Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FRV60vvAiyliX-6lCcjm5k3HBps.roa
File:                     FRV60vvAiyliX-6lCcjm5k3HBps.roa (raw, json)
Hash identifier:          pwr8HdKEIroHdLy6MXBOSAgxvVrv92YUI3QS+oGroEQ=
Subject key identifier:   15:15:7A:D2:FB:C0:8B:29:62:5F:EE:A5:09:C8:E6:E6:4D:C7:06:9B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019C36944CF6B109AE3C590B06D8DD44FF4A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FRV60vvAiyliX-6lCcjm5k3HBps.roa
Signing time:             Sat 07 Feb 2026 05:30:14 +0000
ROA not before:           Sat 07 Feb 2026 05:30:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        151.241.17.0/24 maxlen: 24
                          151.242.111.0/24 maxlen: 24
                          151.247.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:36:94:4c:f6:b1:09:ae:3c:59:0b:06:d8:dd:44:ff:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb  7 05:30:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15157ad2fbc08b29625feea509c8e6e64dc7069b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c5:5c:b5:b5:a0:53:b7:71:f3:e1:a4:e9:06:
                    8b:8f:e9:64:f2:7d:a2:dd:a9:81:40:34:98:40:36:
                    2c:af:48:8d:99:5d:1f:b8:c9:35:71:8f:48:f0:7c:
                    f1:54:81:ea:06:4c:c9:88:44:74:c3:0a:57:5f:ab:
                    37:53:7c:e5:2e:8d:0e:39:3b:f1:94:bb:6d:91:f0:
                    26:8a:b0:0d:4f:b7:25:96:19:2f:48:58:6f:77:93:
                    ef:b5:38:a9:f1:f8:db:df:1e:95:c3:63:bd:ee:7a:
                    ee:55:13:a1:a3:c1:6b:cc:b9:69:72:1c:d3:db:0f:
                    56:b6:50:f0:d6:bf:f0:bb:63:16:49:b0:3f:8c:61:
                    b6:1b:f4:9b:89:75:7d:b1:05:6d:9a:e5:f8:c0:3c:
                    a4:91:d8:61:e3:c8:9c:cd:de:33:ae:67:0a:31:9e:
                    44:96:34:3e:03:c0:70:ae:eb:61:01:a4:5d:84:77:
                    c8:ab:57:f6:48:7a:ae:eb:02:d7:6d:99:77:4e:fa:
                    b7:b1:67:73:ec:62:b1:eb:a8:20:55:57:ce:dc:10:
                    45:cd:46:e6:82:d8:bc:f4:5b:91:db:dd:d4:69:36:
                    e4:ba:ff:15:62:09:30:61:c1:17:3e:9a:8e:0a:09:
                    c4:d7:74:a1:e7:48:a1:d2:a8:b5:19:5d:30:dd:90:
                    b1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:15:7A:D2:FB:C0:8B:29:62:5F:EE:A5:09:C8:E6:E6:4D:C7:06:9B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/FRV60vvAiyliX-6lCcjm5k3HBps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.17.0/24
                  151.242.111.0/24
                  151.247.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:be:43:6b:fe:15:7c:d1:aa:2b:5b:d6:da:62:52:81:1a:24:
         af:b5:c1:54:dc:04:82:4f:c0:7e:ac:45:c2:7f:d7:1e:2d:36:
         c3:cb:30:0e:65:53:0f:aa:5b:78:89:55:16:1f:e6:63:af:61:
         df:65:af:65:a7:4d:2b:04:1f:16:c8:a1:6c:b8:00:3a:67:99:
         5d:66:86:75:b0:4b:ae:21:88:b3:53:dc:ae:ca:ce:8b:e8:23:
         11:1c:be:3a:c9:20:53:e1:ef:a4:69:fb:b7:88:c7:76:45:1c:
         78:4b:dd:62:63:26:a8:f4:0d:2c:5f:d6:c2:b0:3c:62:ef:a0:
         fd:fc:55:02:00:3e:4a:c6:12:44:a4:54:fb:22:57:97:56:4a:
         be:b2:cb:d2:d9:d7:c1:22:fb:e1:93:cd:3e:a3:74:c3:fb:c4:
         d0:a4:e8:8e:24:0c:cd:4c:aa:a1:56:1a:fd:61:c8:d1:ed:94:
         20:a7:57:bf:5f:d3:e0:32:b6:95:c6:68:32:10:51:67:19:71:
         fe:41:21:2d:6c:2b:98:6e:f7:35:07:dc:41:5f:9c:44:70:7c:
         b4:04:05:0b:27:38:31:f3:1f:bf:dd:dc:eb:06:6a:ad:21:db:
         7c:e0:b3:aa:8f:94:61:d0:ff:94:c3:51:31:4e:86:ec:23:66:
         ab:c4:ca:e0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZw2lEz2sQmuPFkLBtjdRP9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjA3MDUzMDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTE1N2FkMmZiYzA4YjI5NjI1ZmVlYTUwOWM4ZTZlNjRkYzcwNjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cVctbWgU7dx8+Gk6QaLj+lk8n2i
3amBQDSYQDYsr0iNmV0fuMk1cY9I8HzxVIHqBkzJiER0wwpXX6s3U3zlLo0OOTvx
lLttkfAmirANT7cllhkvSFhvd5PvtTip8fjb3x6Vw2O97nruVROho8FrzLlpchzT
2w9WtlDw1r/wu2MWSbA/jGG2G/SbiXV9sQVtmuX4wDykkdhh48iczd4zrmcKMZ5E
ljQ+A8BwruthAaRdhHfIq1f2SHqu6wLXbZl3Tvq3sWdz7GKx66ggVVfO3BBFzUbm
gti89FuR293UaTbkuv8VYgkwYcEXPpqOCgnE13Sh50ih0qi1GV0w3ZCxQwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBUVetL7wIspYl/upQnI5uZNxwabMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRlJWNjB2dkFpeWxpWC02bENjam01azNIQnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/ERAwQA
l/JvAwQAl/ciMA0GCSqGSIb3DQEBCwUAA4IBAQBWvkNr/hV80aorW9baYlKBGiSv
tcFU3ASCT8B+rEXCf9ceLTbDyzAOZVMPqlt4iVUWH+Zjr2HfZa9lp00rBB8WyKFs
uAA6Z5ldZoZ1sEuuIYizU9yuys6L6CMRHL46ySBT4e+kafu3iMd2RRx4S91iYyao
9A0sX9bCsDxi76D9/FUCAD5KxhJEpFT7IleXVkq+ssvS2dfBIvvhk80+o3TD+8TQ
pOiOJAzNTKqhVhr9YcjR7ZQgp1e/X9PgMraVxmgyEFFnGXH+QSEtbCuYbvc1B9xB
X5xEcHy0BAULJzgx8x+/3dzrBmqtIdt84LOqj5Rh0P+Uw1ExTobsI2arxMrg
-----END CERTIFICATE-----