Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/2Wsgqp2TGokFCZ_NeFbUK_NoCUE.roa
File:                     2Wsgqp2TGokFCZ_NeFbUK_NoCUE.roa (raw, json)
Hash identifier:          K9LAQ/2ByjkjvTgzSFNqu6Nlr4OuYkpg3jDQS8wh9cw=
Subject key identifier:   D9:6B:20:AA:9D:93:1A:89:05:09:9F:CD:78:56:D4:2B:F3:68:09:41
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       0195A888138ED4C173AFBFD57AD91D57FFFE
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/2Wsgqp2TGokFCZ_NeFbUK_NoCUE.roa
Signing time:             Tue 18 Mar 2025 09:14:04 +0000
ROA not before:           Tue 18 Mar 2025 09:14:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.32.0/22 maxlen: 24
                          46.233.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a8:88:13:8e:d4:c1:73:af:bf:d5:7a:d9:1d:57:ff:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Mar 18 09:14:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d96b20aa9d931a8905099fcd7856d42bf3680941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c1:c6:10:2a:7a:14:cc:9b:6e:b4:20:4a:c4:
                    45:56:a3:85:8f:a9:88:8e:55:fd:47:22:c6:53:0b:
                    96:a1:d7:96:a3:ed:87:6e:9e:57:d2:1e:ec:88:fe:
                    d3:fb:46:3f:17:2d:d9:ad:b3:00:d7:b9:48:07:e2:
                    a9:3f:ea:8d:0c:bf:4a:89:0a:bd:1c:dc:56:f7:94:
                    ca:ec:6f:aa:6d:b7:cd:26:ff:59:d6:aa:c0:01:8c:
                    83:78:ff:4d:4c:f4:f5:9e:4a:9a:4f:83:c8:c8:d9:
                    c5:13:9e:e0:47:51:29:24:9f:cb:a6:d8:09:55:2d:
                    e3:71:4b:8b:ee:27:5a:5f:03:90:d8:a1:90:24:fd:
                    64:b8:d0:9d:a9:40:24:63:df:80:5c:df:42:db:19:
                    2e:43:d7:25:83:42:3a:4c:fc:1d:c2:82:56:b9:3a:
                    54:09:2a:33:1c:3a:12:86:c3:db:f3:7d:cb:15:32:
                    6c:89:f5:7b:78:12:4f:fc:18:83:38:28:0b:f7:82:
                    9c:e1:15:02:99:f3:b3:fa:18:02:9f:0d:a5:a5:65:
                    56:e2:4b:a3:cf:3b:e9:7b:7b:90:7a:73:78:91:10:
                    e4:83:fb:86:0e:ba:d8:b8:86:d6:d4:98:7c:e5:7e:
                    9f:59:b9:35:6d:76:d8:5b:93:87:db:07:05:e7:bc:
                    ad:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6B:20:AA:9D:93:1A:89:05:09:9F:CD:78:56:D4:2B:F3:68:09:41
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/2Wsgqp2TGokFCZ_NeFbUK_NoCUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.32.0/22
                  46.233.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:f5:66:6e:29:6a:85:81:bf:5d:2e:19:93:09:5b:14:7a:1e:
         4c:b6:5c:ed:e1:f9:ca:26:3d:db:87:e7:07:bb:93:cb:d8:e3:
         d3:49:28:34:81:85:34:ef:ef:a0:d4:bd:d0:29:14:47:45:33:
         8e:37:d1:1e:8b:07:7f:bf:a8:27:e5:c9:7e:bc:82:af:0e:93:
         69:cd:eb:6a:d8:cd:99:2f:35:f8:13:6f:42:81:01:5b:08:f1:
         fd:23:3f:6d:19:3f:8d:b5:25:1f:49:b1:61:40:68:22:2e:6a:
         06:f4:8e:89:73:8f:b3:a5:b6:54:e0:9e:cd:34:65:c7:b4:99:
         d0:ef:9e:40:e0:d2:72:8c:02:2a:58:5a:92:32:e2:bf:ec:db:
         59:51:a5:31:d9:4b:de:38:9c:2f:cf:52:e1:13:b0:9b:a4:fe:
         fb:d3:48:23:1b:5c:dd:82:b1:18:36:0b:8a:11:94:e3:c1:ee:
         9e:65:88:cb:fb:20:a0:49:5b:3a:e3:aa:47:d5:34:ae:90:9d:
         9a:f6:78:df:17:6b:16:3a:64:81:de:12:34:25:bc:7e:47:87:
         37:9a:3f:59:ca:70:29:d3:bd:a9:29:1c:f9:2b:b1:19:ab:20:
         cb:69:87:18:ca:05:c5:c3:ec:bb:9e:db:4e:be:fa:01:8d:b2:
         39:8c:74:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWoiBOO1MFzr7/VetkdV//+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwMzE4MDkxNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTZiMjBhYTlkOTMxYTg5MDUwOTlmY2Q3ODU2ZDQyYmYzNjgwOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMHGECp6FMybbrQgSsRFVqOFj6mI
jlX9RyLGUwuWodeWo+2Hbp5X0h7siP7T+0Y/Fy3ZrbMA17lIB+KpP+qNDL9KiQq9
HNxW95TK7G+qbbfNJv9Z1qrAAYyDeP9NTPT1nkqaT4PIyNnFE57gR1EpJJ/LptgJ
VS3jcUuL7idaXwOQ2KGQJP1kuNCdqUAkY9+AXN9C2xkuQ9clg0I6TPwdwoJWuTpU
CSozHDoShsPb833LFTJsifV7eBJP/BiDOCgL94Kc4RUCmfOz+hgCnw2lpWVW4kuj
zzvpe3uQenN4kRDkg/uGDrrYuIbW1Jh85X6fWbk1bXbYW5OH2wcF57yt8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNlrIKqdkxqJBQmfzXhW1CvzaAlBMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvMldzZ3FwMlRHb2tGQ1pfTmVGYlVLX05vQ1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLukgAwQB
LukqMA0GCSqGSIb3DQEBCwUAA4IBAQCe9WZuKWqFgb9dLhmTCVsUeh5Mtlzt4fnK
Jj3bh+cHu5PL2OPTSSg0gYU07++g1L3QKRRHRTOON9Eeiwd/v6gn5cl+vIKvDpNp
zetq2M2ZLzX4E29CgQFbCPH9Iz9tGT+NtSUfSbFhQGgiLmoG9I6Jc4+zpbZU4J7N
NGXHtJnQ755A4NJyjAIqWFqSMuK/7NtZUaUx2UveOJwvz1LhE7CbpP7700gjG1zd
grEYNguKEZTjwe6eZYjL+yCgSVs646pH1TSukJ2a9njfF2sWOmSB3hI0Jbx+R4c3
mj9ZynAp072pKRz5K7EZqyDLaYcYygXFw+y7nttOvvoBjbI5jHTw
-----END CERTIFICATE-----