Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/UND6ykiM5N2Whk6faH2bgr5_Tp8.roa
File:                     UND6ykiM5N2Whk6faH2bgr5_Tp8.roa (raw, json)
Hash identifier:          5dH/g9DexAH0bhxx/mr0h3rPJ5N5miOI47JiKbqWBiU=
Subject key identifier:   50:D0:FA:CA:48:8C:E4:DD:96:86:4E:9F:68:7D:9B:82:BE:7F:4E:9F
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       0197FA279A48BEF965CE2CCD631BF5AC09A0
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/UND6ykiM5N2Whk6faH2bgr5_Tp8.roa
Signing time:             Fri 11 Jul 2025 15:43:08 +0000
ROA not before:           Fri 11 Jul 2025 15:43:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61003
IP address blocks:        46.233.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fa:27:9a:48:be:f9:65:ce:2c:cd:63:1b:f5:ac:09:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jul 11 15:43:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50d0faca488ce4dd96864e9f687d9b82be7f4e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d5:e2:38:06:dd:e8:6f:20:7a:76:94:89:34:
                    48:7a:53:25:2d:5b:4c:df:35:dc:fc:7a:1a:1a:e4:
                    50:5f:d0:89:13:39:67:d7:5f:6d:5e:44:c0:25:c6:
                    a1:60:1d:3b:32:17:a3:1e:61:96:03:a1:4c:fc:35:
                    70:d7:1b:62:de:53:66:0f:a7:1b:25:4c:fd:e1:52:
                    c6:3e:b5:07:7d:38:f9:95:fc:c2:51:8b:a4:89:3d:
                    39:c0:30:57:11:b5:bb:43:8d:7c:26:23:1e:a5:f6:
                    e6:04:a6:6d:f1:1f:b1:9c:5c:b9:e4:56:2f:82:03:
                    45:e5:eb:d4:88:fd:76:e9:5a:97:b6:27:ed:47:20:
                    7a:98:9a:ca:fc:7e:5b:59:2d:63:b9:c8:57:97:fa:
                    ec:41:5b:5a:5c:99:0b:40:c9:7c:86:91:b6:9c:67:
                    86:3f:26:aa:1e:fd:34:48:5b:a0:66:a5:32:6a:27:
                    c6:5e:e1:c6:79:40:19:91:f7:78:69:7c:c0:41:8a:
                    7a:e7:2d:98:e6:81:d9:21:5b:d8:7b:0d:68:b5:d6:
                    f3:24:8c:41:1e:44:7f:ef:58:db:8a:75:55:b0:27:
                    a8:1c:4d:2d:b2:ce:85:84:0e:9a:80:3f:c6:04:f9:
                    0d:67:68:ab:84:bd:4d:20:99:9d:98:73:b7:cf:c0:
                    7e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D0:FA:CA:48:8C:E4:DD:96:86:4E:9F:68:7D:9B:82:BE:7F:4E:9F
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/UND6ykiM5N2Whk6faH2bgr5_Tp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:57:0a:30:18:eb:8e:7f:48:8d:45:40:10:d4:d3:d0:2d:2d:
         7c:ae:52:cd:36:b7:6d:37:85:a6:87:c9:fd:b7:54:aa:f5:c3:
         15:df:4c:4c:4a:92:fb:7f:53:2e:55:36:61:ab:79:19:86:ca:
         95:72:3b:8a:df:aa:99:89:b6:ff:42:98:18:f9:9f:cb:d8:2c:
         4f:6e:5e:40:df:d4:6c:3b:5e:79:4a:79:df:d9:00:b9:7c:38:
         39:f5:45:75:e0:96:2b:b6:a7:ab:2d:dd:b8:0f:6d:80:6c:a3:
         78:30:9c:bd:85:f2:33:9d:c5:ce:a5:1a:1a:dc:fe:7d:d9:c7:
         f4:5e:2a:a1:6c:04:3f:87:f0:ea:2a:9f:0b:69:c7:f3:87:10:
         4e:bf:61:3d:f2:d3:23:a9:49:a9:99:59:3f:2c:0b:e5:60:f6:
         7c:6f:95:5d:ea:5b:d8:18:18:34:3e:29:24:10:3e:a7:fb:f9:
         f5:0d:d1:3b:c7:34:71:42:8f:e4:21:91:8c:99:be:7e:34:51:
         4d:41:0e:28:0f:ef:14:32:63:81:4a:2e:28:27:86:c5:10:b6:
         7e:0f:94:93:fb:c6:3a:3e:35:85:df:98:71:8a:21:af:c9:8e:
         95:95:d2:75:fe:9c:8d:0d:63:43:dc:6c:5a:29:3e:bd:02:ce:
         23:62:94:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf6J5pIvvllzizNYxv1rAmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwNzExMTU0MzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQwZmFjYTQ4OGNlNGRkOTY4NjRlOWY2ODdkOWI4MmJlN2Y0ZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39XiOAbd6G8genaUiTRIelMlLVtM
3zXc/HoaGuRQX9CJEzln119tXkTAJcahYB07MhejHmGWA6FM/DVw1xti3lNmD6cb
JUz94VLGPrUHfTj5lfzCUYukiT05wDBXEbW7Q418JiMepfbmBKZt8R+xnFy55FYv
ggNF5evUiP126VqXtiftRyB6mJrK/H5bWS1juchXl/rsQVtaXJkLQMl8hpG2nGeG
PyaqHv00SFugZqUyaifGXuHGeUAZkfd4aXzAQYp65y2Y5oHZIVvYew1otdbzJIxB
HkR/71jbinVVsCeoHE0tss6FhA6agD/GBPkNZ2irhL1NIJmdmHO3z8B+kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDQ+spIjOTdloZOn2h9m4K+f06fMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvVU5ENnlraU01TjJXaGs2ZmFIMmJncjVfVHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukmMA0G
CSqGSIb3DQEBCwUAA4IBAQBLVwowGOuOf0iNRUAQ1NPQLS18rlLNNrdtN4Wmh8n9
t1Sq9cMV30xMSpL7f1MuVTZhq3kZhsqVcjuK36qZibb/QpgY+Z/L2CxPbl5A39Rs
O155Snnf2QC5fDg59UV14JYrtqerLd24D22AbKN4MJy9hfIzncXOpRoa3P592cf0
XiqhbAQ/h/DqKp8LacfzhxBOv2E98tMjqUmpmVk/LAvlYPZ8b5Vd6lvYGBg0Pikk
ED6n+/n1DdE7xzRxQo/kIZGMmb5+NFFNQQ4oD+8UMmOBSi4oJ4bFELZ+D5ST+8Y6
PjWF35hxiiGvyY6VldJ1/pyNDWND3GxaKT69As4jYpTL
-----END CERTIFICATE-----