Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/46hN06yXwIiaUyO4jQff6zZnhAU.roa
File:                     46hN06yXwIiaUyO4jQff6zZnhAU.roa (raw, json)
Hash identifier:          aNYu8EAm8eWZcJVLr7QXmQ0E7qnSqrdLmLCvu9US7UI=
Subject key identifier:   E3:A8:4D:D3:AC:97:C0:88:9A:53:23:B8:8D:07:DF:EB:36:67:84:05
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       0197F3EAA8E7984E61E38DCE3816AB3979FF
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/46hN06yXwIiaUyO4jQff6zZnhAU.roa
Signing time:             Thu 10 Jul 2025 10:38:51 +0000
ROA not before:           Thu 10 Jul 2025 10:38:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29390
IP address blocks:        94.131.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:ea:a8:e7:98:4e:61:e3:8d:ce:38:16:ab:39:79:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jul 10 10:38:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3a84dd3ac97c0889a5323b88d07dfeb36678405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:28:a5:9f:22:38:97:8a:08:01:41:97:dd:ab:
                    70:61:f2:6f:2b:c8:fd:a4:42:36:d5:f3:c1:f0:e2:
                    90:23:c9:78:db:25:b1:a8:6c:0d:10:f1:de:62:15:
                    8b:a5:c5:83:95:e9:2c:95:96:a1:fd:90:95:30:b0:
                    19:46:e6:8e:e5:c8:6d:b6:db:74:13:79:37:eb:23:
                    84:a9:a5:5a:01:41:5e:ba:1d:bc:fa:bc:af:75:4f:
                    2e:3f:4e:0a:da:23:2c:cb:8f:7f:4f:08:2c:90:d7:
                    30:7b:83:a6:78:2b:2e:06:8e:17:2a:00:7d:db:fc:
                    b2:21:76:ab:c1:94:47:54:61:57:ad:b9:c9:02:b8:
                    d0:b1:08:c1:9c:01:e0:b3:52:1a:0d:43:58:2e:f3:
                    1a:8a:15:64:b1:ef:cd:70:80:82:c1:28:f4:5b:2a:
                    15:65:f1:67:c4:31:b6:f8:78:13:0a:29:a6:0e:38:
                    61:d8:ef:a9:15:4c:a7:5e:a6:0f:85:e5:52:da:ca:
                    7d:0d:b6:ad:ee:af:21:c9:9c:90:36:e9:b6:a6:a6:
                    c2:e2:f7:12:36:ce:f9:df:2c:bb:4e:fd:20:83:13:
                    d4:07:21:54:c4:67:89:31:f3:15:b1:94:3d:19:c4:
                    77:ea:c5:cd:25:1f:af:c1:bb:e6:c7:fe:ae:ea:62:
                    6a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A8:4D:D3:AC:97:C0:88:9A:53:23:B8:8D:07:DF:EB:36:67:84:05
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/46hN06yXwIiaUyO4jQff6zZnhAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:6a:f0:07:0f:cb:87:3a:b0:47:f6:81:fe:f2:4b:9a:c5:77:
         32:33:49:72:43:4e:0e:99:1d:5e:d4:6c:a3:da:1e:42:c2:13:
         4c:49:f9:17:a4:e3:2f:7f:f4:21:f0:2d:bc:aa:bf:c1:4b:61:
         d8:0a:82:ca:c9:8f:de:80:60:52:18:37:41:83:0e:c5:06:12:
         ff:00:d9:57:5b:58:47:5d:fc:85:03:17:e9:d4:ab:7d:a1:13:
         7e:d5:12:90:9d:b0:71:94:f1:29:2f:b1:5e:47:1d:ae:84:db:
         33:85:be:c8:8b:9e:fe:44:c8:e9:e8:31:fb:ef:f7:cd:1e:b1:
         7e:b1:ac:42:31:8f:32:db:c4:2a:1c:b7:e1:e9:20:da:10:8c:
         87:de:6d:89:fc:9a:b5:20:6c:f4:03:e2:8d:54:58:33:7c:50:
         18:14:89:11:e9:ae:7e:04:e2:27:0a:82:fc:0b:e4:4b:ea:7d:
         ab:01:eb:a6:07:a3:b3:fe:a3:c3:85:f7:e9:a0:5b:18:70:84:
         e5:e3:6c:17:84:63:15:8c:47:39:ea:52:d5:e2:f4:b6:4d:29:
         84:70:c9:d2:ee:94:49:da:25:15:86:fb:9d:c8:d8:cb:55:cb:
         36:d6:05:64:00:30:2d:24:dd:53:ce:c0:48:a4:dc:bd:a9:ba:
         98:03:89:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfz6qjnmE5h443OOBarOXn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNzEwMTAzODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2E4NGRkM2FjOTdjMDg4OWE1MzIzYjg4ZDA3ZGZlYjM2Njc4NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryilnyI4l4oIAUGX3atwYfJvK8j9
pEI21fPB8OKQI8l42yWxqGwNEPHeYhWLpcWDlekslZah/ZCVMLAZRuaO5chtttt0
E3k36yOEqaVaAUFeuh28+ryvdU8uP04K2iMsy49/TwgskNcwe4OmeCsuBo4XKgB9
2/yyIXarwZRHVGFXrbnJArjQsQjBnAHgs1IaDUNYLvMaihVkse/NcICCwSj0WyoV
ZfFnxDG2+HgTCimmDjhh2O+pFUynXqYPheVS2sp9Dbat7q8hyZyQNum2pqbC4vcS
Ns753yy7Tv0ggxPUByFUxGeJMfMVsZQ9GcR36sXNJR+vwbvmx/6u6mJqWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOoTdOsl8CImlMjuI0H3+s2Z4QFMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvNDZoTjA2eVh3SWlhVXlPNGpRZmY2elpuaEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXoMAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFavAHD8uHOrBH9oH+8kuaxXcyM0lyQ04OmR1e1Gyj
2h5CwhNMSfkXpOMvf/Qh8C28qr/BS2HYCoLKyY/egGBSGDdBgw7FBhL/ANlXW1hH
XfyFAxfp1Kt9oRN+1RKQnbBxlPEpL7FeRx2uhNszhb7Ii57+RMjp6DH77/fNHrF+
saxCMY8y28QqHLfh6SDaEIyH3m2J/Jq1IGz0A+KNVFgzfFAYFIkR6a5+BOInCoL8
C+RL6n2rAeumB6Oz/qPDhffpoFsYcITl42wXhGMVjEc56lLV4vS2TSmEcMnS7pRJ
2iUVhvudyNjLVcs21gVkADAtJN1TzsBIpNy9qbqYA4ni
-----END CERTIFICATE-----