Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/GDpxYSLxVItp_NOPYubGX5UYZok.roa
File:                     GDpxYSLxVItp_NOPYubGX5UYZok.roa (raw, json)
Hash identifier:          VWyhjhW15PBvlxYZCfYoqEw7FI0WMEXJbvw8jcCf0xQ=
Subject key identifier:   18:3A:71:61:22:F1:54:8B:69:FC:D3:8F:62:E6:C6:5F:95:18:66:89
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       019DB765FAF4A6C93BDAE84693CDAD35FB33
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/GDpxYSLxVItp_NOPYubGX5UYZok.roa
Signing time:             Wed 22 Apr 2026 22:53:26 +0000
ROA not before:           Wed 22 Apr 2026 22:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198566
IP address blocks:        46.20.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b7:65:fa:f4:a6:c9:3b:da:e8:46:93:cd:ad:35:fb:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Apr 22 22:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=183a716122f1548b69fcd38f62e6c65f95186689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:44:6f:ef:7d:84:90:e9:1e:bf:12:96:1b:a1:
                    36:a6:77:d5:e7:c6:7e:f1:92:33:59:e1:73:5d:65:
                    56:7a:1e:ac:da:03:9e:66:e2:72:3c:f8:e4:67:bb:
                    08:bc:b4:1e:70:cf:87:f5:3f:83:0a:5b:7c:15:33:
                    ce:a3:ae:a3:8c:ca:b7:a7:13:3a:a1:b4:94:91:d7:
                    9d:25:95:93:c5:0d:05:b2:e3:52:b5:a2:a5:19:75:
                    62:db:bf:81:cc:51:11:41:bf:c1:57:ac:03:47:e0:
                    36:92:f9:f2:7c:82:2d:b6:61:f0:bc:cc:ba:25:a5:
                    65:96:05:94:d8:06:8d:1f:f7:de:2b:d2:bb:50:ab:
                    e8:f7:f8:d3:2f:68:28:a2:0d:fb:cb:e4:c4:c6:8f:
                    46:98:b9:46:3b:96:7a:0f:7c:6c:98:f4:a7:a6:35:
                    ca:4f:95:43:26:3d:5c:6c:08:33:43:07:64:81:a0:
                    39:dc:f3:6c:8a:19:53:f4:cc:34:7c:fc:0c:a5:df:
                    81:44:f4:31:40:91:87:4c:56:4b:bb:97:18:b7:0b:
                    cd:e4:fe:27:07:0b:10:66:a3:1a:e9:58:c4:ad:d8:
                    ad:ea:31:3c:12:02:5c:f3:bd:50:bb:85:8c:d3:2f:
                    ba:e5:07:a7:19:d4:6a:f0:2a:02:53:50:e4:e3:db:
                    06:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:3A:71:61:22:F1:54:8B:69:FC:D3:8F:62:E6:C6:5F:95:18:66:89
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/GDpxYSLxVItp_NOPYubGX5UYZok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:4c:03:5d:b2:23:d3:24:d9:0c:9c:e3:cb:e2:59:d7:e5:4e:
         72:b0:82:33:3e:2b:99:ea:d6:10:dd:68:f8:02:a8:96:f2:a9:
         99:be:96:13:a3:fd:e5:b4:a4:81:29:a3:b6:de:de:ef:5e:75:
         ba:13:32:13:47:5c:f7:47:d8:25:24:65:87:a1:f3:82:7f:ca:
         a9:52:f2:58:5a:e4:25:39:41:ec:35:ca:3a:5c:80:c4:81:fe:
         2a:bc:ba:b4:fc:67:99:39:0f:97:36:f7:39:28:6f:ea:41:4d:
         4e:71:31:05:cd:fd:23:40:1b:a4:6d:20:92:51:bd:44:b8:66:
         37:40:d0:14:99:25:72:5c:8f:42:a7:6f:d3:1f:c2:2c:52:45:
         56:5a:e0:5f:46:87:d7:c5:24:93:d9:28:db:b1:6a:fa:c1:6a:
         33:14:0d:76:9b:4a:6f:b1:1d:98:ed:ce:85:7a:0f:82:24:95:
         3e:12:5a:81:b2:de:63:d9:26:07:f9:a2:90:12:ea:e8:2f:b7:
         e4:9f:86:d2:53:de:78:bd:da:77:a7:23:d9:d7:47:f5:d2:c0:
         53:69:4b:d5:95:5d:27:f1:31:d7:a3:db:65:de:c7:17:f4:0d:
         c1:cb:79:f3:9d:1f:19:63:9a:24:58:81:41:e4:96:85:0f:57:
         99:90:f4:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ23Zfr0psk72uhGk82tNfszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjYwNDIyMjI1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODNhNzE2MTIyZjE1NDhiNjlmY2QzOGY2MmU2YzY1Zjk1MTg2Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0Rv732EkOkevxKWG6E2pnfV58Z+
8ZIzWeFzXWVWeh6s2gOeZuJyPPjkZ7sIvLQecM+H9T+DClt8FTPOo66jjMq3pxM6
obSUkdedJZWTxQ0FsuNStaKlGXVi27+BzFERQb/BV6wDR+A2kvnyfIIttmHwvMy6
JaVllgWU2AaNH/feK9K7UKvo9/jTL2goog37y+TExo9GmLlGO5Z6D3xsmPSnpjXK
T5VDJj1cbAgzQwdkgaA53PNsihlT9Mw0fPwMpd+BRPQxQJGHTFZLu5cYtwvN5P4n
BwsQZqMa6VjErdit6jE8EgJc871Qu4WM0y+65QenGdRq8CoCU1Dk49sGsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBg6cWEi8VSLafzTj2Lmxl+VGGaJMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvR0RweFlTTHhWSXRwX05PUFl1YkdYNVVZWm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRvMA0G
CSqGSIb3DQEBCwUAA4IBAQCXTANdsiPTJNkMnOPL4lnX5U5ysIIzPiuZ6tYQ3Wj4
AqiW8qmZvpYTo/3ltKSBKaO23t7vXnW6EzITR1z3R9glJGWHofOCf8qpUvJYWuQl
OUHsNco6XIDEgf4qvLq0/GeZOQ+XNvc5KG/qQU1OcTEFzf0jQBukbSCSUb1EuGY3
QNAUmSVyXI9Cp2/TH8IsUkVWWuBfRofXxSST2SjbsWr6wWozFA12m0pvsR2Y7c6F
eg+CJJU+ElqBst5j2SYH+aKQEuroL7fkn4bSU954vdp3pyPZ10f10sBTaUvVlV0n
8THXo9tl3scX9A3By3nznR8ZY5okWIFB5JaFD1eZkPQ2
-----END CERTIFICATE-----