Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pfUEyS1XSXA1ltGueamqGfIR5Ys.roa
File:                     pfUEyS1XSXA1ltGueamqGfIR5Ys.roa (raw, json)
Hash identifier:          viPmQ+F5uVEUHb14vRpaPfuD8lkVKtcQE/OMuyENORo=
Subject key identifier:   A5:F5:04:C9:2D:57:49:70:35:96:D1:AE:79:A9:AA:19:F2:11:E5:8B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D6CA84B42DC51FF293ADB9701212C127F
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pfUEyS1XSXA1ltGueamqGfIR5Ys.roa
Signing time:             Wed 08 Apr 2026 10:34:21 +0000
ROA not before:           Wed 08 Apr 2026 10:34:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402315
IP address blocks:        151.247.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:a8:4b:42:dc:51:ff:29:3a:db:97:01:21:2c:12:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr  8 10:34:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5f504c92d5749703596d1ae79a9aa19f211e58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:43:21:04:b9:f0:fa:6f:51:f5:26:be:9f:f1:
                    87:e3:4e:d1:75:14:c8:29:48:52:3f:03:ba:b3:5e:
                    04:44:4b:f3:16:a8:0f:f9:db:24:79:2e:8e:01:eb:
                    ab:f6:65:71:14:6f:3a:7d:2b:c7:4d:97:9d:79:72:
                    fb:64:fd:86:24:ea:95:dd:03:e9:d2:8e:7d:09:44:
                    0f:b7:c0:e3:0f:06:48:93:c6:97:b9:5e:36:54:8d:
                    6b:54:0c:12:72:d7:e4:cc:6d:e5:97:45:93:8f:dc:
                    22:28:34:bd:15:f0:7f:20:2b:8f:5f:3a:cb:bf:0a:
                    2f:b5:63:a4:f0:29:cc:57:3e:a8:cd:eb:ac:16:d2:
                    6e:a5:54:0b:01:d7:bc:37:ab:f2:62:77:11:81:5a:
                    31:cd:e0:74:d3:c0:77:a4:c8:a4:71:b9:6d:a8:b2:
                    e2:57:5b:8c:fe:3f:a3:52:e8:6b:75:89:55:12:f2:
                    25:23:39:cd:17:4f:42:5c:f4:ad:33:56:97:f5:bf:
                    9d:f2:49:a2:b6:bb:55:48:af:1f:52:5d:a7:95:7d:
                    42:60:49:4a:c3:ab:62:ef:d6:fc:56:60:32:f8:ee:
                    99:b8:9c:b9:16:89:8f:7e:d5:dd:c4:94:5e:8f:ad:
                    0d:5e:17:8d:60:c9:fa:e5:ee:df:0b:0b:8a:db:a1:
                    9f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:F5:04:C9:2D:57:49:70:35:96:D1:AE:79:A9:AA:19:F2:11:E5:8B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pfUEyS1XSXA1ltGueamqGfIR5Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.247.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:86:ad:33:6b:35:c1:25:69:94:e8:02:bd:6e:a7:1b:6c:f3:
         a7:32:80:dd:28:ef:05:3e:4e:7b:1f:71:18:ea:8a:43:02:c1:
         b9:ab:3d:42:a0:70:d7:43:41:14:29:b9:73:b1:bf:ad:74:6e:
         c2:37:82:17:e0:59:ab:0e:09:d8:f6:21:9e:eb:8e:60:04:52:
         4b:6b:98:b3:0d:24:5b:4f:43:a5:e6:f1:09:7f:76:e6:b5:a9:
         d6:8b:77:af:4a:4f:6f:ab:96:21:56:f0:44:eb:70:5a:55:1a:
         f7:2a:18:d4:7a:9b:f1:e9:03:84:53:3a:f3:c9:9e:85:63:34:
         e1:8e:09:eb:35:9b:ef:93:52:9a:33:39:73:1e:65:86:7a:cb:
         eb:15:f9:cc:54:a7:d9:3b:2e:9d:1d:a3:32:bc:08:ec:ac:98:
         da:8d:97:d6:2f:35:b2:8f:21:76:a8:60:c4:97:7a:de:54:5e:
         32:2a:b4:b8:23:7d:8e:c1:d5:47:1b:66:0d:98:58:2a:b3:d9:
         da:f3:a4:2c:ec:ee:0b:7d:a5:57:be:5f:ca:6f:8d:1b:b7:e6:
         0d:b7:6f:d3:01:0f:a7:90:60:db:08:5d:7c:44:da:1f:18:2d:
         57:a2:a3:2a:f8:67:4e:f7:b2:83:da:2d:20:2e:b1:83:39:88:
         0f:08:b5:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1sqEtC3FH/KTrblwEhLBJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDA4MTAzNDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWY1MDRjOTJkNTc0OTcwMzU5NmQxYWU3OWE5YWExOWYyMTFlNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUMhBLnw+m9R9Sa+n/GH407RdRTI
KUhSPwO6s14EREvzFqgP+dskeS6OAeur9mVxFG86fSvHTZedeXL7ZP2GJOqV3QPp
0o59CUQPt8DjDwZIk8aXuV42VI1rVAwSctfkzG3ll0WTj9wiKDS9FfB/ICuPXzrL
vwovtWOk8CnMVz6ozeusFtJupVQLAde8N6vyYncRgVoxzeB008B3pMikcbltqLLi
V1uM/j+jUuhrdYlVEvIlIznNF09CXPStM1aX9b+d8kmitrtVSK8fUl2nlX1CYElK
w6ti79b8VmAy+O6ZuJy5FomPftXdxJRej60NXheNYMn65e7fCwuK26GfxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKX1BMktV0lwNZbRrnmpqhnyEeWLMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcGZVRXlTMVhTWEExbHRHdWVhbXFHZklSNVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/f5MA0G
CSqGSIb3DQEBCwUAA4IBAQBMhq0zazXBJWmU6AK9bqcbbPOnMoDdKO8FPk57H3EY
6opDAsG5qz1CoHDXQ0EUKblzsb+tdG7CN4IX4FmrDgnY9iGe645gBFJLa5izDSRb
T0Ol5vEJf3bmtanWi3evSk9vq5YhVvBE63BaVRr3KhjUepvx6QOEUzrzyZ6FYzTh
jgnrNZvvk1KaMzlzHmWGesvrFfnMVKfZOy6dHaMyvAjsrJjajZfWLzWyjyF2qGDE
l3reVF4yKrS4I32OwdVHG2YNmFgqs9na86Qs7O4LfaVXvl/Kb40bt+YNt2/TAQ+n
kGDbCF18RNofGC1XoqMq+GdO97KD2i0gLrGDOYgPCLU0
-----END CERTIFICATE-----