Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PPxNZY_58JQvpyW1WBvSPs-XTR0.roa
File:                     PPxNZY_58JQvpyW1WBvSPs-XTR0.roa (raw, json)
Hash identifier:          13w/084moeWyn4bL8QzSZ+N4hJGs6ozB6Jp+9hDqKKU=
Subject key identifier:   3C:FC:4D:65:8F:F9:F0:94:2F:A7:25:B5:58:1B:D2:3E:CF:97:4D:1D
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019E897291AD39878E2F59C3B0DD011B054F
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PPxNZY_58JQvpyW1WBvSPs-XTR0.roa
Signing time:             Tue 02 Jun 2026 17:47:27 +0000
ROA not before:           Tue 02 Jun 2026 17:47:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43815
IP address blocks:        46.151.179.0/24 maxlen: 24
                          46.151.181.0/24 maxlen: 24
                          185.121.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:89:72:91:ad:39:87:8e:2f:59:c3:b0:dd:01:1b:05:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jun  2 17:47:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3cfc4d658ff9f0942fa725b5581bd23ecf974d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8d:15:21:ec:7b:4b:3d:38:04:7b:2a:d2:79:
                    59:97:d5:b0:79:c0:6e:c9:f9:74:e4:26:e8:6c:23:
                    03:f7:9e:22:9e:af:1a:29:2a:97:b8:dc:6f:0f:e2:
                    3e:a9:08:c3:52:c3:22:e9:d1:3c:6b:cd:d8:c4:11:
                    21:4a:bd:1f:4c:5d:c5:0a:9f:2f:4f:5c:9d:55:86:
                    ee:09:d2:c5:a8:cd:03:50:3a:47:d6:5d:b8:a5:bc:
                    16:1d:44:e6:66:46:c2:6f:9a:76:66:3a:86:6f:8b:
                    7b:1e:c6:33:22:97:52:dc:4b:f4:4e:a9:79:36:91:
                    f3:a4:10:b4:47:f3:26:ae:33:2f:56:96:8c:05:b5:
                    ae:a9:68:ae:03:d2:46:bc:b7:7b:66:f0:b6:05:d9:
                    61:49:da:68:d0:c9:dc:70:e4:d8:2f:c9:37:5a:75:
                    a5:14:7b:de:23:ae:03:9f:a1:cd:5a:b3:8f:c0:4f:
                    89:73:eb:f2:25:a5:b5:1d:22:41:62:0b:56:44:90:
                    51:c4:53:8e:5d:9c:cb:b2:ef:21:8c:b5:fb:3d:22:
                    25:7c:8a:0f:11:dd:53:6e:0f:59:3c:6f:c6:58:d4:
                    9d:9e:99:79:84:20:10:ce:b9:ef:87:e1:9a:06:68:
                    de:58:20:68:51:cd:aa:01:fe:c2:71:90:e5:2f:6c:
                    ab:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:FC:4D:65:8F:F9:F0:94:2F:A7:25:B5:58:1B:D2:3E:CF:97:4D:1D
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PPxNZY_58JQvpyW1WBvSPs-XTR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.179.0/24
                  46.151.181.0/24
                  185.121.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:f9:32:35:0c:0d:44:ab:2e:d0:3c:ba:43:e2:d5:28:70:b4:
         5f:74:6d:3a:30:8c:46:d4:04:8b:85:dd:06:5c:4a:b8:a4:96:
         bd:51:87:38:51:c1:03:2d:88:7d:f8:90:18:aa:63:a8:95:6d:
         72:01:13:23:94:fa:b5:24:f0:7d:ee:82:bf:2e:70:db:3f:9d:
         2a:22:18:5b:b7:a2:d7:70:41:14:93:02:f3:3a:d6:2c:51:ae:
         63:91:09:af:06:f8:f2:eb:26:fd:06:c9:1f:6b:d4:47:8f:61:
         cb:f4:cf:63:e2:72:74:a8:04:f6:fd:01:2c:d6:47:b8:8d:c7:
         32:ef:7a:fb:ad:f8:14:f8:f5:63:02:06:7e:d6:85:eb:3e:d6:
         ef:64:e7:c6:67:8e:82:52:9a:48:58:c9:50:0f:bf:06:87:95:
         a8:f1:e5:9b:88:07:3d:7a:c7:60:ed:c7:34:65:73:49:bc:24:
         d8:34:76:70:3f:3a:69:1b:20:c9:24:e8:fc:0d:b4:2f:e2:95:
         86:e0:5b:ad:7b:df:1c:ab:de:87:c3:98:bc:58:35:60:cc:c1:
         eb:cc:e0:a2:bc:25:5e:5e:d8:c8:3a:fe:31:f4:76:5e:99:3a:
         31:b9:88:80:9e:d4:a7:40:3a:92:3c:2c:af:c2:2b:70:af:36:
         26:f2:59:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6JcpGtOYeOL1nDsN0BGwVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNjAyMTc0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ZjNGQ2NThmZjlmMDk0MmZhNzI1YjU1ODFiZDIzZWNmOTc0ZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI0VIex7Sz04BHsq0nlZl9WwecBu
yfl05CbobCMD954inq8aKSqXuNxvD+I+qQjDUsMi6dE8a83YxBEhSr0fTF3FCp8v
T1ydVYbuCdLFqM0DUDpH1l24pbwWHUTmZkbCb5p2ZjqGb4t7HsYzIpdS3Ev0Tql5
NpHzpBC0R/MmrjMvVpaMBbWuqWiuA9JGvLd7ZvC2BdlhSdpo0MnccOTYL8k3WnWl
FHveI64Dn6HNWrOPwE+Jc+vyJaW1HSJBYgtWRJBRxFOOXZzLsu8hjLX7PSIlfIoP
Ed1Tbg9ZPG/GWNSdnpl5hCAQzrnvh+GaBmjeWCBoUc2qAf7CcZDlL2yrPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDz8TWWP+fCUL6cltVgb0j7Pl00dMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvUFB4TlpZXzU4SlF2cHlXMVdCdlNQcy1YVFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALpezAwQA
Lpe1AwQAuXlsMA0GCSqGSIb3DQEBCwUAA4IBAQAT+TI1DA1Eqy7QPLpD4tUocLRf
dG06MIxG1ASLhd0GXEq4pJa9UYc4UcEDLYh9+JAYqmOolW1yARMjlPq1JPB97oK/
LnDbP50qIhhbt6LXcEEUkwLzOtYsUa5jkQmvBvjy6yb9Bskfa9RHj2HL9M9j4nJ0
qAT2/QEs1ke4jccy73r7rfgU+PVjAgZ+1oXrPtbvZOfGZ46CUppIWMlQD78Gh5Wo
8eWbiAc9esdg7cc0ZXNJvCTYNHZwPzppGyDJJOj8DbQv4pWG4Fute98cq96Hw5i8
WDVgzMHrzOCivCVeXtjIOv4x9HZemToxuYiAntSnQDqSPCyvwitwrzYm8llO
-----END CERTIFICATE-----