Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dF-AWx5JdpltrehSPy6NLvtrfS0.roa
File:                     dF-AWx5JdpltrehSPy6NLvtrfS0.roa (raw, json)
Hash identifier:          Yvu2+iwOTcygeNTKOMjMKNeiUbzk8CWsCZTZy8gxcAI=
Subject key identifier:   74:5F:80:5B:1E:49:76:99:6D:AD:E8:52:3F:2E:8D:2E:FB:6B:7D:2D
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E4E307202E4193FC884A00A49B9B646C1
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dF-AWx5JdpltrehSPy6NLvtrfS0.roa
Signing time:             Fri 22 May 2026 05:37:38 +0000
ROA not before:           Fri 22 May 2026 05:37:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153169
IP address blocks:        151.245.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 05:39:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:30:72:02:e4:19:3f:c8:84:a0:0a:49:b9:b6:46:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 22 05:37:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=745f805b1e4976996dade8523f2e8d2efb6b7d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3e:df:9c:72:5d:b9:71:56:79:7f:12:24:96:
                    65:af:9f:a8:f1:04:15:bd:68:0f:d3:2d:21:16:6a:
                    9f:19:bf:3f:06:58:8a:26:7f:80:7a:9b:07:43:d7:
                    fd:50:0c:f4:e6:ed:66:28:ea:b3:9a:b6:17:b4:d3:
                    f9:7c:7b:88:02:53:cb:61:88:46:1b:2f:f6:e0:3f:
                    dc:dd:41:9e:d1:00:7e:62:3c:7b:00:40:05:37:7a:
                    6e:97:ab:e4:dd:f6:cd:70:31:4f:fe:cb:61:2c:51:
                    2b:82:8c:e1:be:5c:9b:52:90:12:11:b1:e1:a9:f7:
                    94:9e:88:80:73:d2:c0:13:97:cf:b0:1c:22:fb:72:
                    62:d8:23:ec:13:21:5f:56:f8:3c:fc:e4:68:ca:48:
                    84:e4:14:c3:60:6c:1c:4f:45:2d:36:79:bb:fe:cd:
                    e2:e0:94:98:ae:8a:34:66:6e:57:13:c8:cd:b6:e9:
                    bc:6d:25:c7:45:b6:81:11:1a:95:77:2e:4e:92:c3:
                    0d:6b:6c:79:f4:17:c8:dc:e8:c8:89:e6:76:15:37:
                    95:30:c1:c7:4e:dc:f0:2e:0e:27:22:c6:2b:5a:b5:
                    c5:0a:58:fe:44:c5:5f:e7:e9:b7:1d:b5:1e:8d:d6:
                    1f:10:51:85:dc:2d:b8:96:cb:51:6d:ea:bf:7b:74:
                    5f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:5F:80:5B:1E:49:76:99:6D:AD:E8:52:3F:2E:8D:2E:FB:6B:7D:2D
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dF-AWx5JdpltrehSPy6NLvtrfS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:aa:c4:64:be:91:12:28:61:6b:78:b2:66:8c:aa:67:c3:51:
         f2:75:33:a4:2a:3c:98:c8:b7:8f:1b:4b:d6:c1:05:6f:8d:d6:
         6f:98:3c:b4:9c:62:3a:4c:5d:17:26:2e:3f:86:8f:b4:cc:24:
         14:35:82:62:db:83:bf:9d:b5:0b:c1:f8:1f:71:87:c0:78:b9:
         a4:2a:b7:88:60:db:35:09:f9:fc:73:fc:f5:db:fd:e2:db:93:
         e5:b6:e3:d7:ca:ff:96:5d:af:00:85:be:6f:70:c4:64:9e:c0:
         f9:51:95:51:2c:ce:1c:53:3f:d0:ae:c7:c9:25:f4:34:9c:ed:
         6b:91:0d:0d:fc:19:25:95:66:6b:69:75:bc:9f:6a:ad:cc:ab:
         ba:47:5a:96:5c:58:7a:ee:a5:55:7c:d5:42:78:92:69:71:e1:
         d3:a5:e7:1f:cf:14:cc:b2:28:06:5c:b9:23:66:7a:ff:12:40:
         cc:fd:65:14:3d:0f:3f:35:a0:6b:be:89:5f:d7:67:4e:09:21:
         b7:24:e9:13:c4:06:50:3f:09:2b:c0:83:5c:14:0c:32:10:1f:
         4f:ef:37:d6:c2:59:52:22:84:d6:e4:cb:88:91:65:01:a2:be:
         f3:43:c0:bb:39:a9:f2:3d:9e:e2:8d:98:50:55:9d:12:7b:6d:
         71:d2:bf:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5OMHIC5Bk/yISgCkm5tkbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTIyMDUzNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDVmODA1YjFlNDk3Njk5NmRhZGU4NTIzZjJlOGQyZWZiNmI3ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxj7fnHJduXFWeX8SJJZlr5+o8QQV
vWgP0y0hFmqfGb8/BliKJn+AepsHQ9f9UAz05u1mKOqzmrYXtNP5fHuIAlPLYYhG
Gy/24D/c3UGe0QB+Yjx7AEAFN3pul6vk3fbNcDFP/sthLFErgozhvlybUpASEbHh
qfeUnoiAc9LAE5fPsBwi+3Ji2CPsEyFfVvg8/ORoykiE5BTDYGwcT0UtNnm7/s3i
4JSYroo0Zm5XE8jNtum8bSXHRbaBERqVdy5OksMNa2x59BfI3OjIieZ2FTeVMMHH
TtzwLg4nIsYrWrXFClj+RMVf5+m3HbUejdYfEFGF3C24lstRbeq/e3RfdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRfgFseSXaZba3oUj8ujS77a30tMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZEYtQVd4NUpkcGx0cmVoU1B5Nk5MdnRyZlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/WPMA0G
CSqGSIb3DQEBCwUAA4IBAQC0qsRkvpESKGFreLJmjKpnw1HydTOkKjyYyLePG0vW
wQVvjdZvmDy0nGI6TF0XJi4/ho+0zCQUNYJi24O/nbULwfgfcYfAeLmkKreIYNs1
Cfn8c/z12/3i25PltuPXyv+WXa8Ahb5vcMRknsD5UZVRLM4cUz/QrsfJJfQ0nO1r
kQ0N/BkllWZraXW8n2qtzKu6R1qWXFh67qVVfNVCeJJpceHTpecfzxTMsigGXLkj
Znr/EkDM/WUUPQ8/NaBrvolf12dOCSG3JOkTxAZQPwkrwINcFAwyEB9P7zfWwllS
IoTW5MuIkWUBor7zQ8C7OanyPZ7ijZhQVZ0Se21x0r8z
-----END CERTIFICATE-----