Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_fpK6is2LgAKhCZosZpLF4VIsfs.roa
File:                     _fpK6is2LgAKhCZosZpLF4VIsfs.roa (raw, json)
Hash identifier:          RAQk5YOqme1kLPzOp5qX1/WEC05G6c4NkX14wf9Bnjg=
Subject key identifier:   FD:FA:4A:EA:2B:36:2E:00:0A:84:26:68:B1:9A:4B:17:85:48:B1:FB
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E963D2BB279374863B63CCEED6C37DC68
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_fpK6is2LgAKhCZosZpLF4VIsfs.roa
Signing time:             Fri 05 Jun 2026 05:24:11 +0000
ROA not before:           Fri 05 Jun 2026 05:24:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402276
IP address blocks:        151.247.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:13:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:3d:2b:b2:79:37:48:63:b6:3c:ce:ed:6c:37:dc:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  5 05:24:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fdfa4aea2b362e000a842668b19a4b178548b1fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:62:ec:e1:d3:b9:48:b4:09:45:a8:aa:34:09:
                    f5:46:d6:79:2a:db:91:02:74:55:3d:59:4a:a9:50:
                    75:4e:79:49:d6:62:85:f9:2e:b2:31:f5:30:f4:73:
                    90:9a:94:71:e9:39:64:d9:9b:da:d3:20:8c:30:00:
                    31:46:d6:01:98:a0:f3:83:82:20:74:86:1e:18:30:
                    c4:b6:58:aa:9c:4c:e0:46:a7:95:32:37:76:ab:08:
                    15:d2:6f:e4:9a:48:61:fb:e7:2d:70:76:76:d6:a3:
                    0c:b7:83:bd:4a:c8:40:ab:be:1a:4a:48:19:b3:90:
                    ac:0f:b3:27:08:7f:d7:cb:d1:d0:ff:2b:6e:70:23:
                    d3:26:b3:a1:7b:61:e1:45:04:ab:ad:a7:7c:5c:fc:
                    82:67:47:55:8f:2c:c7:6e:96:9f:75:06:3b:11:ca:
                    c5:6f:05:a8:81:8c:d3:dc:ea:b3:73:89:c3:84:c8:
                    aa:f3:c6:c6:a7:89:32:e8:c2:64:eb:1a:6d:95:47:
                    43:81:e9:3b:1c:2e:c7:e5:ef:b4:00:43:a0:1d:00:
                    22:0e:54:0d:d0:24:77:72:6b:f9:5b:95:db:6f:9a:
                    c7:94:48:73:23:5a:c4:77:78:f2:48:8d:f7:32:24:
                    e9:89:3b:54:a9:86:3d:4f:7b:84:1b:c2:b0:fb:79:
                    10:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FA:4A:EA:2B:36:2E:00:0A:84:26:68:B1:9A:4B:17:85:48:B1:FB
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_fpK6is2LgAKhCZosZpLF4VIsfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:f4:d8:ad:a1:8c:91:8e:0a:99:ea:74:67:9e:39:15:03:32:
         6d:38:b0:8e:24:f2:89:e6:f9:c5:4f:7d:49:8a:d0:82:36:90:
         f3:a9:c4:eb:e1:73:72:24:74:9d:6c:ca:b1:5a:16:31:0e:ea:
         d1:ba:72:5c:16:6d:f9:6d:a7:7b:1c:2f:9b:26:0a:39:3e:a6:
         e4:f1:b2:98:a1:6e:6e:e8:d8:38:10:55:9d:7d:7c:d4:9b:d3:
         dc:d9:21:2f:85:12:14:8f:0b:c6:2a:df:9a:76:64:49:7f:9b:
         bc:f2:87:3f:29:7b:70:95:fb:6e:52:2b:3e:ba:0d:fb:23:7e:
         58:a5:c0:de:37:0e:97:0e:d1:88:3b:c3:a1:cc:74:82:c9:b3:
         49:7b:49:34:f9:ac:0b:23:cd:f9:7c:0b:b0:ad:8b:f4:f9:9e:
         93:e1:9b:93:53:68:49:29:35:b7:71:5f:79:8e:18:86:14:21:
         e3:f1:4b:ad:eb:99:e5:f3:80:0f:4c:87:61:52:9d:3e:cd:e8:
         66:66:0b:72:51:d5:e1:da:ed:1f:d0:ff:aa:ed:e7:25:62:b1:
         3c:da:55:c9:ba:31:c9:54:66:e5:31:d5:eb:7c:65:06:52:c5:
         70:b3:45:b2:50:ce:59:f2:59:75:9b:4b:e1:7f:88:31:b8:5c:
         fd:a2:a3:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6WPSuyeTdIY7Y8zu1sN9xoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjA1MDUyNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGZhNGFlYTJiMzYyZTAwMGE4NDI2NjhiMTlhNGIxNzg1NDhiMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWLs4dO5SLQJRaiqNAn1RtZ5KtuR
AnRVPVlKqVB1TnlJ1mKF+S6yMfUw9HOQmpRx6Tlk2Zva0yCMMAAxRtYBmKDzg4Ig
dIYeGDDEtliqnEzgRqeVMjd2qwgV0m/kmkhh++ctcHZ21qMMt4O9SshAq74aSkgZ
s5CsD7MnCH/Xy9HQ/ytucCPTJrOhe2HhRQSrrad8XPyCZ0dVjyzHbpafdQY7EcrF
bwWogYzT3Oqzc4nDhMiq88bGp4ky6MJk6xptlUdDgek7HC7H5e+0AEOgHQAiDlQN
0CR3cmv5W5Xbb5rHlEhzI1rEd3jySI33MiTpiTtUqYY9T3uEG8Kw+3kQ3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP36SuorNi4ACoQmaLGaSxeFSLH7MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvX2ZwSzZpczJMZ0FLaENab3NacExGNFZJc2ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/ciMA0G
CSqGSIb3DQEBCwUAA4IBAQBI9NitoYyRjgqZ6nRnnjkVAzJtOLCOJPKJ5vnFT31J
itCCNpDzqcTr4XNyJHSdbMqxWhYxDurRunJcFm35bad7HC+bJgo5Pqbk8bKYoW5u
6Ng4EFWdfXzUm9Pc2SEvhRIUjwvGKt+admRJf5u88oc/KXtwlftuUis+ug37I35Y
pcDeNw6XDtGIO8OhzHSCybNJe0k0+awLI835fAuwrYv0+Z6T4ZuTU2hJKTW3cV95
jhiGFCHj8Uut65nl84APTIdhUp0+zehmZgtyUdXh2u0f0P+q7eclYrE82lXJujHJ
VGblMdXrfGUGUsVws0WyUM5Z8ll1m0vhf4gxuFz9oqO7
-----END CERTIFICATE-----