Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/bsvN2b5UZsB0fGW7kiw7OedgIDE.roa
File:                     bsvN2b5UZsB0fGW7kiw7OedgIDE.roa (raw, json)
Hash identifier:          YACRChowg54sllVK3l+6K9IbWrwbmt0gZsObr1HWNsI=
Subject key identifier:   6E:CB:CD:D9:BE:54:66:C0:74:7C:65:BB:92:2C:3B:39:E7:60:20:31
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019E822339D94D41747B6084399D44260A55
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/bsvN2b5UZsB0fGW7kiw7OedgIDE.roa
Signing time:             Mon 01 Jun 2026 07:43:27 +0000
ROA not before:           Mon 01 Jun 2026 07:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6830
IP address blocks:        46.34.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:23:39:d9:4d:41:74:7b:60:84:39:9d:44:26:0a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jun  1 07:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ecbcdd9be5466c0747c65bb922c3b39e7602031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c3:99:d7:02:c5:f1:37:9d:48:ca:3d:05:84:
                    a4:c7:7f:b3:78:61:50:a6:bd:93:88:c2:c0:a6:ec:
                    ff:e5:8b:b2:5f:63:83:d6:6d:30:b0:68:8a:13:07:
                    a5:98:92:d4:9b:a6:6e:bf:6d:d0:61:94:60:eb:fc:
                    fa:0a:5f:38:19:d6:dc:47:b3:97:67:61:92:97:f5:
                    b8:63:60:1c:01:94:6d:eb:31:76:70:7d:f5:f2:6a:
                    c6:4a:58:71:f9:3e:ad:0a:8e:14:18:79:1d:5e:a8:
                    34:ff:bc:03:5b:7c:12:cf:3f:8f:dd:ca:71:af:2c:
                    d3:57:21:f9:6e:2b:af:7e:37:98:a4:5d:00:f4:03:
                    0d:7a:2e:41:3d:ec:eb:49:fb:40:40:2d:5a:e3:96:
                    9e:fb:c3:a5:fd:86:d4:8f:f8:c5:bb:f8:f8:1d:17:
                    ed:03:83:8e:bf:3b:3c:5e:86:d3:97:54:0c:11:16:
                    1a:51:9d:de:ee:9a:38:d3:97:23:05:28:96:f7:11:
                    d3:f8:37:da:19:75:10:ca:38:d1:46:8b:53:86:81:
                    e8:4d:35:1f:c0:dc:78:8c:23:32:4a:6e:61:19:f9:
                    aa:fd:3a:0b:5f:ef:93:fb:ba:31:3e:c8:e4:c2:6a:
                    7c:db:72:74:70:ed:ee:dd:cc:aa:0d:8d:ac:cc:8f:
                    28:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:CB:CD:D9:BE:54:66:C0:74:7C:65:BB:92:2C:3B:39:E7:60:20:31
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/bsvN2b5UZsB0fGW7kiw7OedgIDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:5e:3e:32:3c:d3:52:43:9d:bd:9b:a0:24:46:87:ab:a7:01:
         4e:45:76:65:cb:bb:90:9a:de:35:ca:10:67:86:6b:7b:a5:6f:
         fc:0e:a4:04:f6:57:85:8a:16:7f:1b:41:0b:1b:16:2a:1a:a3:
         23:dd:d9:ca:80:37:ca:e6:a5:96:51:99:48:1d:7f:73:b1:ae:
         c8:99:7e:38:d0:55:83:7e:6d:bc:08:6b:f0:10:06:67:07:39:
         cf:a3:75:aa:e0:28:8c:4b:b7:a4:ba:e4:4a:46:e2:c3:23:45:
         32:ac:13:9d:8b:87:6b:26:75:c6:76:49:78:db:1f:19:95:3d:
         73:79:03:ba:bb:a5:88:71:9b:67:e9:fa:f1:71:ee:dc:7e:82:
         b0:f9:2a:1e:6e:41:23:72:b2:6a:13:f1:c6:27:13:a0:25:d9:
         1f:36:3a:f1:d9:59:2c:65:df:03:db:39:5f:82:d6:a4:3d:23:
         57:ea:91:93:c5:7e:e9:46:f2:f5:4d:d7:95:da:16:0a:04:6c:
         9e:21:43:f8:5f:c2:2a:bb:04:aa:09:16:db:34:a5:ef:5d:dc:
         88:a2:e2:fb:c7:7c:fb:6a:b6:fc:10:3f:e3:d7:e1:39:4b:79:
         05:6b:03:6d:eb:33:c7:56:74:2d:7c:23:60:c5:9b:c6:80:27:
         56:1c:29:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6CIznZTUF0e2CEOZ1EJgpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjYwNjAxMDc0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWNiY2RkOWJlNTQ2NmMwNzQ3YzY1YmI5MjJjM2IzOWU3NjAyMDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcOZ1wLF8TedSMo9BYSkx3+zeGFQ
pr2TiMLApuz/5YuyX2OD1m0wsGiKEwelmJLUm6Zuv23QYZRg6/z6Cl84GdbcR7OX
Z2GSl/W4Y2AcAZRt6zF2cH318mrGSlhx+T6tCo4UGHkdXqg0/7wDW3wSzz+P3cpx
ryzTVyH5biuvfjeYpF0A9AMNei5BPezrSftAQC1a45ae+8Ol/YbUj/jFu/j4HRft
A4OOvzs8XobTl1QMERYaUZ3e7po405cjBSiW9xHT+DfaGXUQyjjRRotThoHoTTUf
wNx4jCMySm5hGfmq/ToLX++T+7oxPsjkwmp823J0cO3u3cyqDY2szI8oBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7Lzdm+VGbAdHxlu5IsOznnYCAxMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvYnN2TjJiNVVac0IwZkdXN2tpdzdPZWRnSURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiItMA0G
CSqGSIb3DQEBCwUAA4IBAQAAXj4yPNNSQ529m6AkRoerpwFORXZly7uQmt41yhBn
hmt7pW/8DqQE9leFihZ/G0ELGxYqGqMj3dnKgDfK5qWWUZlIHX9zsa7ImX440FWD
fm28CGvwEAZnBznPo3Wq4CiMS7ekuuRKRuLDI0UyrBOdi4drJnXGdkl42x8ZlT1z
eQO6u6WIcZtn6frxce7cfoKw+SoebkEjcrJqE/HGJxOgJdkfNjrx2VksZd8D2zlf
gtakPSNX6pGTxX7pRvL1TdeV2hYKBGyeIUP4X8IquwSqCRbbNKXvXdyIouL7x3z7
arb8ED/j1+E5S3kFawNt6zPHVnQtfCNgxZvGgCdWHCml
-----END CERTIFICATE-----