Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_ery3h-TlEL5E3ITHAFJ9hFa-Ps.roa
File:                     _ery3h-TlEL5E3ITHAFJ9hFa-Ps.roa (raw, json)
Hash identifier:          Ywodn2AJGJdNt0sfIQ44+SDZvII293VOpM7Ix1fiXxQ=
Subject key identifier:   FD:EA:F2:DE:1F:93:94:42:F9:13:72:13:1C:01:49:F6:11:5A:F8:FB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E3200444D24516F7B6F3D2A0D8073A790
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_ery3h-TlEL5E3ITHAFJ9hFa-Ps.roa
Signing time:             Sat 16 May 2026 18:15:38 +0000
ROA not before:           Sat 16 May 2026 18:15:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215691
IP address blocks:        151.242.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 May 2026 07:48:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:32:00:44:4d:24:51:6f:7b:6f:3d:2a:0d:80:73:a7:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 16 18:15:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fdeaf2de1f939442f91372131c0149f6115af8fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2e:70:77:bb:84:67:63:83:04:da:e2:45:6d:
                    1e:4d:f0:98:ac:06:86:5d:59:25:17:07:57:7e:1c:
                    a2:f5:87:26:7b:a4:d1:22:9f:32:74:fc:97:db:8a:
                    e3:06:91:f1:76:d4:8c:f5:b0:1a:4a:69:d6:0c:d4:
                    ef:9e:2b:e0:f8:af:d1:31:c4:bc:2e:d6:14:ba:22:
                    34:74:e2:dc:bc:e1:9a:d5:6a:57:b9:90:44:e1:50:
                    d0:2f:59:c5:68:c4:ff:ee:26:29:1e:d2:4d:d8:8c:
                    5c:54:c3:13:65:59:f0:6c:96:c8:b1:59:14:88:b8:
                    bf:49:23:0e:5b:54:52:73:f7:f5:d9:e2:9e:30:fe:
                    ce:da:f4:f7:f1:ea:99:14:86:9c:52:5f:e3:2f:f6:
                    56:14:a6:23:7f:83:da:58:7f:fd:50:1b:60:e9:2f:
                    f8:7d:36:a9:ba:ee:f6:59:68:ef:d0:f8:4c:87:fe:
                    66:41:a6:98:40:bd:58:b8:4c:5b:96:d0:cd:46:14:
                    e6:19:7a:6c:40:25:0e:5d:28:a7:cd:aa:de:59:f9:
                    b7:be:65:4b:b8:94:f3:83:c4:31:7b:59:5e:fe:1a:
                    ae:a4:83:20:12:81:10:0c:d9:82:0d:98:06:e7:76:
                    88:3d:a4:6b:6d:67:aa:11:0c:26:98:a5:db:e2:8e:
                    bf:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EA:F2:DE:1F:93:94:42:F9:13:72:13:1C:01:49:F6:11:5A:F8:FB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_ery3h-TlEL5E3ITHAFJ9hFa-Ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:70:7a:c9:a1:0b:66:a5:29:e8:32:dc:3c:34:45:d8:32:1c:
         97:ce:d0:09:57:da:1e:aa:d6:78:d6:2d:68:2c:ff:43:93:7f:
         99:52:20:ce:aa:cf:a2:26:76:bc:72:36:83:71:f1:97:fa:09:
         04:3b:22:12:83:77:24:52:b6:62:60:1e:23:21:d8:18:5c:11:
         72:17:96:f0:3d:5b:71:3d:7f:ae:01:0b:9c:e0:71:b8:f8:ed:
         f8:24:cc:9d:ed:81:16:da:51:8c:19:51:ff:21:a5:6b:ce:15:
         8b:5e:f1:6c:ce:af:43:c8:cd:52:ba:11:e3:2d:ed:e4:e8:7c:
         e4:ea:6e:6c:75:9d:ff:5c:1a:f2:89:8c:84:35:d4:93:28:0b:
         17:df:08:2e:da:3b:31:72:80:7e:43:bf:b6:c4:b1:87:05:8b:
         05:1a:cf:38:d8:b2:88:a4:a5:2c:be:8d:fa:e8:cc:a4:a3:c7:
         a7:21:2b:d6:76:e1:1c:0a:6e:2f:1d:dd:9f:55:3e:ab:4b:ec:
         43:8c:0b:7f:7a:04:7a:c2:11:05:c8:b1:ee:06:da:97:4e:a4:
         c1:1e:90:01:3b:80:13:74:15:ec:a1:4e:af:a1:93:1d:07:91:
         4b:43:b1:0c:7c:3a:05:cb:07:37:71:b0:10:5e:87:31:47:56:
         55:e2:1e:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4yAERNJFFve289Kg2Ac6eQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTE2MTgxNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGVhZjJkZTFmOTM5NDQyZjkxMzcyMTMxYzAxNDlmNjExNWFmOGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS5wd7uEZ2ODBNriRW0eTfCYrAaG
XVklFwdXfhyi9Ycme6TRIp8ydPyX24rjBpHxdtSM9bAaSmnWDNTvnivg+K/RMcS8
LtYUuiI0dOLcvOGa1WpXuZBE4VDQL1nFaMT/7iYpHtJN2IxcVMMTZVnwbJbIsVkU
iLi/SSMOW1RSc/f12eKeMP7O2vT38eqZFIacUl/jL/ZWFKYjf4PaWH/9UBtg6S/4
fTapuu72WWjv0PhMh/5mQaaYQL1YuExbltDNRhTmGXpsQCUOXSinzareWfm3vmVL
uJTzg8Qxe1le/hqupIMgEoEQDNmCDZgG53aIPaRrbWeqEQwmmKXb4o6/TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3q8t4fk5RC+RNyExwBSfYRWvj7MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvX2VyeTNoLVRsRUw1RTNJVEhBRko5aEZhLVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/K+MA0G
CSqGSIb3DQEBCwUAA4IBAQAzcHrJoQtmpSnoMtw8NEXYMhyXztAJV9oeqtZ41i1o
LP9Dk3+ZUiDOqs+iJna8cjaDcfGX+gkEOyISg3ckUrZiYB4jIdgYXBFyF5bwPVtx
PX+uAQuc4HG4+O34JMyd7YEW2lGMGVH/IaVrzhWLXvFszq9DyM1SuhHjLe3k6Hzk
6m5sdZ3/XBryiYyENdSTKAsX3wgu2jsxcoB+Q7+2xLGHBYsFGs842LKIpKUsvo36
6Myko8enISvWduEcCm4vHd2fVT6rS+xDjAt/egR6whEFyLHuBtqXTqTBHpABO4AT
dBXsoU6voZMdB5FLQ7EMfDoFywc3cbAQXocxR1ZV4h4N
-----END CERTIFICATE-----