psi0hYFj02TdV1G2eDXVZN3vSp7/rPEhbIOUd+KR0tG9pbneBV+Ml0hYayC
pxEhjMBfuT0ajGB15o1+f/8g0MnVzygUqK5PCDy72/t/
-----END CERTIFICATE-----