Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/a7W4vQeQw0IYd5G5T60uWMaPKGs.roa
File:                     a7W4vQeQw0IYd5G5T60uWMaPKGs.roa (raw, json)
Hash identifier:          tRWFQQI0YZC0M7nzgTovhHQ6mNNC+raBd4UmVBuNPyo=
Subject key identifier:   6B:B5:B8:BD:07:90:C3:42:18:77:91:B9:4F:AD:2E:58:C6:8F:28:6B
Certificate issuer:       /CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
Certificate serial:       019E44CE13CF8FEB77CEC142A142D8BEE018
Authority key identifier: E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/a7W4vQeQw0IYd5G5T60uWMaPKGs.roa
Signing time:             Wed 20 May 2026 09:53:36 +0000
ROA not before:           Wed 20 May 2026 09:53:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31198
IP address blocks:        46.18.152.0/21 maxlen: 24
                          217.173.48.0/24 maxlen: 24
                          217.173.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 06:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:ce:13:cf:8f:eb:77:ce:c1:42:a1:42:d8:be:e0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
        Validity
            Not Before: May 20 09:53:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bb5b8bd0790c342187791b94fad2e58c68f286b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:19:69:35:70:fd:42:94:96:cd:0a:f0:ef:62:
                    b8:d8:1d:c4:76:cc:c4:ee:47:53:fb:ba:c5:ff:c5:
                    b2:7a:ab:bd:50:b8:81:28:9e:47:3b:04:c7:ae:6a:
                    21:11:2a:69:5e:60:3a:59:3e:7b:c7:31:43:2a:90:
                    f3:bf:b3:7a:4a:33:3b:83:a6:e4:45:05:05:f3:2d:
                    2f:dc:cc:19:97:bd:e5:72:b3:d7:4c:25:6f:7e:d5:
                    41:26:2a:ed:c6:1c:d5:c0:82:74:95:5c:b2:ca:ea:
                    17:75:31:d5:63:67:44:c4:69:c9:58:97:30:6c:7b:
                    ea:5b:18:d5:8d:a9:04:44:a6:93:ee:aa:c4:71:c1:
                    1b:73:03:1c:0d:8b:a5:f0:f6:78:39:55:69:ef:79:
                    2b:64:37:84:03:96:17:a7:6c:ec:fb:45:01:d1:41:
                    73:3b:ad:d5:83:6a:60:ec:01:75:23:f8:17:07:af:
                    e0:c7:b5:ab:74:d5:c0:80:df:0c:d1:d0:ef:91:1a:
                    66:71:c8:a9:2a:16:8c:b7:8d:39:74:ae:3b:d6:93:
                    7a:58:8a:51:4a:e1:00:8c:1d:8e:92:1d:14:97:72:
                    58:be:2d:aa:f0:f6:cc:0a:f2:b6:1f:01:99:6d:db:
                    af:93:63:e5:92:bd:c7:c2:d7:04:1a:49:78:6b:7b:
                    5f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:B5:B8:BD:07:90:C3:42:18:77:91:B9:4F:AD:2E:58:C6:8F:28:6B
            X509v3 Authority Key Identifier:
                keyid:E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/a7W4vQeQw0IYd5G5T60uWMaPKGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.152.0/21
                  217.173.48.0/24
                  217.173.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:8a:0c:40:8f:6c:26:dc:4f:a4:f0:4b:9a:0e:d1:42:8f:b4:
         05:fc:c0:30:24:39:f3:37:aa:ea:7f:d8:94:5f:7d:ec:d1:e7:
         24:09:e1:59:2f:78:bf:76:df:04:f7:b3:2b:4b:2c:bb:5f:c4:
         6c:cc:2e:b9:01:fe:85:8f:d2:25:34:30:f0:66:d1:b8:d6:c9:
         28:60:ce:db:54:ab:7a:5c:96:b4:41:06:fa:f5:b8:7f:9d:a1:
         9e:3a:1b:3d:12:1d:ab:8f:3f:a2:ab:85:79:e4:3b:c0:0f:c1:
         47:52:87:6d:f9:78:12:09:11:cd:4e:9e:b6:4d:96:49:7b:d3:
         92:03:99:a0:52:20:9d:25:71:e8:f7:0b:49:a4:5c:d0:d7:b9:
         e5:60:73:cd:60:8d:08:83:31:4a:cc:5a:e3:91:e8:48:b3:45:
         78:87:63:32:51:3f:cd:8d:8a:e2:7c:dd:fb:7b:a8:33:39:12:
         e2:6c:aa:6f:58:52:7b:33:90:eb:0a:b8:13:c9:84:ae:78:ae:
         5a:c1:06:03:f1:f5:c8:55:b8:08:7d:33:48:a6:1c:3d:82:68:
         66:47:e3:ac:41:8c:4a:71:c2:1e:66:f5:8c:52:2a:c8:15:f4:
         ac:fe:8b:5e:b2:7a:14:74:59:b1:06:c9:fe:f1:6a:0f:8c:b0:
         bd:d0:c6:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5EzhPPj+t3zsFCoULYvuAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYjFlMmU0YzUwOGM2YzdhOThiNjU5ODUyODc0NWM4MTNm
YWQzMWQwHhcNMjYwNTIwMDk1MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmI1YjhiZDA3OTBjMzQyMTg3NzkxYjk0ZmFkMmU1OGM2OGYyODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRlpNXD9QpSWzQrw72K42B3EdszE
7kdT+7rF/8Wyequ9ULiBKJ5HOwTHrmohESppXmA6WT57xzFDKpDzv7N6SjM7g6bk
RQUF8y0v3MwZl73lcrPXTCVvftVBJirtxhzVwIJ0lVyyyuoXdTHVY2dExGnJWJcw
bHvqWxjVjakERKaT7qrEccEbcwMcDYul8PZ4OVVp73krZDeEA5YXp2zs+0UB0UFz
O63Vg2pg7AF1I/gXB6/gx7WrdNXAgN8M0dDvkRpmccipKhaMt405dK471pN6WIpR
SuEAjB2Okh0Ul3JYvi2q8PbMCvK2HwGZbduvk2Plkr3HwtcEGkl4a3tfEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGu1uL0HkMNCGHeRuU+tLljGjyhrMB8GA1UdIwQY
MBaAFOKx4uTFCMbHqYtlmFKHRcgT+tMdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2Et
NTQzZDYxODJlMjk0LzEvYTdXNHZRZVF3MElZZDVHNVQ2MHVXTWFQS0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2EtNTQzZDYxODJlMjk0
LzEvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLhKYAwQA
2a0wAwQA2a0/MA0GCSqGSIb3DQEBCwUAA4IBAQAOigxAj2wm3E+k8EuaDtFCj7QF
/MAwJDnzN6rqf9iUX33s0eckCeFZL3i/dt8E97MrSyy7X8RszC65Af6Fj9IlNDDw
ZtG41skoYM7bVKt6XJa0QQb69bh/naGeOhs9Eh2rjz+iq4V55DvAD8FHUodt+XgS
CRHNTp62TZZJe9OSA5mgUiCdJXHo9wtJpFzQ17nlYHPNYI0IgzFKzFrjkehIs0V4
h2MyUT/NjYrifN37e6gzORLibKpvWFJ7M5DrCrgTyYSueK5awQYD8fXIVbgIfTNI
phw9gmhmR+OsQYxKccIeZvWMUirIFfSs/otesnoUdFmxBsn+8WoPjLC90MbQ
-----END CERTIFICATE-----