Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/sMuPRhM3gm7Vt9eFvsdY_aFefBE.roa
File:                     sMuPRhM3gm7Vt9eFvsdY_aFefBE.roa (raw, json)
Hash identifier:          4QbL6nvh7OKwUhNWNYgcJJ0/aWzLIjGEL86HbnwWag8=
Subject key identifier:   B0:CB:8F:46:13:37:82:6E:D5:B7:D7:85:BE:C7:58:FD:A1:5E:7C:11
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019D6C0D8C159B5001948182BD110242FE12
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/sMuPRhM3gm7Vt9eFvsdY_aFefBE.roa
Signing time:             Wed 08 Apr 2026 07:45:20 +0000
ROA not before:           Wed 08 Apr 2026 07:45:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206638
IP address blocks:        46.151.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:0d:8c:15:9b:50:01:94:81:82:bd:11:02:42:fe:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr  8 07:45:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0cb8f461337826ed5b7d785bec758fda15e7c11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:4a:25:70:35:78:30:12:ab:65:87:46:1f:3f:
                    4a:59:b7:d8:e1:37:ad:d4:46:05:d2:dc:29:5b:22:
                    3b:a9:b5:83:4a:66:77:81:fd:31:6e:db:0b:24:3b:
                    a6:e5:ea:20:ab:a6:28:87:e0:db:4a:e3:e3:f4:61:
                    c7:8e:4d:79:a8:ae:e1:c1:1e:88:ea:1d:88:b9:0a:
                    24:2e:eb:f2:64:1b:3c:28:af:fa:c1:b7:bf:42:11:
                    9b:b0:59:5e:69:c4:a1:0e:27:d8:d5:2f:d8:ed:0a:
                    44:81:7d:eb:04:92:00:82:31:73:fc:73:51:da:d8:
                    42:bd:df:70:f5:dd:41:60:4f:45:37:b7:37:01:1a:
                    2e:e5:c1:b7:0a:f1:79:a8:b1:b2:3d:8c:c8:9a:2d:
                    8b:a1:77:2b:95:cb:fb:c2:3d:21:ec:d4:07:34:2a:
                    6c:3e:79:2c:9c:5b:cd:24:43:00:86:6e:0f:b8:c7:
                    72:f1:9b:72:f1:29:70:0a:3f:6d:56:f6:cb:0d:1a:
                    a9:35:fe:6f:74:31:69:19:96:80:ed:fd:52:b0:2f:
                    b3:79:7a:f6:8f:98:82:4c:6e:bf:7f:e4:0e:4b:98:
                    e6:84:4b:4d:b5:8f:1b:3d:81:e5:aa:47:9e:93:15:
                    67:66:f9:6f:9c:9a:63:46:7a:8b:d6:3a:18:87:52:
                    f7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:CB:8F:46:13:37:82:6E:D5:B7:D7:85:BE:C7:58:FD:A1:5E:7C:11
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/sMuPRhM3gm7Vt9eFvsdY_aFefBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:dd:3e:60:99:46:6a:db:8f:9c:b2:03:4d:13:b5:ab:d5:cd:
         47:36:86:f9:b5:ba:a9:14:d3:1a:b2:4a:3a:88:50:d8:a9:0e:
         c5:8f:13:25:22:62:95:df:02:ba:9a:94:f7:b0:1f:3b:dc:2d:
         51:df:e8:75:8e:ba:67:81:52:72:28:b1:bb:fb:95:58:2c:6c:
         bc:e5:aa:f8:83:d1:a5:cd:36:52:7f:45:02:05:d0:da:da:d3:
         ef:95:13:10:c9:14:ea:75:ed:13:b5:32:c7:e3:b9:c8:8b:a4:
         1f:46:60:3b:8b:35:0f:a0:8d:a2:f6:2a:62:63:74:7f:a4:47:
         c5:04:d0:25:8f:76:e2:dd:56:10:71:e0:26:a7:34:61:8f:44:
         53:15:bd:60:36:a3:ca:1f:4c:d7:16:0d:d8:1d:11:99:ac:08:
         d2:41:80:4e:31:7d:d7:61:79:be:f6:75:1b:60:06:50:17:40:
         85:a1:ae:70:12:06:4a:6e:60:29:30:53:2f:9b:aa:73:22:be:
         32:55:6c:80:12:b6:7c:ed:9b:eb:29:87:ab:0a:77:45:b0:1d:
         3c:bc:d2:e8:45:8c:1b:69:6f:f0:97:b8:f2:64:53:27:26:4f:
         12:a0:e2:88:30:23:58:7b:75:b9:e6:ea:d8:f8:ab:16:03:cf:
         b6:31:9c:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1sDYwVm1ABlIGCvRECQv4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNDA4MDc0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGNiOGY0NjEzMzc4MjZlZDViN2Q3ODViZWM3NThmZGExNWU3YzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30olcDV4MBKrZYdGHz9KWbfY4Tet
1EYF0twpWyI7qbWDSmZ3gf0xbtsLJDum5eogq6Yoh+DbSuPj9GHHjk15qK7hwR6I
6h2IuQokLuvyZBs8KK/6wbe/QhGbsFleacShDifY1S/Y7QpEgX3rBJIAgjFz/HNR
2thCvd9w9d1BYE9FN7c3ARou5cG3CvF5qLGyPYzImi2LoXcrlcv7wj0h7NQHNCps
PnksnFvNJEMAhm4PuMdy8Zty8SlwCj9tVvbLDRqpNf5vdDFpGZaA7f1SsC+zeXr2
j5iCTG6/f+QOS5jmhEtNtY8bPYHlqkeekxVnZvlvnJpjRnqL1joYh1L31wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDLj0YTN4Ju1bfXhb7HWP2hXnwRMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvc011UFJoTTNnbTdWdDllRnZzZFlfYUZlZkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpe0MA0G
CSqGSIb3DQEBCwUAA4IBAQAw3T5gmUZq24+csgNNE7Wr1c1HNob5tbqpFNMasko6
iFDYqQ7FjxMlImKV3wK6mpT3sB873C1R3+h1jrpngVJyKLG7+5VYLGy85ar4g9Gl
zTZSf0UCBdDa2tPvlRMQyRTqde0TtTLH47nIi6QfRmA7izUPoI2i9ipiY3R/pEfF
BNAlj3bi3VYQceAmpzRhj0RTFb1gNqPKH0zXFg3YHRGZrAjSQYBOMX3XYXm+9nUb
YAZQF0CFoa5wEgZKbmApMFMvm6pzIr4yVWyAErZ87ZvrKYerCndFsB08vNLoRYwb
aW/wl7jyZFMnJk8SoOKIMCNYe3W55urY+KsWA8+2MZyK
-----END CERTIFICATE-----