Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-FX4PL2Iuvf9u6YAZvRHYUz0uQs.roa
File:                     1-FX4PL2Iuvf9u6YAZvRHYUz0uQs.roa (raw, json)
Hash identifier:          xoquvR/Jd/+JBW0VqzqwOAjZD34GSdED2iknIiWcK/8=
Subject key identifier:   F8:55:F8:3C:BD:88:BA:F7:FD:BB:A6:00:66:F4:47:61:4C:F4:B9:0B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019C7A68B8CB1BA07036F26A4C44E9B87B16
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-FX4PL2Iuvf9u6YAZvRHYUz0uQs.roa
Signing time:             Fri 20 Feb 2026 09:36:49 +0000
ROA not before:           Fri 20 Feb 2026 09:36:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214181
IP address blocks:        151.247.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 07:18:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:68:b8:cb:1b:a0:70:36:f2:6a:4c:44:e9:b8:7b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 20 09:36:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f855f83cbd88baf7fdbba60066f447614cf4b90b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5f:20:10:5d:a5:7e:3d:87:2e:bf:f7:d7:c9:
                    ba:57:15:a6:db:b1:b7:24:2a:8f:53:16:df:89:ef:
                    15:82:a1:18:f5:4b:a8:4c:ce:30:26:24:cd:20:5c:
                    24:4b:75:af:bf:29:d5:74:52:70:5e:76:0b:a9:a8:
                    6e:28:c7:ae:76:ef:6f:f8:38:7e:44:86:27:ec:24:
                    03:1c:4f:71:32:d3:71:f5:d9:1d:08:53:30:ef:eb:
                    50:b3:35:6e:a8:7d:b7:98:b3:0d:f3:8a:02:1f:ed:
                    eb:22:89:56:89:4f:aa:95:c2:fd:d5:80:13:26:af:
                    31:3d:5f:1c:f0:57:e7:af:ce:69:0e:18:2d:ac:3d:
                    50:f6:18:c4:d8:33:b8:de:4d:6a:b5:ad:b3:cb:34:
                    a2:b4:0b:b7:35:d7:0a:8c:ad:61:c1:ff:ed:96:92:
                    d6:10:f4:47:15:fd:8d:c1:4b:eb:b2:ce:24:97:02:
                    53:b3:7a:ec:52:d1:28:4b:b5:a7:f7:df:1b:8c:ce:
                    97:97:d6:86:ba:9f:3f:c3:c4:02:c4:bd:07:41:ac:
                    a8:83:a8:a2:d0:0d:d1:7f:2b:81:e1:42:ce:fc:b9:
                    21:bd:f0:e0:0d:64:26:cc:dd:0c:6b:8a:a6:1e:d7:
                    e1:1c:9b:43:55:bc:5e:93:8e:f2:9e:4c:aa:26:7a:
                    dd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:55:F8:3C:BD:88:BA:F7:FD:BB:A6:00:66:F4:47:61:4C:F4:B9:0B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-FX4PL2Iuvf9u6YAZvRHYUz0uQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:22:dc:62:47:01:69:0c:c7:c8:21:0b:b2:fc:61:ef:a5:7b:
         b2:a3:ff:57:10:96:f1:c7:57:b0:92:90:51:21:d7:43:c5:05:
         76:a2:8c:b6:dd:fc:da:f1:56:48:32:9e:6b:0c:d3:38:3b:8e:
         c0:56:d6:bf:78:ab:1c:68:22:df:1d:2d:a4:4c:37:0c:1e:af:
         47:6b:a2:e1:9e:30:f2:95:a8:c1:d7:9e:98:d3:bd:5c:8f:56:
         0d:17:be:15:65:69:79:02:a8:6d:70:20:d3:67:3e:b2:71:a9:
         a8:f1:2f:ad:11:77:24:3e:f7:b9:4f:cd:a4:33:43:55:ff:61:
         d3:d9:a5:57:dd:16:28:d5:95:5e:9e:6d:29:42:bf:90:ca:7d:
         97:89:a5:7d:ff:c6:37:68:e4:fe:84:16:24:70:88:7c:13:b6:
         3e:93:76:dd:39:d5:cc:e0:72:78:55:14:60:a4:7f:21:9f:84:
         9a:32:4d:29:15:c7:65:c8:62:bc:ef:84:b8:58:be:8b:c8:c8:
         a9:79:c6:d1:94:84:9a:0a:3f:ef:4f:c7:b3:98:b8:76:f1:2b:
         06:ef:a0:5e:58:d6:24:e6:14:1a:de:9c:57:f3:54:8d:93:f0:
         d0:3a:f2:39:b7:bc:95:9e:1d:a9:6d:8e:d4:30:31:20:f9:de:
         9d:59:7c:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZx6aLjLG6BwNvJqTETpuHsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjIwMDkzNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODU1ZjgzY2JkODhiYWY3ZmRiYmE2MDA2NmY0NDc2MTRjZjRiOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3F8gEF2lfj2HLr/318m6VxWm27G3
JCqPUxbfie8VgqEY9UuoTM4wJiTNIFwkS3WvvynVdFJwXnYLqahuKMeudu9v+Dh+
RIYn7CQDHE9xMtNx9dkdCFMw7+tQszVuqH23mLMN84oCH+3rIolWiU+qlcL91YAT
Jq8xPV8c8Ffnr85pDhgtrD1Q9hjE2DO43k1qta2zyzSitAu3NdcKjK1hwf/tlpLW
EPRHFf2NwUvrss4klwJTs3rsUtEoS7Wn998bjM6Xl9aGup8/w8QCxL0HQayog6ii
0A3RfyuB4ULO/LkhvfDgDWQmzN0Ma4qmHtfhHJtDVbxek47ynkyqJnrd+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhV+Dy9iLr3/bumAGb0R2FM9LkLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMS1GWDRQTDJJdXZmOXU2WUFadlJIWVV6MHVRcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGUvZjQzYjFkLTllNTAtNDU1MS1hZTZhLTE3YjlkZTE0MTI1
Mi8xL3htSm05R2I3SkppamxGbXpOUzJpVVZHbHBNQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJf30jAN
BgkqhkiG9w0BAQsFAAOCAQEAUCLcYkcBaQzHyCELsvxh76V7sqP/VxCW8cdXsJKQ
USHXQ8UFdqKMtt382vFWSDKeawzTODuOwFbWv3irHGgi3x0tpEw3DB6vR2ui4Z4w
8pWowdeemNO9XI9WDRe+FWVpeQKobXAg02c+snGpqPEvrRF3JD73uU/NpDNDVf9h
09mlV90WKNWVXp5tKUK/kMp9l4mlff/GN2jk/oQWJHCIfBO2PpN23TnVzOByeFUU
YKR/IZ+EmjJNKRXHZchivO+EuFi+i8jIqXnG0ZSEmgo/70/Hs5i4dvErBu+gXljW
JOYUGt6cV/NUjZPw0DryObe8lZ4dqW2O1DAxIPnenVl8wA==
-----END CERTIFICATE-----