Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GsCF2auMLy5SHCZXGYCTGCcBAi0.roa
File:                     GsCF2auMLy5SHCZXGYCTGCcBAi0.roa (raw, json)
Hash identifier:          G+DlUzZ/IeyOYWfooZ9/MH82tOrb6TK0OdgvwSae+Jw=
Subject key identifier:   1A:C0:85:D9:AB:8C:2F:2E:52:1C:26:57:19:80:93:18:27:01:02:2D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DEC11505876CE89996D6ECF4FDA70B107
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GsCF2auMLy5SHCZXGYCTGCcBAi0.roa
Signing time:             Sun 03 May 2026 04:20:50 +0000
ROA not before:           Sun 03 May 2026 04:20:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        151.247.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ec:11:50:58:76:ce:89:99:6d:6e:cf:4f:da:70:b1:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  3 04:20:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ac085d9ab8c2f2e521c2657198093182701022d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:5e:a5:21:9a:43:00:0e:8e:2b:13:a0:a1:
                    44:8a:92:56:64:bc:e9:00:94:77:27:0a:e3:3e:21:
                    a0:bf:c4:70:c5:4d:83:e9:9a:c6:8b:7c:1c:6a:60:
                    58:2c:cd:b1:e3:26:0e:f4:07:f5:07:a5:77:39:d8:
                    f1:02:f9:18:8c:d7:37:35:b2:4a:55:3a:0d:d9:79:
                    f1:cf:7b:d7:73:ec:1e:9c:6b:3f:7b:d3:38:42:64:
                    2d:1d:4b:f5:15:64:17:76:b5:ab:83:f5:95:9d:4c:
                    08:5f:32:d9:66:eb:cc:c4:00:ac:69:d8:92:6a:72:
                    c8:3d:5a:43:45:a1:c1:2d:e1:40:d6:2c:49:6f:01:
                    ca:6b:98:63:13:0e:3f:5c:bf:a8:1a:11:b7:08:c7:
                    3b:43:c2:cf:34:86:2f:a8:3c:53:ac:75:cf:3f:b3:
                    6e:36:9e:b7:17:7e:cb:a5:58:0d:d1:08:cf:4e:08:
                    7a:93:e8:49:3b:c4:af:e6:72:60:68:ab:12:2c:bc:
                    4e:43:5b:91:93:2a:cf:f0:a1:19:2e:6d:12:26:9a:
                    d9:0a:ea:28:39:6e:c7:5e:36:c9:63:27:ae:46:42:
                    6c:fa:96:d8:90:f8:14:14:3c:87:fc:20:26:8b:88:
                    cc:b6:41:6e:5c:5d:c6:d4:6f:cd:9c:54:e8:0a:26:
                    48:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C0:85:D9:AB:8C:2F:2E:52:1C:26:57:19:80:93:18:27:01:02:2D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GsCF2auMLy5SHCZXGYCTGCcBAi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:93:24:c7:64:27:fc:2a:07:5a:dc:01:4d:28:89:00:f7:3c:
         8b:73:fb:2e:cc:95:a5:93:f6:15:4d:e3:45:e3:10:a0:e8:c1:
         fb:34:cc:53:f7:81:ac:21:1b:20:4b:e1:ae:a9:cc:4c:5f:68:
         8a:a3:a7:4f:8a:57:1c:d7:d4:4d:18:4c:1e:37:60:07:df:e2:
         e8:28:2d:48:b4:08:d7:5c:c5:6a:40:9b:47:33:cd:b4:25:4d:
         1d:c2:7f:7d:40:31:1c:76:07:94:2e:a5:8c:83:7d:27:c7:6a:
         c3:14:86:18:81:41:48:8a:c9:b8:be:cf:dc:a8:98:8f:59:59:
         e6:d6:15:5e:11:e6:aa:b3:51:2b:76:d9:84:da:3d:8d:17:85:
         5d:9f:d6:b0:f5:39:d6:2a:9d:ed:15:69:62:36:fb:87:c3:fe:
         f0:a9:95:a6:17:77:09:29:71:f5:f0:5b:62:e3:c7:66:cc:30:
         82:b1:59:d3:3b:8f:55:45:66:56:fd:14:2b:b6:b0:08:cb:2b:
         0c:ca:f3:62:5c:6b:eb:34:0b:32:48:4f:02:a3:42:5b:0d:79:
         26:33:04:08:9e:e8:95:22:50:59:6c:4e:a5:e8:fe:fa:0b:e8:
         f1:96:c6:e6:e0:21:90:1a:8b:23:f7:79:47:b8:81:29:87:b0:
         b6:0f:b7:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3sEVBYds6JmW1uz0/acLEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTAzMDQyMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWMwODVkOWFiOGMyZjJlNTIxYzI2NTcxOTgwOTMxODI3MDEwMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl31epSGaQwAOjisToKFEipJWZLzp
AJR3JwrjPiGgv8RwxU2D6ZrGi3wcamBYLM2x4yYO9Af1B6V3OdjxAvkYjNc3NbJK
VToN2Xnxz3vXc+wenGs/e9M4QmQtHUv1FWQXdrWrg/WVnUwIXzLZZuvMxACsadiS
anLIPVpDRaHBLeFA1ixJbwHKa5hjEw4/XL+oGhG3CMc7Q8LPNIYvqDxTrHXPP7Nu
Np63F37LpVgN0QjPTgh6k+hJO8Sv5nJgaKsSLLxOQ1uRkyrP8KEZLm0SJprZCuoo
OW7HXjbJYyeuRkJs+pbYkPgUFDyH/CAmi4jMtkFuXF3G1G/NnFToCiZIVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrAhdmrjC8uUhwmVxmAkxgnAQItMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvR3NDRjJhdU1MeTVTSENaWEdZQ1RHQ2NCQWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/euMA0G
CSqGSIb3DQEBCwUAA4IBAQAgkyTHZCf8Kgda3AFNKIkA9zyLc/suzJWlk/YVTeNF
4xCg6MH7NMxT94GsIRsgS+GuqcxMX2iKo6dPilcc19RNGEweN2AH3+LoKC1ItAjX
XMVqQJtHM820JU0dwn99QDEcdgeULqWMg30nx2rDFIYYgUFIism4vs/cqJiPWVnm
1hVeEeaqs1ErdtmE2j2NF4Vdn9aw9TnWKp3tFWliNvuHw/7wqZWmF3cJKXH18Fti
48dmzDCCsVnTO49VRWZW/RQrtrAIyysMyvNiXGvrNAsySE8Co0JbDXkmMwQInuiV
IlBZbE6l6P76C+jxlsbm4CGQGosj93lHuIEph7C2D7cw
-----END CERTIFICATE-----