Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QAkE9S3wWQJ-KiycoYDFBZdfaBE.roa
File:                     QAkE9S3wWQJ-KiycoYDFBZdfaBE.roa (raw, json)
Hash identifier:          fy5Ikei4AFf7lAS1iNuuB7zk8SEWSLzvHI1EFI+fBes=
Subject key identifier:   40:09:04:F5:2D:F0:59:02:7E:2A:2C:9C:A1:80:C5:05:97:5F:68:11
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E45A0AABF3905393858BF90DD76F22489
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QAkE9S3wWQJ-KiycoYDFBZdfaBE.roa
Signing time:             Wed 20 May 2026 13:43:37 +0000
ROA not before:           Wed 20 May 2026 13:43:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209557
IP address blocks:        37.202.209.0/24 maxlen: 24
                          151.245.20.0/24 maxlen: 24
                          151.245.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:13:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:45:a0:aa:bf:39:05:39:38:58:bf:90:dd:76:f2:24:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 20 13:43:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=400904f52df059027e2a2c9ca180c505975f6811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c3:00:ed:0e:7e:da:14:39:3a:33:2e:ab:bc:
                    59:53:db:69:a3:37:e4:cd:d3:3b:64:b2:b2:37:02:
                    2d:74:67:47:6c:d1:4c:bb:b5:c4:b5:cc:36:02:85:
                    2f:70:24:c1:52:33:70:f1:a8:39:50:28:5c:e7:a5:
                    7d:cd:24:25:5f:ee:6e:b0:65:d3:29:4d:7d:ad:ef:
                    47:95:ca:a5:45:1f:6f:95:46:7e:c3:4c:df:4a:64:
                    91:ad:a2:99:b0:b1:13:83:7c:96:0c:41:1e:0b:9c:
                    83:b4:25:bd:7e:6d:aa:b4:76:75:28:a0:f6:19:a1:
                    7c:5a:06:5e:4b:9d:8c:5e:62:34:f2:a3:62:a4:bf:
                    1e:1f:db:df:d8:86:ff:f2:b7:05:e2:6f:23:75:d0:
                    5e:85:45:65:65:9f:df:04:f1:75:a4:71:bd:70:9e:
                    e1:99:ef:d4:ba:fd:41:5f:cc:22:9d:f9:04:2b:b1:
                    d5:26:f5:e7:35:29:dd:ef:55:5f:32:f2:f5:2e:66:
                    a4:fa:f9:86:5b:67:0b:fc:47:43:03:bc:80:32:84:
                    36:47:fe:63:f9:f7:8d:f9:67:5f:e6:57:04:c7:57:
                    6d:bd:29:c4:a6:66:b3:55:9c:ab:bc:5b:35:54:0c:
                    8d:b5:8a:5a:69:f5:80:a8:47:90:de:ba:6e:5c:99:
                    2b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:09:04:F5:2D:F0:59:02:7E:2A:2C:9C:A1:80:C5:05:97:5F:68:11
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/QAkE9S3wWQJ-KiycoYDFBZdfaBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.209.0/24
                  151.245.20.0/24
                  151.245.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:9d:34:15:0e:bc:fe:23:b7:6a:ea:0a:8e:b8:d8:7b:1f:32:
         38:bf:c4:8b:7d:52:a1:1f:33:2a:65:60:c1:21:cb:34:7c:82:
         c5:7e:7c:a1:bf:de:f6:4a:1d:16:c1:84:22:c6:d6:03:89:8a:
         8e:c0:54:da:f3:c5:1d:af:8d:43:57:23:e9:2e:b8:21:3d:f1:
         8a:63:05:6e:91:34:6d:00:70:13:0a:00:62:1e:c5:b4:bb:0b:
         c8:1a:af:64:3f:40:9b:49:15:8d:5b:4b:cc:7b:52:b3:03:61:
         f6:35:31:2c:f7:af:17:48:9f:72:0c:9c:1e:4d:08:0b:ee:39:
         4e:fb:81:d9:2f:15:33:54:cc:c1:ce:34:b5:36:ca:42:f1:cc:
         f5:38:95:5c:b7:22:b0:a9:d2:48:bf:88:6d:3a:6b:89:0d:ca:
         81:ee:33:71:61:3e:2f:f4:f0:c3:be:f9:aa:1c:d5:aa:b2:ab:
         c9:3f:4f:98:f8:af:42:e3:7b:cc:20:1d:02:59:cb:26:aa:08:
         1c:ce:12:a5:8a:67:7b:55:92:27:63:dc:93:89:ae:c5:33:01:
         39:d6:e1:86:14:ee:22:27:6b:08:a0:33:f8:f9:cc:71:92:7c:
         b1:2d:94:1f:e2:51:21:3f:c2:25:7c:67:fa:6c:4c:25:a9:34:
         17:9d:68:db
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5FoKq/OQU5OFi/kN128iSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTIwMTM0MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDA5MDRmNTJkZjA1OTAyN2UyYTJjOWNhMTgwYzUwNTk3NWY2ODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsMA7Q5+2hQ5OjMuq7xZU9tpozfk
zdM7ZLKyNwItdGdHbNFMu7XEtcw2AoUvcCTBUjNw8ag5UChc56V9zSQlX+5usGXT
KU19re9HlcqlRR9vlUZ+w0zfSmSRraKZsLETg3yWDEEeC5yDtCW9fm2qtHZ1KKD2
GaF8WgZeS52MXmI08qNipL8eH9vf2Ib/8rcF4m8jddBehUVlZZ/fBPF1pHG9cJ7h
me/Uuv1BX8winfkEK7HVJvXnNSnd71VfMvL1Lmak+vmGW2cL/EdDA7yAMoQ2R/5j
+feN+Wdf5lcEx1dtvSnEpmazVZyrvFs1VAyNtYpaafWAqEeQ3rpuXJkrjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEAJBPUt8FkCfiosnKGAxQWXX2gRMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUUFrRTlTM3dXUUotS2l5Y29ZREZCWmRmYUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJcrRAwQA
l/UUAwQAl/XBMA0GCSqGSIb3DQEBCwUAA4IBAQACnTQVDrz+I7dq6gqOuNh7HzI4
v8SLfVKhHzMqZWDBIcs0fILFfnyhv972Sh0WwYQixtYDiYqOwFTa88Udr41DVyPp
LrghPfGKYwVukTRtAHATCgBiHsW0uwvIGq9kP0CbSRWNW0vMe1KzA2H2NTEs968X
SJ9yDJweTQgL7jlO+4HZLxUzVMzBzjS1NspC8cz1OJVctyKwqdJIv4htOmuJDcqB
7jNxYT4v9PDDvvmqHNWqsqvJP0+Y+K9C43vMIB0CWcsmqggczhKlimd7VZInY9yT
ia7FMwE51uGGFO4iJ2sIoDP4+cxxknyxLZQf4lEhP8IlfGf6bEwlqTQXnWjb
-----END CERTIFICATE-----