Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fuKyhkfOXh_Ke8JqnVXlcXmfa1E.roa
File:                     fuKyhkfOXh_Ke8JqnVXlcXmfa1E.roa (raw, json)
Hash identifier:          nEOp52PyXenZocLlVHiOoo5kDgDcQPOEG59LUU8M9Ow=
Subject key identifier:   7E:E2:B2:86:47:CE:5E:1F:CA:7B:C2:6A:9D:55:E5:71:79:9F:6B:51
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E2B619DA2F9AEEBC1A9C8519A1165DD8C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fuKyhkfOXh_Ke8JqnVXlcXmfa1E.roa
Signing time:             Fri 15 May 2026 11:24:38 +0000
ROA not before:           Fri 15 May 2026 11:24:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200536
IP address blocks:        151.245.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:61:9d:a2:f9:ae:eb:c1:a9:c8:51:9a:11:65:dd:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 15 11:24:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ee2b28647ce5e1fca7bc26a9d55e571799f6b51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3e:0e:d4:b1:e8:93:38:79:73:f3:6a:25:9d:
                    e9:a8:a6:a0:c8:4c:00:99:65:47:a5:54:cb:2d:4b:
                    d3:ca:bb:54:c4:dc:c3:8b:72:3d:e7:fc:d8:42:7f:
                    45:4b:5a:60:5c:74:d6:8c:3f:5a:fb:aa:99:f1:8b:
                    e7:fa:54:e9:8c:e6:8f:c1:51:6b:1c:73:a3:48:a3:
                    02:bd:8d:f7:ae:cc:02:94:08:59:5b:fc:f9:8e:f3:
                    62:7b:58:f6:1c:b3:6f:9d:7e:48:7b:05:4b:16:48:
                    5f:5d:a4:73:16:92:9c:cd:a6:ea:40:43:6e:8c:1d:
                    a6:bb:31:d1:82:86:ee:35:0a:eb:bc:ce:56:8a:3c:
                    6e:e6:2d:2e:f9:3c:ff:e5:a9:81:6a:58:31:ac:a4:
                    87:91:19:b5:dd:ea:5d:aa:36:0e:2a:c0:d0:b6:36:
                    84:b9:97:fc:c5:fb:a6:15:50:91:a8:c5:46:b4:34:
                    57:85:43:ba:24:96:7a:1e:4b:5e:32:79:4d:d1:ac:
                    a6:90:42:a2:6d:73:90:2e:04:7b:8b:87:ca:cf:5f:
                    2c:06:db:44:da:43:40:e0:b0:e4:2d:f3:a0:28:a5:
                    08:1a:6c:86:7b:b1:fe:86:8a:41:d2:b0:bf:3e:5f:
                    24:03:22:20:05:7f:00:6b:d8:e2:da:85:ef:0f:fc:
                    7d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E2:B2:86:47:CE:5E:1F:CA:7B:C2:6A:9D:55:E5:71:79:9F:6B:51
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/fuKyhkfOXh_Ke8JqnVXlcXmfa1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:4b:b3:68:9c:db:27:47:2e:86:44:e3:29:af:ec:3c:eb:ed:
         c1:64:e3:e0:fb:e1:8e:84:77:77:34:4a:89:af:2a:e5:fc:a3:
         d3:d7:bb:bb:bb:ef:1b:86:43:d0:ff:da:3c:b2:65:05:4c:3a:
         f5:7b:34:e6:57:83:51:70:70:f6:cc:8d:3b:42:73:3b:7f:6d:
         0b:90:73:c0:94:01:fd:ed:5f:24:0e:12:35:6c:e4:bb:a0:38:
         e5:f1:46:98:91:5c:4b:63:e2:59:fa:8d:9c:56:db:a5:c1:44:
         8c:cd:a6:5c:16:db:01:eb:44:3c:51:0e:85:38:10:a4:c6:7e:
         06:81:f8:32:b2:af:b3:53:76:58:b6:45:6c:ee:a8:21:5c:c8:
         f9:ed:02:1c:36:ae:db:ab:46:6a:e5:d8:96:72:f3:28:c9:af:
         13:fe:9b:c4:4d:05:b8:ed:58:75:80:58:06:0e:88:cd:88:17:
         4a:86:52:e2:ce:e9:c2:5d:58:7a:99:8b:26:c0:15:a1:70:78:
         7a:a4:85:65:95:0d:0b:a4:11:2e:4b:6c:86:61:4f:ce:a7:0b:
         a8:d3:b6:c2:07:96:e8:2c:ac:0e:5e:a6:d2:4d:21:83:8e:0a:
         af:da:d5:ed:8f:ce:3a:60:dc:48:b6:96:a7:b4:36:4c:1a:3a:
         22:1e:d9:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rYZ2i+a7rwanIUZoRZd2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTE1MTEyNDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWUyYjI4NjQ3Y2U1ZTFmY2E3YmMyNmE5ZDU1ZTU3MTc5OWY2YjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlT4O1LHokzh5c/NqJZ3pqKagyEwA
mWVHpVTLLUvTyrtUxNzDi3I95/zYQn9FS1pgXHTWjD9a+6qZ8Yvn+lTpjOaPwVFr
HHOjSKMCvY33rswClAhZW/z5jvNie1j2HLNvnX5IewVLFkhfXaRzFpKczabqQENu
jB2muzHRgobuNQrrvM5Wijxu5i0u+Tz/5amBalgxrKSHkRm13epdqjYOKsDQtjaE
uZf8xfumFVCRqMVGtDRXhUO6JJZ6HkteMnlN0aymkEKibXOQLgR7i4fKz18sBttE
2kNA4LDkLfOgKKUIGmyGe7H+hopB0rC/Pl8kAyIgBX8Aa9ji2oXvD/x9iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7isoZHzl4fynvCap1V5XF5n2tRMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZnVLeWhrZk9YaF9LZThKcW5WWGxjWG1mYTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/WiMA0G
CSqGSIb3DQEBCwUAA4IBAQAQS7NonNsnRy6GROMpr+w86+3BZOPg++GOhHd3NEqJ
ryrl/KPT17u7u+8bhkPQ/9o8smUFTDr1ezTmV4NRcHD2zI07QnM7f20LkHPAlAH9
7V8kDhI1bOS7oDjl8UaYkVxLY+JZ+o2cVtulwUSMzaZcFtsB60Q8UQ6FOBCkxn4G
gfgysq+zU3ZYtkVs7qghXMj57QIcNq7bq0Zq5diWcvMoya8T/pvETQW47Vh1gFgG
DojNiBdKhlLizunCXVh6mYsmwBWhcHh6pIVllQ0LpBEuS2yGYU/Opwuo07bCB5bo
LKwOXqbSTSGDjgqv2tXtj846YNxItpantDZMGjoiHtnU
-----END CERTIFICATE-----