Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CWifO9MNps4RqOR_TgUDHwCYO-c.roa
File:                     CWifO9MNps4RqOR_TgUDHwCYO-c.roa (raw, json)
Hash identifier:          Y4WaHTWsOz9/KAN/k566F+4BoSaxa+dtihUg+iDQjp4=
Subject key identifier:   09:68:9F:3B:D3:0D:A6:CE:11:A8:E4:7F:4E:05:03:1F:00:98:3B:E7
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019C0DF3414BD9F06A47CC814AAF12D6187B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CWifO9MNps4RqOR_TgUDHwCYO-c.roa
Signing time:             Fri 30 Jan 2026 08:09:31 +0000
ROA not before:           Fri 30 Jan 2026 08:09:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215419
IP address blocks:        151.247.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0d:f3:41:4b:d9:f0:6a:47:cc:81:4a:af:12:d6:18:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 30 08:09:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09689f3bd30da6ce11a8e47f4e05031f00983be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ce:94:98:cf:8e:35:ec:50:96:ed:e0:9d:c5:
                    17:45:a0:9f:b8:af:61:91:a7:b4:b1:f5:bd:46:78:
                    65:51:a1:be:05:9a:50:6b:f9:ef:47:af:a1:c4:e4:
                    93:1d:d8:4a:af:08:7e:ef:2b:2c:84:e3:2a:28:18:
                    42:5b:ee:a2:26:ca:b4:73:7c:47:5e:af:38:e9:0e:
                    54:87:7c:22:44:17:d8:e0:0a:7e:aa:43:fa:b7:16:
                    78:22:5e:76:c6:a6:e5:69:cf:ef:50:9b:33:84:71:
                    32:12:50:ff:18:f1:21:70:66:a5:97:23:cf:27:14:
                    0a:28:aa:63:c8:b3:45:ca:83:d4:71:9b:76:fa:7d:
                    80:6d:8f:1a:de:36:80:5b:7f:dd:09:35:24:81:c5:
                    e4:ee:f0:c5:76:eb:62:38:93:1c:24:7e:ea:9a:df:
                    f6:96:1f:79:a0:76:43:99:9a:d6:de:0a:3d:22:25:
                    f1:a6:c7:50:5b:9e:46:ec:b8:f8:05:d1:1c:8b:cb:
                    e9:ec:b7:ce:ec:82:6c:87:a7:12:55:b5:80:7c:54:
                    28:75:3b:45:ad:42:6c:51:bf:e8:04:44:69:a8:2b:
                    10:1f:a3:3f:2b:7d:85:29:12:27:df:4d:6d:c4:2d:
                    1d:c8:7e:4a:6b:a4:8e:d3:8f:a2:48:6e:57:17:77:
                    99:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:68:9F:3B:D3:0D:A6:CE:11:A8:E4:7F:4E:05:03:1F:00:98:3B:E7
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CWifO9MNps4RqOR_TgUDHwCYO-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:4f:eb:63:47:cf:b4:09:d4:89:b4:d0:48:21:bc:58:17:31:
         c5:e2:00:d5:6e:55:86:87:ff:7b:8c:c2:53:c6:10:f6:ff:69:
         2c:92:38:46:c3:51:60:a7:00:07:47:c0:0b:89:d5:54:66:43:
         10:0a:89:60:22:4f:dd:34:d0:98:fc:a3:39:4a:50:9d:ea:68:
         69:f9:a0:da:48:65:10:fe:77:ce:65:e7:cf:98:f4:de:f5:91:
         02:8d:df:87:da:df:ed:40:60:33:dd:0f:8b:e4:6e:c2:1c:0e:
         a3:59:a9:e9:86:a4:cc:f6:5a:a1:f9:f6:72:6c:8e:90:cb:81:
         51:aa:5f:aa:fa:f9:1b:88:0a:92:24:d3:c3:9c:78:58:cb:cc:
         8c:de:c4:20:29:d5:07:7e:f8:f8:ae:7d:86:07:54:87:3b:32:
         20:ba:7a:ac:53:f2:28:f4:7b:8b:36:30:18:43:ce:8f:a6:49:
         8d:8e:f7:ba:9e:63:09:d8:bb:77:a0:13:39:ae:d1:08:af:fd:
         60:73:1b:55:af:58:5b:7b:70:58:a0:fb:2e:10:fe:41:9d:52:
         b1:c1:02:ac:ff:c5:d2:37:05:2b:d2:39:da:38:34:e3:d0:43:
         31:26:52:b6:c2:c1:de:8c:fb:86:78:7c:8e:1d:6f:da:5d:63:
         a5:e6:1d:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwN80FL2fBqR8yBSq8S1hh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTMwMDgwOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY4OWYzYmQzMGRhNmNlMTFhOGU0N2Y0ZTA1MDMxZjAwOTgzYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc6UmM+ONexQlu3gncUXRaCfuK9h
kae0sfW9RnhlUaG+BZpQa/nvR6+hxOSTHdhKrwh+7ysshOMqKBhCW+6iJsq0c3xH
Xq846Q5Uh3wiRBfY4Ap+qkP6txZ4Il52xqblac/vUJszhHEyElD/GPEhcGallyPP
JxQKKKpjyLNFyoPUcZt2+n2AbY8a3jaAW3/dCTUkgcXk7vDFdutiOJMcJH7qmt/2
lh95oHZDmZrW3go9IiXxpsdQW55G7Lj4BdEci8vp7LfO7IJsh6cSVbWAfFQodTtF
rUJsUb/oBERpqCsQH6M/K32FKRIn301txC0dyH5Ka6SO04+iSG5XF3eZsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlonzvTDabOEajkf04FAx8AmDvnMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQ1dpZk85TU5wczRScU9SX1RnVURId0NZTy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/daMA0G
CSqGSIb3DQEBCwUAA4IBAQB5T+tjR8+0CdSJtNBIIbxYFzHF4gDVblWGh/97jMJT
xhD2/2kskjhGw1FgpwAHR8ALidVUZkMQColgIk/dNNCY/KM5SlCd6mhp+aDaSGUQ
/nfOZefPmPTe9ZECjd+H2t/tQGAz3Q+L5G7CHA6jWanphqTM9lqh+fZybI6Qy4FR
ql+q+vkbiAqSJNPDnHhYy8yM3sQgKdUHfvj4rn2GB1SHOzIgunqsU/Io9HuLNjAY
Q86PpkmNjve6nmMJ2Lt3oBM5rtEIr/1gcxtVr1hbe3BYoPsuEP5BnVKxwQKs/8XS
NwUr0jnaODTj0EMxJlK2wsHejPuGeHyOHW/aXWOl5h1F
-----END CERTIFICATE-----