Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/8f064e-09b4-472c-9aa4-52c9af660b37/1/51iSXNXbLmvTLItGRvoRtGfr2K4.roa
File:                     51iSXNXbLmvTLItGRvoRtGfr2K4.roa (raw, json)
Hash identifier:          mxwbG4mvPMTjMzVFCzi4Qb5/YZ7wF3FzdOkJfABIOVo=
Subject key identifier:   E7:58:92:5C:D5:DB:2E:6B:D3:2C:8B:46:46:FA:11:B4:67:EB:D8:AE
Certificate issuer:       /CN=bfec74390b9bfe146b7e93e92e9895042098e643
Certificate serial:       019D6470793655C23924299F992EE1C662D7
Authority key identifier: BF:EC:74:39:0B:9B:FE:14:6B:7E:93:E9:2E:98:95:04:20:98:E6:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-x0OQub_hRrfpPpLpiVBCCY5kM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/8f064e-09b4-472c-9aa4-52c9af660b37/1/51iSXNXbLmvTLItGRvoRtGfr2K4.roa
Signing time:             Mon 06 Apr 2026 20:16:25 +0000
ROA not before:           Mon 06 Apr 2026 20:16:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397477
IP address blocks:        46.18.1.0/24 maxlen: 24
                          46.18.2.0/24 maxlen: 24
                          46.18.6.0/24 maxlen: 24
                          46.18.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/8f064e-09b4-472c-9aa4-52c9af660b37/1/v-x0OQub_hRrfpPpLpiVBCCY5kM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/8f064e-09b4-472c-9aa4-52c9af660b37/1/v-x0OQub_hRrfpPpLpiVBCCY5kM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-x0OQub_hRrfpPpLpiVBCCY5kM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 23:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:64:70:79:36:55:c2:39:24:29:9f:99:2e:e1:c6:62:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfec74390b9bfe146b7e93e92e9895042098e643
        Validity
            Not Before: Apr  6 20:16:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e758925cd5db2e6bd32c8b4646fa11b467ebd8ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4f:c9:b1:ab:3d:2e:83:69:b5:15:ac:cc:c5:
                    14:c1:31:d6:d6:8e:38:02:ec:e5:fe:94:c1:38:7b:
                    7c:ff:e7:32:c4:57:61:2c:80:7e:f9:73:07:ba:fa:
                    f1:42:fe:ef:f6:c5:52:68:40:a0:46:4c:1b:da:ad:
                    10:36:c5:55:12:0c:81:fb:eb:c9:56:1a:a4:67:be:
                    09:8a:d7:5f:ee:bc:ca:44:c3:84:df:67:87:91:50:
                    1a:12:44:9a:a0:8c:a1:60:99:2e:f8:ca:0b:9a:06:
                    19:04:af:a9:06:50:1f:cd:06:78:9a:37:48:7e:9d:
                    8f:4a:0d:d7:0a:a8:54:1c:4e:70:54:2f:ce:27:2a:
                    15:e6:87:db:d8:b7:04:34:9f:75:36:ab:d8:9d:68:
                    2b:08:56:af:0c:a0:8b:2b:2e:3c:5f:bd:d1:36:a3:
                    78:3e:99:78:cf:82:e0:ab:1c:66:92:ce:f6:03:de:
                    9d:8e:6a:47:e5:24:54:42:eb:97:a3:47:26:60:23:
                    ba:f5:66:53:ad:90:98:92:98:a1:09:a0:cf:6e:c1:
                    b0:7b:c5:04:a3:51:03:3f:d3:c3:29:b3:08:d2:02:
                    3e:69:8f:d4:ac:2d:17:3c:98:df:18:46:fb:73:46:
                    4d:3b:ce:5d:93:35:45:e7:69:ca:79:26:86:83:53:
                    bf:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:58:92:5C:D5:DB:2E:6B:D3:2C:8B:46:46:FA:11:B4:67:EB:D8:AE
            X509v3 Authority Key Identifier:
                keyid:BF:EC:74:39:0B:9B:FE:14:6B:7E:93:E9:2E:98:95:04:20:98:E6:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-x0OQub_hRrfpPpLpiVBCCY5kM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8f064e-09b4-472c-9aa4-52c9af660b37/1/51iSXNXbLmvTLItGRvoRtGfr2K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8f064e-09b4-472c-9aa4-52c9af660b37/1/v-x0OQub_hRrfpPpLpiVBCCY5kM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.1.0-46.18.2.255
                  46.18.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:3e:c6:4a:de:cc:0d:97:a8:d6:c9:08:1f:71:f0:0a:16:cd:
         e1:78:21:5a:a4:7f:49:b3:6b:18:a6:37:6f:d8:98:e5:f6:95:
         a7:6f:14:e6:c4:40:4f:a0:65:ce:4c:cc:4e:de:be:54:89:69:
         d5:49:67:ed:64:e3:34:99:23:dc:30:0a:48:32:c6:ed:61:66:
         05:9c:ec:28:1e:2e:2a:96:34:c9:42:ac:e4:90:88:ff:5e:d9:
         8c:0f:75:60:d1:1c:d4:cb:3c:a6:ab:92:88:36:45:0b:81:8e:
         e0:97:bb:28:fe:64:15:96:f9:16:9d:0c:a0:d0:d0:bd:dd:a0:
         12:e6:b8:26:1a:d2:fa:82:12:e2:e9:32:c7:35:df:4e:c8:c4:
         8b:0e:e2:cb:0e:a6:43:21:a6:80:48:18:90:87:6a:34:d5:57:
         82:e5:76:88:64:3f:5b:89:67:17:54:5d:73:69:93:ae:cd:b9:
         fd:aa:a7:65:6b:b3:52:e7:b2:47:94:73:37:cc:9a:8e:36:ca:
         81:85:9b:0b:23:b0:c0:2a:8f:e5:93:6e:d9:b7:e9:0b:57:c3:
         b5:54:d0:7a:a2:72:3e:86:bb:d1:82:59:a1:1f:ce:0c:5c:d0:
         8e:ad:4d:22:90:33:e2:2b:b5:e7:1e:bd:71:3a:00:b0:4d:6a:
         3e:b5:81:ea
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ1kcHk2VcI5JCmfmS7hxmLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZWM3NDM5MGI5YmZlMTQ2YjdlOTNlOTJlOTg5NTA0MjA5
OGU2NDMwHhcNMjYwNDA2MjAxNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzU4OTI1Y2Q1ZGIyZTZiZDMyYzhiNDY0NmZhMTFiNDY3ZWJkOGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk/Jsas9LoNptRWszMUUwTHW1o44
Auzl/pTBOHt8/+cyxFdhLIB++XMHuvrxQv7v9sVSaECgRkwb2q0QNsVVEgyB++vJ
VhqkZ74Jitdf7rzKRMOE32eHkVAaEkSaoIyhYJku+MoLmgYZBK+pBlAfzQZ4mjdI
fp2PSg3XCqhUHE5wVC/OJyoV5ofb2LcENJ91NqvYnWgrCFavDKCLKy48X73RNqN4
Ppl4z4Lgqxxmks72A96djmpH5SRUQuuXo0cmYCO69WZTrZCYkpihCaDPbsGwe8UE
o1EDP9PDKbMI0gI+aY/UrC0XPJjfGEb7c0ZNO85dkzVF52nKeSaGg1O/nQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOdYklzV2y5r0yyLRkb6EbRn69iuMB8GA1UdIwQY
MBaAFL/sdDkLm/4Ua36T6S6YlQQgmOZDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi14ME9RdWJfaFJyZnBQcExwaVZCQ0NZNWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84ZjA2NGUtMDliNC00NzJjLTlhYTQt
NTJjOWFmNjYwYjM3LzEvNTFpU1hOWGJMbXZUTEl0R1J2b1J0R2ZyMks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84ZjA2NGUtMDliNC00NzJjLTlhYTQtNTJjOWFmNjYwYjM3
LzEvdi14ME9RdWJfaFJyZnBQcExwaVZCQ0NZNWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAuEgED
BAAuEgIDBAEuEgYwDQYJKoZIhvcNAQELBQADggEBAGg+xkrezA2XqNbJCB9x8AoW
zeF4IVqkf0mzaximN2/YmOX2ladvFObEQE+gZc5MzE7evlSJadVJZ+1k4zSZI9ww
Ckgyxu1hZgWc7CgeLiqWNMlCrOSQiP9e2YwPdWDRHNTLPKarkog2RQuBjuCXuyj+
ZBWW+RadDKDQ0L3doBLmuCYa0vqCEuLpMsc1307IxIsO4ssOpkMhpoBIGJCHajTV
V4LldohkP1uJZxdUXXNpk67Nuf2qp2Vrs1LnskeUczfMmo42yoGFmwsjsMAqj+WT
btm36QtXw7VU0Hqicj6Gu9GCWaEfzgxc0I6tTSKQM+IrtecevXE6ALBNaj61geo=
-----END CERTIFICATE-----