Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/SHL6FVDG0VEncJW7x1poREbu2IQ.roa
File:                     SHL6FVDG0VEncJW7x1poREbu2IQ.roa (raw, json)
Hash identifier:          nawwSLwOYFJ3f74rT00gDboZL4tjWG7XdXoJmwFGVTQ=
Subject key identifier:   48:72:FA:15:50:C6:D1:51:27:70:95:BB:C7:5A:68:44:46:EE:D8:84
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019D4DC5DD8D688E3A6CA80F12A8420E4544
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/SHL6FVDG0VEncJW7x1poREbu2IQ.roa
Signing time:             Thu 02 Apr 2026 10:38:26 +0000
ROA not before:           Thu 02 Apr 2026 10:38:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57076
IP address blocks:        46.151.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:c5:dd:8d:68:8e:3a:6c:a8:0f:12:a8:42:0e:45:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr  2 10:38:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4872fa1550c6d151277095bbc75a684446eed884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8b:8e:4d:14:6c:d8:ec:e7:ff:11:9c:eb:b7:
                    c5:5b:16:99:90:82:91:bb:4b:15:de:1a:f0:31:74:
                    14:c8:cb:45:43:fe:31:d5:17:cc:ed:ba:df:d9:98:
                    ae:71:6f:c4:59:e8:7f:77:30:2d:f9:a0:4a:ad:ff:
                    7f:52:51:44:e5:e2:5b:d4:d7:52:67:06:aa:26:1a:
                    a8:a1:38:7f:4f:96:db:fe:79:77:4c:35:c0:20:7a:
                    bc:e6:e8:14:d3:62:44:6d:c8:1d:03:23:fd:88:6c:
                    a5:0b:83:8f:e0:c0:42:d6:42:3f:f6:ad:37:25:66:
                    9f:0a:95:00:7d:6d:88:d0:37:b2:11:74:e5:32:02:
                    1f:82:82:87:ad:99:56:05:5a:b6:2e:91:b2:af:1f:
                    de:41:5b:6e:d2:22:6d:2d:20:95:7d:4f:0a:57:e1:
                    73:2f:14:01:77:5d:be:0b:25:9a:9d:04:1a:6d:ff:
                    e1:d5:c6:29:97:94:87:5f:c8:25:bc:16:2f:35:63:
                    4d:70:9c:21:52:e4:04:d6:4f:8b:3c:97:19:2f:eb:
                    64:c0:5b:41:1f:36:c0:a8:d8:ef:81:99:5a:a2:33:
                    fa:49:fc:28:3f:2b:65:92:7b:93:91:6c:52:be:45:
                    46:55:bf:51:18:7e:37:12:7e:24:db:c0:f7:37:d5:
                    20:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:72:FA:15:50:C6:D1:51:27:70:95:BB:C7:5A:68:44:46:EE:D8:84
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/SHL6FVDG0VEncJW7x1poREbu2IQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:0a:be:0f:5e:24:3e:5c:e8:c1:8a:0c:6a:27:d2:3e:b4:57:
         39:b7:ab:ab:30:e8:db:b9:cb:a4:57:03:e2:62:44:0b:f6:26:
         80:f9:47:5b:38:72:91:a1:02:66:ab:11:27:f8:f8:35:b7:67:
         b9:de:ca:65:88:9a:eb:1d:e9:d6:3e:fe:6c:b4:c7:ed:07:a7:
         3d:90:68:d2:fe:6f:a8:a7:2d:14:c1:e0:2b:8d:13:53:60:1f:
         b1:da:e9:89:fe:f1:10:e6:35:0a:3a:95:15:bf:a6:1f:5d:f8:
         5f:f9:8a:f9:68:02:92:7e:cf:2e:d3:66:72:fa:ea:25:9d:27:
         1c:cd:50:43:87:19:fb:c9:2e:2c:c5:28:8c:16:33:8d:f6:c2:
         fc:8b:40:7b:00:ec:37:26:a0:19:9c:06:9d:54:8a:83:e7:f2:
         0c:08:2e:2f:83:7b:bd:a4:df:26:a9:ad:3a:da:48:4d:04:33:
         d8:31:f2:a3:53:2c:0a:ab:d1:50:4b:be:a4:e6:f4:76:1e:f8:
         ff:07:0d:08:fd:48:77:7e:2d:d2:80:54:e8:d5:c2:5a:72:70:
         ad:86:93:23:3a:14:29:f5:45:1c:94:8a:a0:d9:7a:93:13:bd:
         26:2e:52:69:72:6a:2c:ef:48:cb:60:e4:cb:96:93:6c:45:67:
         e2:59:2f:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Nxd2NaI46bKgPEqhCDkVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNDAyMTAzODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODcyZmExNTUwYzZkMTUxMjc3MDk1YmJjNzVhNjg0NDQ2ZWVkODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiouOTRRs2Ozn/xGc67fFWxaZkIKR
u0sV3hrwMXQUyMtFQ/4x1RfM7brf2ZiucW/EWeh/dzAt+aBKrf9/UlFE5eJb1NdS
ZwaqJhqooTh/T5bb/nl3TDXAIHq85ugU02JEbcgdAyP9iGylC4OP4MBC1kI/9q03
JWafCpUAfW2I0DeyEXTlMgIfgoKHrZlWBVq2LpGyrx/eQVtu0iJtLSCVfU8KV+Fz
LxQBd12+CyWanQQabf/h1cYpl5SHX8glvBYvNWNNcJwhUuQE1k+LPJcZL+tkwFtB
HzbAqNjvgZlaojP6SfwoPytlknuTkWxSvkVGVb9RGH43En4k28D3N9UgaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhy+hVQxtFRJ3CVu8daaERG7tiEMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvU0hMNkZWREcwVkVuY0pXN3gxcG9SRWJ1MklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpewMA0G
CSqGSIb3DQEBCwUAA4IBAQBuCr4PXiQ+XOjBigxqJ9I+tFc5t6urMOjbucukVwPi
YkQL9iaA+UdbOHKRoQJmqxEn+Pg1t2e53spliJrrHenWPv5stMftB6c9kGjS/m+o
py0UweArjRNTYB+x2umJ/vEQ5jUKOpUVv6YfXfhf+Yr5aAKSfs8u02Zy+uolnScc
zVBDhxn7yS4sxSiMFjON9sL8i0B7AOw3JqAZnAadVIqD5/IMCC4vg3u9pN8mqa06
2khNBDPYMfKjUywKq9FQS76k5vR2Hvj/Bw0I/Uh3fi3SgFTo1cJacnCthpMjOhQp
9UUclIqg2XqTE70mLlJpcmos70jLYOTLlpNsRWfiWS8O
-----END CERTIFICATE-----