Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CfSuS9K__0MS1649jTM1M1dr0FY.roa
File:                     CfSuS9K__0MS1649jTM1M1dr0FY.roa (raw, json)
Hash identifier:          B8lACecsQ//q5L4ccDVgslxxm95BJu9X7ulJtGZm9Sk=
Subject key identifier:   09:F4:AE:4B:D2:BF:FF:43:12:D7:AE:3D:8D:33:35:33:57:6B:D0:56
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EA5A718271E0106C2D2F8F4708DC22B7C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CfSuS9K__0MS1649jTM1M1dr0FY.roa
Signing time:             Mon 08 Jun 2026 05:14:11 +0000
ROA not before:           Mon 08 Jun 2026 05:14:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202897
IP address blocks:        151.245.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 13:35:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:a7:18:27:1e:01:06:c2:d2:f8:f4:70:8d:c2:2b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  8 05:14:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09f4ae4bd2bfff4312d7ae3d8d333533576bd056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:58:27:4e:dd:86:17:0c:98:a2:ed:e8:d0:b3:
                    81:37:ad:be:08:1f:d7:6a:11:36:c2:12:35:48:6c:
                    ff:89:93:ef:57:a6:1e:42:d3:fb:7a:a2:c7:3d:1f:
                    57:ff:c6:6a:2a:e0:d1:0e:b8:7d:8a:cc:01:90:c9:
                    8a:30:78:22:f6:ff:c9:f4:fe:23:5d:f5:c9:9a:21:
                    65:0b:20:48:39:9e:25:01:93:3a:e1:a1:63:45:8f:
                    61:58:5d:30:e0:c0:c8:d3:aa:18:f3:b4:63:ef:b5:
                    10:db:a5:b1:d4:a4:87:09:67:ca:92:90:d5:d5:82:
                    16:e8:58:2f:75:90:80:f5:b4:64:52:65:52:b7:f3:
                    cb:74:0e:96:ac:4b:d7:a6:23:3a:e9:5c:83:2b:92:
                    7b:75:14:aa:e7:cd:90:91:43:79:79:a6:97:6f:3d:
                    df:96:a9:86:8a:e9:09:2c:ef:2c:a1:b5:b5:bd:9b:
                    ac:a2:97:be:04:d1:97:94:b6:98:0b:4e:40:8a:e4:
                    e5:f3:4e:ef:b8:e9:c0:7c:c2:34:0a:4f:c4:e5:20:
                    6e:1a:55:91:e2:33:26:9d:4c:c9:1b:2a:77:4a:25:
                    d5:f9:3c:9b:ae:90:1a:f6:28:7f:64:34:fb:1b:b2:
                    80:00:44:e2:72:8f:1e:d5:62:2e:33:92:90:4a:66:
                    ff:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F4:AE:4B:D2:BF:FF:43:12:D7:AE:3D:8D:33:35:33:57:6B:D0:56
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/CfSuS9K__0MS1649jTM1M1dr0FY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:74:c2:5c:ff:44:46:29:cd:e1:44:45:04:27:ef:c9:73:2a:
         2c:0a:3a:bc:9f:cf:3b:a6:1c:f4:d8:d2:1b:79:ae:c7:fb:83:
         75:97:04:7e:06:88:80:c7:a0:46:2a:92:0d:12:f5:41:08:89:
         92:3b:4f:b2:50:50:13:90:2c:2e:57:dd:1b:56:15:e6:8e:79:
         74:33:6f:2a:91:05:d4:14:b3:d9:26:0e:39:95:b8:ef:01:d2:
         88:c1:cf:a8:ae:50:96:8e:7e:5b:46:b5:d7:be:30:0c:c6:5f:
         cb:9e:e7:be:db:6c:1e:45:90:1f:3e:1d:9c:d5:80:20:b7:c5:
         2d:41:00:07:6e:e7:1c:47:da:e8:54:cc:98:ea:41:15:e0:b9:
         17:af:36:9d:26:11:f5:a7:85:b0:fe:c5:93:f4:a5:16:58:ec:
         c8:e3:3a:ff:d9:f2:98:2c:8e:a2:46:a1:91:be:e9:65:6a:89:
         6a:7a:d4:0f:8a:33:cf:ad:9e:7f:a1:97:17:ca:ca:78:34:51:
         76:38:7b:fd:95:73:7c:1c:08:72:3b:a6:7b:9b:b1:d2:31:88:
         df:c3:6b:97:f2:73:d8:1c:76:51:88:8c:a8:22:c4:1d:29:8a:
         e8:be:21:7c:cb:75:ca:60:28:ad:0d:f2:ba:26:f5:fa:87:2a:
         cc:56:fb:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6lpxgnHgEGwtL49HCNwit8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA4MDUxNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWY0YWU0YmQyYmZmZjQzMTJkN2FlM2Q4ZDMzMzUzMzU3NmJkMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FgnTt2GFwyYou3o0LOBN62+CB/X
ahE2whI1SGz/iZPvV6YeQtP7eqLHPR9X/8ZqKuDRDrh9iswBkMmKMHgi9v/J9P4j
XfXJmiFlCyBIOZ4lAZM64aFjRY9hWF0w4MDI06oY87Rj77UQ26Wx1KSHCWfKkpDV
1YIW6FgvdZCA9bRkUmVSt/PLdA6WrEvXpiM66VyDK5J7dRSq582QkUN5eaaXbz3f
lqmGiukJLO8sobW1vZusope+BNGXlLaYC05AiuTl807vuOnAfMI0Ck/E5SBuGlWR
4jMmnUzJGyp3SiXV+TybrpAa9ih/ZDT7G7KAAETico8e1WIuM5KQSmb/PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAn0rkvSv/9DEteuPY0zNTNXa9BWMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQ2ZTdVM5S19fME1TMTY0OWpUTTFNMWRyMEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/WuMA0G
CSqGSIb3DQEBCwUAA4IBAQBndMJc/0RGKc3hREUEJ+/JcyosCjq8n887phz02NIb
ea7H+4N1lwR+BoiAx6BGKpINEvVBCImSO0+yUFATkCwuV90bVhXmjnl0M28qkQXU
FLPZJg45lbjvAdKIwc+orlCWjn5bRrXXvjAMxl/Lnue+22weRZAfPh2c1YAgt8Ut
QQAHbuccR9roVMyY6kEV4LkXrzadJhH1p4Ww/sWT9KUWWOzI4zr/2fKYLI6iRqGR
vullaolqetQPijPPrZ5/oZcXysp4NFF2OHv9lXN8HAhyO6Z7m7HSMYjfw2uX8nPY
HHZRiIyoIsQdKYroviF8y3XKYCitDfK6JvX6hyrMVvto
-----END CERTIFICATE-----