Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/dQUFoAb1zq-qjRfxYmionlyUCBE.roa
File:                     dQUFoAb1zq-qjRfxYmionlyUCBE.roa (raw, json)
Hash identifier:          89OS46l5E4dafY04qKppEIdmeHybFkT6FCgKIuouAso=
Subject key identifier:   75:05:05:A0:06:F5:CE:AF:AA:8D:17:F1:62:68:A8:9E:5C:94:08:11
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019E91FBBF00E7BB4218BA63FA6C8E164BAE
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/dQUFoAb1zq-qjRfxYmionlyUCBE.roa
Signing time:             Thu 04 Jun 2026 09:34:15 +0000
ROA not before:           Thu 04 Jun 2026 09:34:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205759
IP address blocks:        46.151.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:91:fb:bf:00:e7:bb:42:18:ba:63:fa:6c:8e:16:4b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jun  4 09:34:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=750505a006f5ceafaa8d17f16268a89e5c940811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f6:f4:49:16:63:8e:82:b6:d8:62:8f:c5:df:
                    ca:1c:a2:01:58:d4:a5:0e:b9:31:a1:d8:6c:a0:49:
                    42:dd:6b:b7:35:4c:e8:6c:34:17:e0:e4:c6:49:7c:
                    65:18:32:c9:27:b4:51:dd:fa:7d:16:a0:f5:0b:b5:
                    09:6b:90:9e:99:37:f2:8f:9e:64:6f:9c:5b:c8:73:
                    be:80:6b:7e:08:87:bf:c2:fe:91:6e:c2:c4:1b:c6:
                    9c:3d:19:1e:d7:b1:88:76:3c:d8:f1:dc:6d:cd:e4:
                    67:74:62:5b:91:ee:e1:45:eb:5a:54:b4:90:50:ca:
                    09:13:7d:18:d2:cc:35:2f:5e:38:40:31:7d:4b:74:
                    70:4f:d7:b8:73:32:61:4a:f7:32:e7:d1:99:a0:56:
                    69:fa:f0:52:8c:d5:ee:65:89:c1:e9:72:9d:1f:b8:
                    07:92:de:aa:00:b5:70:62:f4:4c:df:f4:47:40:78:
                    a1:34:08:45:8c:07:0e:c0:e9:9a:0d:ee:5e:0c:7a:
                    03:e4:4f:b9:98:a6:91:df:27:43:ea:95:c4:91:2f:
                    af:b0:c6:b7:1c:46:7b:5d:59:21:22:11:8b:bb:4f:
                    eb:19:f2:94:eb:f2:49:2f:80:a1:e1:e0:ac:9a:72:
                    5c:9e:7d:44:3f:37:86:84:8b:27:2d:b9:bc:c3:b6:
                    0f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:05:05:A0:06:F5:CE:AF:AA:8D:17:F1:62:68:A8:9E:5C:94:08:11
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/dQUFoAb1zq-qjRfxYmionlyUCBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:46:b3:7b:78:d2:a0:40:ca:f7:d4:04:79:c4:9b:16:d3:be:
         65:0a:49:d0:49:4c:f2:37:5f:72:56:83:d4:0e:3a:98:72:c4:
         77:09:8c:49:7b:08:f0:1b:2c:8f:32:88:63:83:83:d9:a7:b2:
         c9:40:a8:5c:5f:b1:d8:33:62:bb:04:4b:77:b7:56:d1:a5:39:
         55:32:e0:17:72:e5:85:49:d4:5b:d2:89:d0:ca:4a:47:46:03:
         78:2c:4e:06:53:1c:08:3d:f3:bf:24:1e:a1:f8:c5:45:75:71:
         49:4b:7d:65:11:42:9f:39:24:25:91:6c:3c:d3:5b:f3:fc:b8:
         22:d2:0f:18:78:4f:76:ca:08:e6:ee:fa:27:ae:82:ca:98:df:
         b6:50:90:33:4b:20:e5:6d:83:11:dd:bf:3c:c0:ec:01:e4:45:
         f0:05:99:22:89:a3:b4:89:43:83:0b:60:ea:f4:74:dd:e3:74:
         48:a1:40:fc:a1:2b:ee:18:46:b0:2e:ae:40:a4:b6:2f:27:bc:
         d7:23:df:62:0b:17:0b:47:da:4a:ff:67:21:4a:5a:df:cb:7f:
         60:e1:fe:d0:4b:e1:b5:7e:f3:08:5a:c2:20:da:ce:a0:10:a2:
         09:6b:55:e3:89:c9:70:20:88:c0:37:8d:ec:6f:c2:3f:fa:64:
         df:ae:ad:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6R+78A57tCGLpj+myOFkuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNjA0MDkzNDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA1MDVhMDA2ZjVjZWFmYWE4ZDE3ZjE2MjY4YTg5ZTVjOTQwODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfb0SRZjjoK22GKPxd/KHKIBWNSl
DrkxodhsoElC3Wu3NUzobDQX4OTGSXxlGDLJJ7RR3fp9FqD1C7UJa5CemTfyj55k
b5xbyHO+gGt+CIe/wv6RbsLEG8acPRke17GIdjzY8dxtzeRndGJbke7hRetaVLSQ
UMoJE30Y0sw1L144QDF9S3RwT9e4czJhSvcy59GZoFZp+vBSjNXuZYnB6XKdH7gH
kt6qALVwYvRM3/RHQHihNAhFjAcOwOmaDe5eDHoD5E+5mKaR3ydD6pXEkS+vsMa3
HEZ7XVkhIhGLu0/rGfKU6/JJL4Ch4eCsmnJcnn1EPzeGhIsnLbm8w7YPaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUFBaAG9c6vqo0X8WJoqJ5clAgRMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvZFFVRm9BYjF6cS1xalJmeFltaW9ubHlVQ0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpe2MA0G
CSqGSIb3DQEBCwUAA4IBAQBnRrN7eNKgQMr31AR5xJsW075lCknQSUzyN19yVoPU
DjqYcsR3CYxJewjwGyyPMohjg4PZp7LJQKhcX7HYM2K7BEt3t1bRpTlVMuAXcuWF
SdRb0onQykpHRgN4LE4GUxwIPfO/JB6h+MVFdXFJS31lEUKfOSQlkWw801vz/Lgi
0g8YeE92ygjm7vonroLKmN+2UJAzSyDlbYMR3b88wOwB5EXwBZkiiaO0iUODC2Dq
9HTd43RIoUD8oSvuGEawLq5ApLYvJ7zXI99iCxcLR9pK/2chSlrfy39g4f7QS+G1
fvMIWsIg2s6gEKIJa1XjiclwIIjAN43sb8I/+mTfrq20
-----END CERTIFICATE-----