Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/shZLeP93q7Ys5DpcrI5h25NqIQA.roa
File:                     shZLeP93q7Ys5DpcrI5h25NqIQA.roa (raw, json)
Hash identifier:          k13Nsp++ZTLCP5D6TVriaqfsI1RaaCVT9H9M0b27unE=
Subject key identifier:   B2:16:4B:78:FF:77:AB:B6:2C:E4:3A:5C:AC:8E:61:DB:93:6A:21:00
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019CE23ACF809082EF26C5D4E996CEFD3A9F
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/shZLeP93q7Ys5DpcrI5h25NqIQA.roa
Signing time:             Thu 12 Mar 2026 13:27:10 +0000
ROA not before:           Thu 12 Mar 2026 13:27:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200394
IP address blocks:        150.251.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:3a:cf:80:90:82:ef:26:c5:d4:e9:96:ce:fd:3a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 12 13:27:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2164b78ff77abb62ce43a5cac8e61db936a2100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7d:6c:ed:cf:bc:a0:62:e5:72:34:9e:35:86:
                    20:73:72:50:88:cb:0b:0d:3c:cb:08:6a:7b:3a:22:
                    32:d3:02:74:70:be:49:47:e3:7f:35:a3:b3:fc:06:
                    01:31:8d:1b:e1:84:30:42:bf:83:8f:78:38:f6:7f:
                    2c:16:56:62:8f:15:67:27:07:8f:b7:ac:e3:a9:15:
                    c6:c4:64:38:42:64:27:44:54:e1:9f:5e:2c:42:2a:
                    6b:5e:39:ad:d7:9a:98:98:b4:72:b0:05:d3:6c:98:
                    46:53:a3:f9:52:f3:0e:cf:b8:32:e2:da:d1:d9:85:
                    d3:3e:ea:c1:fe:76:9d:94:83:c1:58:66:f1:2d:51:
                    28:b1:32:6a:2c:8d:f8:2e:34:cc:1f:1f:33:75:5e:
                    8f:e8:cf:db:1d:c5:08:dc:45:60:3f:7f:ed:c5:df:
                    5b:ff:b1:33:90:d2:9c:94:f5:fb:9a:cf:c5:94:72:
                    a6:60:0c:ea:8f:f8:11:a4:c8:01:b3:80:12:35:34:
                    05:3b:19:5d:41:be:86:79:57:ef:85:c3:75:5f:30:
                    0a:30:33:02:99:b6:5a:26:5d:1c:75:76:81:38:33:
                    f2:77:73:d1:cd:d5:67:ae:27:8b:e9:3b:0f:b2:22:
                    99:81:ea:49:48:cc:a8:91:50:72:47:bb:c1:ed:a0:
                    86:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:16:4B:78:FF:77:AB:B6:2C:E4:3A:5C:AC:8E:61:DB:93:6A:21:00
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/shZLeP93q7Ys5DpcrI5h25NqIQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:66:cc:24:46:f9:18:8b:1e:72:c0:36:ad:b8:1f:31:c6:74:
         af:3e:38:77:58:24:d0:05:04:fc:93:00:56:19:e3:71:31:c5:
         36:d5:b0:45:91:dd:b2:27:50:c7:0e:e3:ca:69:60:c0:77:32:
         f8:ec:b2:df:1e:20:08:56:e2:cf:3f:03:1f:8b:0a:1e:87:21:
         c7:31:9e:79:ef:a1:ce:da:70:8f:57:84:56:7a:86:4d:dc:99:
         aa:f4:e3:7c:53:44:52:7a:db:06:39:8a:0c:36:9b:47:b6:28:
         ca:56:73:13:c0:7b:04:72:9a:a4:8e:85:28:a1:c8:74:04:6c:
         cf:51:49:63:08:4d:fc:54:33:ce:3c:42:5b:c9:93:e3:f5:c1:
         15:38:8d:3d:29:71:ec:f0:4f:96:ca:4b:3b:81:a5:03:54:f6:
         61:d9:d6:dc:4e:60:39:5b:10:f2:50:64:3c:a2:65:dd:fc:1a:
         f8:51:65:d5:10:43:42:e5:f8:44:6c:cb:8e:eb:de:ba:e1:ff:
         d5:6a:19:d9:49:af:86:32:ab:03:b2:ef:82:a8:d4:a3:79:37:
         87:75:2a:62:67:8e:db:0f:39:59:da:89:44:80:e8:bd:62:1e:
         42:20:4d:f3:8f:df:29:0a:a0:bc:ba:9d:c0:44:22:ce:b9:48:
         4c:b4:b8:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziOs+AkILvJsXU6ZbO/TqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzEyMTMyNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjE2NGI3OGZmNzdhYmI2MmNlNDNhNWNhYzhlNjFkYjkzNmEyMTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH1s7c+8oGLlcjSeNYYgc3JQiMsL
DTzLCGp7OiIy0wJ0cL5JR+N/NaOz/AYBMY0b4YQwQr+Dj3g49n8sFlZijxVnJweP
t6zjqRXGxGQ4QmQnRFThn14sQiprXjmt15qYmLRysAXTbJhGU6P5UvMOz7gy4trR
2YXTPurB/nadlIPBWGbxLVEosTJqLI34LjTMHx8zdV6P6M/bHcUI3EVgP3/txd9b
/7EzkNKclPX7ms/FlHKmYAzqj/gRpMgBs4ASNTQFOxldQb6GeVfvhcN1XzAKMDMC
mbZaJl0cdXaBODPyd3PRzdVnrieL6TsPsiKZgepJSMyokVByR7vB7aCGuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIWS3j/d6u2LOQ6XKyOYduTaiEAMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvc2haTGVQOTNxN1lzNURwY3JJNWgyNU5xSVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuXMA0G
CSqGSIb3DQEBCwUAA4IBAQAeZswkRvkYix5ywDatuB8xxnSvPjh3WCTQBQT8kwBW
GeNxMcU21bBFkd2yJ1DHDuPKaWDAdzL47LLfHiAIVuLPPwMfiwoehyHHMZ5576HO
2nCPV4RWeoZN3Jmq9ON8U0RSetsGOYoMNptHtijKVnMTwHsEcpqkjoUooch0BGzP
UUljCE38VDPOPEJbyZPj9cEVOI09KXHs8E+Wyks7gaUDVPZh2dbcTmA5WxDyUGQ8
omXd/Br4UWXVEENC5fhEbMuO69664f/VahnZSa+GMqsDsu+CqNSjeTeHdSpiZ47b
DzlZ2olEgOi9Yh5CIE3zj98pCqC8up3ARCLOuUhMtLhk
-----END CERTIFICATE-----