Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/HJxJ2GZiFuqjR8HWNpRugSy_a_s.roa
File:                     HJxJ2GZiFuqjR8HWNpRugSy_a_s.roa (raw, json)
Hash identifier:          a72+7u9UjrbbugH23m2wS6cJe4aft6U1gF2Wvpqdh0E=
Subject key identifier:   1C:9C:49:D8:66:62:16:EA:A3:47:C1:D6:36:94:6E:81:2C:BF:6B:FB
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019793D9F196CF25C233FD14E420F0A73D22
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/HJxJ2GZiFuqjR8HWNpRugSy_a_s.roa
Signing time:             Sat 21 Jun 2025 18:57:03 +0000
ROA not before:           Sat 21 Jun 2025 18:57:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200195
IP address blocks:        46.151.181.0/24 maxlen: 24
                          46.151.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:93:d9:f1:96:cf:25:c2:33:fd:14:e4:20:f0:a7:3d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jun 21 18:57:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c9c49d8666216eaa347c1d636946e812cbf6bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f2:c5:b6:14:9a:9f:68:00:cb:2e:97:84:f9:
                    35:63:cc:24:ec:1c:7e:e0:65:7e:f5:44:39:19:70:
                    71:9d:d7:ca:2b:0a:8f:cf:52:b2:25:a9:37:2e:1e:
                    e7:15:48:42:7d:1a:32:5f:03:22:aa:73:54:aa:83:
                    3d:48:59:bd:9d:91:c3:fb:54:3e:e6:4e:48:50:6d:
                    7f:65:b6:f8:11:ae:b6:f5:9d:81:90:94:76:33:80:
                    82:50:8d:d3:29:2b:bb:78:42:17:5c:77:69:7f:d3:
                    05:06:97:cc:5c:99:03:94:a1:ef:db:c4:cb:3e:ab:
                    04:a6:91:37:87:0a:51:b5:f4:7f:e6:cf:6c:4c:c5:
                    1f:59:c9:c8:0c:63:63:7e:81:79:9e:e3:94:de:4a:
                    e0:36:38:0f:60:1b:40:ad:2c:fb:ed:3d:5a:a0:02:
                    7b:34:69:7c:6b:90:12:de:64:b9:92:87:80:d5:c0:
                    a7:db:2f:55:24:8f:67:fa:62:01:00:35:30:f6:07:
                    d7:6e:8e:cd:19:50:55:85:cf:52:b6:39:a9:c2:6b:
                    88:82:d6:6a:89:a2:94:b0:7d:a5:1a:e3:ac:cf:90:
                    75:b6:7d:29:49:28:f9:72:8f:cf:13:f1:b5:3e:5b:
                    64:c5:44:82:b8:fd:b0:e1:07:12:e9:78:d7:42:2f:
                    a1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:9C:49:D8:66:62:16:EA:A3:47:C1:D6:36:94:6E:81:2C:BF:6B:FB
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/HJxJ2GZiFuqjR8HWNpRugSy_a_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.181.0-46.151.182.255

    Signature Algorithm: sha256WithRSAEncryption
         03:e6:e3:0a:02:55:77:8a:e2:23:d5:d5:dd:00:c2:34:f7:c9:
         0b:21:79:00:54:3f:ed:c8:39:40:f8:9f:98:e9:a9:d0:23:5b:
         7a:09:ad:a4:c7:d2:91:00:86:60:6d:ec:26:85:90:4d:7d:d7:
         fc:67:fe:00:94:bf:bc:6f:20:0f:4c:50:ca:16:5d:f4:18:49:
         0c:7c:9c:7a:ca:8b:e9:19:18:f3:a4:0c:11:4b:40:71:7f:dc:
         8e:3c:fb:4f:96:d8:f6:41:c1:31:f2:61:5f:24:7b:08:05:ff:
         87:17:45:6a:2a:0f:aa:55:21:28:1e:77:3e:fb:08:e2:ff:7d:
         33:7d:f1:de:0c:d0:a6:91:82:57:18:c0:bd:4c:83:7a:4b:39:
         ed:de:7c:5b:79:e4:2a:f5:1f:27:de:4a:a0:a9:8a:37:53:2d:
         86:55:3f:d5:36:5a:b7:a4:3d:bd:8f:d9:1e:fc:7f:e2:27:4d:
         23:87:ab:f6:05:c2:21:4c:45:3c:08:35:d5:e4:ee:a6:7c:c3:
         9c:02:63:7f:a0:7a:7b:e3:93:f8:86:02:35:51:a2:66:e2:a3:
         d6:f8:6d:e9:12:21:ee:f9:74:43:e6:8f:11:87:94:3a:e7:5b:
         46:1a:e4:50:92:50:43:d1:2c:17:f7:d4:30:56:46:9a:8b:4c:
         93:79:df:35
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZeT2fGWzyXCM/0U5CDwpz0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwNjIxMTg1NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzljNDlkODY2NjIxNmVhYTM0N2MxZDYzNjk0NmU4MTJjYmY2YmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/LFthSan2gAyy6XhPk1Y8wk7Bx+
4GV+9UQ5GXBxndfKKwqPz1KyJak3Lh7nFUhCfRoyXwMiqnNUqoM9SFm9nZHD+1Q+
5k5IUG1/Zbb4Ea629Z2BkJR2M4CCUI3TKSu7eEIXXHdpf9MFBpfMXJkDlKHv28TL
PqsEppE3hwpRtfR/5s9sTMUfWcnIDGNjfoF5nuOU3krgNjgPYBtArSz77T1aoAJ7
NGl8a5AS3mS5koeA1cCn2y9VJI9n+mIBADUw9gfXbo7NGVBVhc9StjmpwmuIgtZq
iaKUsH2lGuOsz5B1tn0pSSj5co/PE/G1PltkxUSCuP2w4QcS6XjXQi+hwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBycSdhmYhbqo0fB1jaUboEsv2v7MB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvSEp4SjJHWmlGdXFqUjhIV05wUnVnU3lfYV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAul7UD
BAAul7YwDQYJKoZIhvcNAQELBQADggEBAAPm4woCVXeK4iPV1d0AwjT3yQsheQBU
P+3IOUD4n5jpqdAjW3oJraTH0pEAhmBt7CaFkE191/xn/gCUv7xvIA9MUMoWXfQY
SQx8nHrKi+kZGPOkDBFLQHF/3I48+0+W2PZBwTHyYV8kewgF/4cXRWoqD6pVISge
dz77COL/fTN98d4M0KaRglcYwL1Mg3pLOe3efFt55Cr1HyfeSqCpijdTLYZVP9U2
WrekPb2P2R78f+InTSOHq/YFwiFMRTwINdXk7qZ8w5wCY3+genvjk/iGAjVRombi
o9b4bekSIe75dEPmjxGHlDrnW0Ya5FCSUEPRLBf31DBWRpqLTJN53zU=
-----END CERTIFICATE-----