Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/DTm4ZRdrS6o-tB4sDbpyIIHOChM.roa
File:                     DTm4ZRdrS6o-tB4sDbpyIIHOChM.roa (raw, json)
Hash identifier:          Md7t3cm1SdQhahQoy1JmBwoUykabgC9sk5N6vavyamg=
Subject key identifier:   0D:39:B8:65:17:6B:4B:AA:3E:B4:1E:2C:0D:BA:72:20:81:CE:0A:13
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019E5E1E2EB9084673311469928A005FD5DD
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/DTm4ZRdrS6o-tB4sDbpyIIHOChM.roa
Signing time:             Mon 25 May 2026 07:51:36 +0000
ROA not before:           Mon 25 May 2026 07:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211443
IP address blocks:        46.151.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:1e:2e:b9:08:46:73:31:14:69:92:8a:00:5f:d5:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: May 25 07:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d39b865176b4baa3eb41e2c0dba722081ce0a13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c3:19:af:dc:dc:78:d0:ea:5a:0f:0d:76:f8:
                    3d:91:17:47:85:ab:8c:92:80:b5:3a:15:19:6a:0f:
                    57:be:19:94:7e:f7:bd:9f:23:84:9d:69:22:fc:38:
                    a6:e2:1c:1e:4d:ab:e1:96:e2:55:99:d2:ff:9c:66:
                    e9:8f:7d:70:b8:2f:34:fe:3e:5d:c8:b0:c3:53:d7:
                    d8:b7:13:bf:33:00:36:08:f7:29:c9:8e:36:ba:22:
                    9f:72:21:21:a1:cb:9c:65:47:4d:cd:03:aa:f1:38:
                    50:81:56:d1:e3:11:9c:be:3c:c7:2f:4f:0c:6c:25:
                    2e:4d:97:52:1d:63:ce:bf:31:98:21:0d:6c:ef:54:
                    e9:28:b1:b4:96:22:77:1b:72:10:df:6a:89:c9:43:
                    b5:55:ca:72:6c:ef:df:9c:b9:18:e5:86:61:ba:59:
                    37:0b:dd:8e:37:d5:71:97:6e:01:f1:1b:54:ab:44:
                    22:10:d5:77:8f:ce:17:22:b9:6b:f1:4c:02:4c:15:
                    13:d0:00:7f:55:f4:d3:50:8f:76:b0:de:87:77:34:
                    18:d9:6f:03:0d:6e:80:51:df:30:8e:5b:a5:b9:9f:
                    f3:88:46:12:87:df:ae:d9:c6:e8:27:eb:5a:42:04:
                    1c:1a:3c:19:88:23:e7:b9:15:0f:63:7d:0b:6e:29:
                    0c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:39:B8:65:17:6B:4B:AA:3E:B4:1E:2C:0D:BA:72:20:81:CE:0A:13
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/DTm4ZRdrS6o-tB4sDbpyIIHOChM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c5:01:76:a2:8b:d8:d4:71:7a:54:9e:42:06:26:05:11:63:
         a4:2f:18:4e:aa:6a:4b:ef:36:88:5f:12:ed:65:6f:48:14:11:
         7c:3c:44:c0:5f:f6:0c:44:42:d0:b1:aa:ca:c5:4c:be:79:f2:
         5c:1c:4e:16:4f:e3:4d:4c:7c:8c:ae:c1:f9:69:a6:f6:39:f9:
         04:14:dd:d1:d3:16:04:3e:07:36:f5:f6:81:fa:37:80:55:c0:
         b5:c3:f1:b7:3e:fd:13:71:9a:83:a6:a6:d3:2c:3b:49:f2:1e:
         ae:32:54:bd:4b:46:d8:40:5e:25:fd:23:08:0f:68:78:59:87:
         0e:34:17:54:3a:d6:2c:33:e8:cf:6e:17:14:64:37:82:af:ee:
         50:07:67:31:97:7b:d5:d3:7a:24:77:13:e1:fe:bd:0f:80:27:
         7b:81:d7:ca:2a:3d:dc:56:01:43:8b:f8:75:f7:fc:c7:0c:83:
         5b:31:04:0c:2b:55:73:1f:dd:ad:39:63:11:05:d0:de:15:f6:
         d9:96:ba:e1:e2:89:4c:e9:af:bf:37:34:a6:18:86:bb:a5:a2:
         0b:9d:93:ee:e7:22:ad:e1:a7:d9:8b:b1:0e:b3:c0:65:47:73:
         01:4c:29:ad:17:3f:6b:3e:cc:32:b9:f7:d7:3e:4c:ff:e4:19:
         fe:7d:3c:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5eHi65CEZzMRRpkooAX9XdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNTI1MDc1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDM5Yjg2NTE3NmI0YmFhM2ViNDFlMmMwZGJhNzIyMDgxY2UwYTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8MZr9zceNDqWg8Ndvg9kRdHhauM
koC1OhUZag9XvhmUfve9nyOEnWki/Dim4hweTavhluJVmdL/nGbpj31wuC80/j5d
yLDDU9fYtxO/MwA2CPcpyY42uiKfciEhocucZUdNzQOq8ThQgVbR4xGcvjzHL08M
bCUuTZdSHWPOvzGYIQ1s71TpKLG0liJ3G3IQ32qJyUO1VcpybO/fnLkY5YZhulk3
C92ON9Vxl24B8RtUq0QiENV3j84XIrlr8UwCTBUT0AB/VfTTUI92sN6HdzQY2W8D
DW6AUd8wjluluZ/ziEYSh9+u2cboJ+taQgQcGjwZiCPnuRUPY30LbikMTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA05uGUXa0uqPrQeLA26ciCBzgoTMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvRFRtNFpSZHJTNm8tdEI0c0RicHlJSUhPQ2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpeyMA0G
CSqGSIb3DQEBCwUAA4IBAQChxQF2oovY1HF6VJ5CBiYFEWOkLxhOqmpL7zaIXxLt
ZW9IFBF8PETAX/YMRELQsarKxUy+efJcHE4WT+NNTHyMrsH5aab2OfkEFN3R0xYE
Pgc29faB+jeAVcC1w/G3Pv0TcZqDpqbTLDtJ8h6uMlS9S0bYQF4l/SMID2h4WYcO
NBdUOtYsM+jPbhcUZDeCr+5QB2cxl3vV03okdxPh/r0PgCd7gdfKKj3cVgFDi/h1
9/zHDINbMQQMK1VzH92tOWMRBdDeFfbZlrrh4olM6a+/NzSmGIa7paILnZPu5yKt
4afZi7EOs8BlR3MBTCmtFz9rPswyuffXPkz/5Bn+fTzI
-----END CERTIFICATE-----