Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FS9FSm0z1hmjjaw-FahJlEHOKzQ.roa
File:                     FS9FSm0z1hmjjaw-FahJlEHOKzQ.roa (raw, json)
Hash identifier:          rN1jdpLQZBdgmlsOHLIiU1Cn5GhLQrsaw5VsNZciYkQ=
Subject key identifier:   15:2F:45:4A:6D:33:D6:19:A3:8D:AC:3E:15:A8:49:94:41:CE:2B:34
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019F2816B9BD02501733C43CB2264A51F7AF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FS9FSm0z1hmjjaw-FahJlEHOKzQ.roa
Signing time:             Fri 03 Jul 2026 13:06:45 +0000
ROA not before:           Fri 03 Jul 2026 13:06:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219394
IP address blocks:        151.242.29.0/24 maxlen: 24
                          151.242.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:28:16:b9:bd:02:50:17:33:c4:3c:b2:26:4a:51:f7:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul  3 13:06:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=152f454a6d33d619a38dac3e15a8499441ce2b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:29:aa:28:ff:04:ec:24:f7:67:82:79:93:89:
                    35:31:65:49:a1:ca:94:94:0a:b7:a9:5a:23:7d:45:
                    68:81:38:66:48:a7:dd:be:a0:3c:dc:34:f9:51:90:
                    01:12:69:47:d7:15:13:1f:41:84:76:29:93:f1:86:
                    71:f1:51:03:9c:49:c6:ab:eb:96:22:b6:09:f6:a5:
                    90:fa:1b:20:14:ef:36:ee:a6:3f:75:62:1f:7f:fc:
                    86:d1:95:a2:b8:70:02:f8:cc:a7:b2:c5:18:b6:70:
                    ee:25:c0:b9:89:42:77:71:cd:da:ff:b0:05:40:29:
                    a0:2f:f8:b7:e2:f0:9a:8d:5d:5c:83:fb:c4:6f:06:
                    fd:81:23:f4:a4:74:53:8d:ff:4f:b4:91:c7:43:49:
                    d3:5f:74:95:5e:23:2c:82:7c:ef:2b:ba:6b:71:cc:
                    cc:97:62:ea:98:1d:ab:bc:ec:e2:b4:7b:78:d5:68:
                    72:34:db:20:8a:df:c1:30:4b:56:8e:3b:a9:c6:02:
                    67:ee:ec:80:ce:58:94:c2:3e:4d:86:46:d9:82:7c:
                    8d:2b:42:cf:5d:22:d6:2e:ea:7c:42:89:1d:4a:56:
                    76:5d:f7:51:8c:e8:aa:3e:d1:17:85:5b:db:fa:1e:
                    9a:da:0f:23:5a:b7:55:77:af:5d:53:14:7a:ff:c9:
                    63:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2F:45:4A:6D:33:D6:19:A3:8D:AC:3E:15:A8:49:94:41:CE:2B:34
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FS9FSm0z1hmjjaw-FahJlEHOKzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.29.0/24
                  151.242.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:e3:6e:48:62:38:d0:aa:03:ef:95:97:79:84:cd:e7:d4:85:
         b2:26:b9:12:aa:df:73:ad:41:5e:e3:27:9d:69:f5:b8:0a:ab:
         05:97:f4:7d:b2:03:3c:22:2a:3d:e6:61:b8:cf:d9:ef:e0:18:
         c4:67:83:f6:40:fd:d5:2c:2b:cb:36:b2:19:1a:8d:4d:8a:bd:
         8c:93:d7:6b:a9:30:71:4a:38:67:49:1a:6f:a3:79:ca:91:99:
         7c:9e:9b:1b:97:af:a4:e6:f2:b3:d4:05:e5:45:24:c3:3d:c7:
         06:b5:a8:44:bd:4b:63:5c:5a:c8:48:77:dc:00:37:87:d2:0c:
         4a:37:dd:a3:ec:d6:8b:04:7c:a8:49:a6:ab:20:e5:14:c3:f7:
         65:d5:0b:84:1f:16:e9:32:26:eb:22:8a:8f:71:c3:1c:2c:3c:
         35:9c:f7:d4:76:e6:95:4b:b6:ca:8d:22:02:e7:90:fd:94:3d:
         57:dc:67:4c:3d:4b:40:f1:c3:cb:b0:5d:f8:14:d7:53:19:99:
         16:e4:39:bf:42:f2:a6:a8:3b:2c:4f:72:89:9a:e4:b9:8b:7b:
         6c:34:0e:3d:49:92:30:98:06:e8:f1:ae:18:28:39:5c:25:8c:
         31:77:99:e3:3f:e3:db:1c:5c:f0:1b:a9:9c:a9:f5:d9:45:95:
         8b:ca:2d:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8oFrm9AlAXM8Q8siZKUfevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNzAzMTMwNjQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTJmNDU0YTZkMzNkNjE5YTM4ZGFjM2UxNWE4NDk5NDQxY2UyYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCmqKP8E7CT3Z4J5k4k1MWVJocqU
lAq3qVojfUVogThmSKfdvqA83DT5UZABEmlH1xUTH0GEdimT8YZx8VEDnEnGq+uW
IrYJ9qWQ+hsgFO827qY/dWIff/yG0ZWiuHAC+MynssUYtnDuJcC5iUJ3cc3a/7AF
QCmgL/i34vCajV1cg/vEbwb9gSP0pHRTjf9PtJHHQ0nTX3SVXiMsgnzvK7prcczM
l2LqmB2rvOzitHt41WhyNNsgit/BMEtWjjupxgJn7uyAzliUwj5NhkbZgnyNK0LP
XSLWLup8QokdSlZ2XfdRjOiqPtEXhVvb+h6a2g8jWrdVd69dUxR6/8ljkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBUvRUptM9YZo42sPhWoSZRBzis0MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRlM5RlNtMHoxaG1qamF3LUZhaEpsRUhPS3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/IdAwQA
l/IsMA0GCSqGSIb3DQEBCwUAA4IBAQCl425IYjjQqgPvlZd5hM3n1IWyJrkSqt9z
rUFe4yedafW4CqsFl/R9sgM8Iio95mG4z9nv4BjEZ4P2QP3VLCvLNrIZGo1Nir2M
k9drqTBxSjhnSRpvo3nKkZl8npsbl6+k5vKz1AXlRSTDPccGtahEvUtjXFrISHfc
ADeH0gxKN92j7NaLBHyoSaarIOUUw/dl1QuEHxbpMibrIoqPccMcLDw1nPfUduaV
S7bKjSIC55D9lD1X3GdMPUtA8cPLsF34FNdTGZkW5Dm/QvKmqDssT3KJmuS5i3ts
NA49SZIwmAbo8a4YKDlcJYwxd5njP+PbHFzwG6mcqfXZRZWLyi0t
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:58:40 2026 by rpki-client