Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/7hIkQn8GxpM4cY34bKGa28GSqos.roa
File:                     7hIkQn8GxpM4cY34bKGa28GSqos.roa (raw, json)
Hash identifier:          rOk0uLCh36yXsLFrgkM5Fqtph2S5eaaoBNpLe6z7U+Q=
Subject key identifier:   EE:12:24:42:7F:06:C6:93:38:71:8D:F8:6C:A1:9A:DB:C1:92:AA:8B
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019D2A41A2CC477EADFB477DBA7CCE0F2BF1
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/7hIkQn8GxpM4cY34bKGa28GSqos.roa
Signing time:             Thu 26 Mar 2026 13:07:17 +0000
ROA not before:           Thu 26 Mar 2026 13:07:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        46.233.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:41:a2:cc:47:7e:ad:fb:47:7d:ba:7c:ce:0f:2b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Mar 26 13:07:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee1224427f06c69338718df86ca19adbc192aa8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5d:50:7f:d2:82:7f:21:27:2d:10:ed:07:cc:
                    c1:c7:e4:fe:0a:33:0e:2f:db:57:88:82:92:ca:22:
                    33:c6:fd:d5:5e:e7:25:8e:e3:d5:24:07:12:37:93:
                    3e:0a:f9:51:be:ca:03:92:07:be:86:e5:cf:c6:1b:
                    89:93:15:8a:da:94:d5:7a:0f:47:2b:f8:13:aa:9a:
                    98:27:72:a3:ee:27:c8:15:e5:78:71:98:bf:9e:7b:
                    9c:5f:51:a9:2c:cb:3d:e9:2a:51:52:21:c1:e4:30:
                    9a:14:51:d1:21:43:db:27:86:20:60:a3:e0:af:40:
                    15:33:45:70:c9:c2:72:78:96:12:08:1f:7d:6b:7b:
                    4c:30:44:bf:f0:99:0b:0f:2a:e9:09:ba:c5:a8:6a:
                    5f:b1:ed:36:15:fe:3b:c2:48:9a:cf:56:c8:41:eb:
                    33:ed:b4:20:da:c4:fa:40:5b:e8:2f:8f:8e:4c:78:
                    d2:ed:4b:07:de:0e:d6:23:90:80:09:2c:20:de:70:
                    89:44:3a:90:39:6a:34:fa:6b:a2:4a:34:ff:5b:8d:
                    80:1f:51:2d:16:1f:94:eb:6e:18:8b:f2:80:0a:a7:
                    14:27:1d:70:c0:89:4a:46:29:de:2b:ec:3b:96:79:
                    81:88:d5:ce:78:22:62:16:c8:45:da:ac:ce:72:8d:
                    1e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:12:24:42:7F:06:C6:93:38:71:8D:F8:6C:A1:9A:DB:C1:92:AA:8B
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/7hIkQn8GxpM4cY34bKGa28GSqos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:6f:1b:80:e9:d5:f2:14:cb:ee:e7:1e:66:2b:db:95:ba:da:
         d0:18:90:48:ec:95:28:1a:d7:e0:77:76:93:33:92:e3:8c:09:
         b9:a5:c4:87:e8:f3:93:2f:08:d5:66:86:73:07:89:1e:b4:0c:
         c6:24:ac:39:6f:21:5d:94:fa:f4:7c:7a:ae:db:75:7e:9e:76:
         f6:26:e1:47:bc:39:e6:d4:9c:d3:4a:78:0c:b6:4f:54:9e:50:
         db:d6:13:89:88:be:1c:a7:b9:8d:22:4e:56:58:57:55:8e:eb:
         15:e2:37:a5:d7:0c:d9:e9:6e:05:4e:74:e9:27:0c:6e:b7:b5:
         38:cc:ad:2b:e3:a0:ac:28:9e:22:b0:51:fb:c4:84:2e:ee:ff:
         c5:57:f7:82:09:5e:3f:65:d4:a2:c8:cc:54:c9:f3:fd:6f:a2:
         3c:2a:5c:5e:44:7e:4e:84:17:30:77:04:60:41:de:64:d7:55:
         c6:a5:dc:8b:f0:57:97:01:11:a1:76:92:72:1a:bc:d2:ac:88:
         ce:39:c3:7a:0b:5b:73:7d:b7:cf:39:31:96:04:5c:a2:12:f1:
         34:d2:5f:00:06:13:63:84:68:be:2f:b8:34:cb:3d:86:02:80:
         59:61:f8:bb:8f:77:b5:71:2e:0c:f0:c0:c3:d8:0a:ee:67:5a:
         fb:66:cc:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0qQaLMR36t+0d9unzODyvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjYwMzI2MTMwNzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTEyMjQ0MjdmMDZjNjkzMzg3MThkZjg2Y2ExOWFkYmMxOTJhYThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo11Qf9KCfyEnLRDtB8zBx+T+CjMO
L9tXiIKSyiIzxv3VXucljuPVJAcSN5M+CvlRvsoDkge+huXPxhuJkxWK2pTVeg9H
K/gTqpqYJ3Kj7ifIFeV4cZi/nnucX1GpLMs96SpRUiHB5DCaFFHRIUPbJ4YgYKPg
r0AVM0VwycJyeJYSCB99a3tMMES/8JkLDyrpCbrFqGpfse02Ff47wkiaz1bIQesz
7bQg2sT6QFvoL4+OTHjS7UsH3g7WI5CACSwg3nCJRDqQOWo0+muiSjT/W42AH1Et
Fh+U624Yi/KACqcUJx1wwIlKRineK+w7lnmBiNXOeCJiFshF2qzOco0ehwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4SJEJ/BsaTOHGN+GyhmtvBkqqLMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvN2hJa1FuOEd4cE00Y1kzNGJLR2EyOEdTcW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukiMA0G
CSqGSIb3DQEBCwUAA4IBAQAwbxuA6dXyFMvu5x5mK9uVutrQGJBI7JUoGtfgd3aT
M5LjjAm5pcSH6POTLwjVZoZzB4ketAzGJKw5byFdlPr0fHqu23V+nnb2JuFHvDnm
1JzTSngMtk9UnlDb1hOJiL4cp7mNIk5WWFdVjusV4jel1wzZ6W4FTnTpJwxut7U4
zK0r46CsKJ4isFH7xIQu7v/FV/eCCV4/ZdSiyMxUyfP9b6I8KlxeRH5OhBcwdwRg
Qd5k11XGpdyL8FeXARGhdpJyGrzSrIjOOcN6C1tzfbfPOTGWBFyiEvE00l8ABhNj
hGi+L7g0yz2GAoBZYfi7j3e1cS4M8MDD2AruZ1r7Zszk
-----END CERTIFICATE-----