Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/8el_85ZAH8aq3AEKg2owSg43oEs.roa
File:                     8el_85ZAH8aq3AEKg2owSg43oEs.roa (raw, json)
Hash identifier:          ZN2s6r11cxbxo8vjSw7bFeJsSnkCygEY0SgCumj8ptw=
Subject key identifier:   F1:E9:7F:F3:96:40:1F:C6:AA:DC:01:0A:83:6A:30:4A:0E:37:A0:4B
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019A1B6879A140E18CDB74AA67070BFD9E64
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/8el_85ZAH8aq3AEKg2owSg43oEs.roa
Signing time:             Sat 25 Oct 2025 12:47:03 +0000
ROA not before:           Sat 25 Oct 2025 12:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.35.0/24 maxlen: 24
                          46.233.42.0/23 maxlen: 23
                          46.233.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1b:68:79:a1:40:e1:8c:db:74:aa:67:07:0b:fd:9e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Oct 25 12:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1e97ff396401fc6aadc010a836a304a0e37a04b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6f:43:66:bc:51:97:89:28:f3:00:83:00:8a:
                    f1:66:41:7f:b3:95:f9:bb:d7:31:15:42:de:59:04:
                    a7:9d:d8:e4:a0:86:f5:d9:55:02:f1:08:a8:a4:f8:
                    85:0b:cf:b5:8d:ec:7d:92:ec:2c:1b:40:09:44:86:
                    67:08:cb:27:44:76:a8:3d:7d:7c:de:9a:61:97:7e:
                    b1:37:b1:a5:5b:04:fd:9d:12:20:64:1d:f3:01:f1:
                    9b:c3:6a:fd:42:35:79:dd:1b:72:2a:bf:50:fa:21:
                    09:a4:ef:bf:01:40:7e:f5:a8:55:5a:8e:63:e9:9b:
                    c2:51:82:56:27:b0:35:fe:6a:fa:49:49:5e:8f:e0:
                    e1:da:b7:86:d3:00:8e:51:88:b2:6c:b0:fc:5c:df:
                    a9:a1:35:f5:0f:72:eb:bc:9e:41:d4:e9:96:79:b4:
                    72:c0:f1:fe:82:98:f1:be:51:7b:57:23:b8:de:f9:
                    2c:e9:d9:62:b1:f3:26:d3:e8:72:27:35:ea:76:74:
                    cf:a6:47:9d:d2:ef:2f:82:a1:4e:06:a9:33:d1:27:
                    c3:fc:61:b4:97:b3:b1:80:4d:f1:91:1a:8d:45:17:
                    f8:a7:fe:b6:08:e7:ed:e1:73:f8:a2:d6:06:80:bf:
                    f3:7e:cc:2f:b5:5a:68:22:9e:9e:b0:4e:cb:e1:10:
                    3f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E9:7F:F3:96:40:1F:C6:AA:DC:01:0A:83:6A:30:4A:0E:37:A0:4B
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/8el_85ZAH8aq3AEKg2owSg43oEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.35.0/24
                  46.233.42.0/23
                  46.233.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:de:50:0e:62:ca:db:82:e5:bb:5e:f2:34:2c:e5:d9:1b:93:
         6a:4f:92:5e:10:41:ac:e5:af:86:47:7d:5a:f7:b8:48:cd:bf:
         3d:16:19:0b:5c:69:52:be:82:12:5e:a3:38:af:8c:91:7c:24:
         3f:8d:78:b4:2d:c0:b5:f4:40:94:0c:79:76:38:a3:b3:9a:b4:
         1a:b7:66:59:9f:e1:f5:14:db:85:ee:1f:58:a4:59:af:46:66:
         64:d4:0b:d3:6c:1f:76:ef:b6:4c:2c:33:2d:e7:35:38:ee:bf:
         9d:2e:0d:e6:06:28:f3:fb:07:d2:40:11:ff:6b:2c:83:90:29:
         c4:06:d7:be:85:86:56:4c:e6:40:c2:14:b7:63:46:c1:ed:c2:
         6d:3d:78:37:8a:d3:2f:d2:ef:c7:2a:d8:61:f7:6f:f5:27:8e:
         28:ba:72:f7:48:9c:95:e2:3d:82:23:58:15:c1:b6:17:6b:04:
         5c:54:f7:c3:12:b8:d2:e3:25:d9:44:5f:d9:64:5f:e2:b5:ba:
         8e:78:c9:35:c7:23:14:04:e0:41:cc:c6:45:89:7f:05:16:29:
         7d:0f:ba:da:5b:aa:12:8c:dd:c0:ef:a2:62:18:2f:b1:3c:53:
         06:75:f0:74:96:da:bb:1d:5e:30:09:3c:7c:c8:0c:1c:f8:29:
         53:9b:50:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZobaHmhQOGM23SqZwcL/Z5kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUxMDI1MTI0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWU5N2ZmMzk2NDAxZmM2YWFkYzAxMGE4MzZhMzA0YTBlMzdhMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2G9DZrxRl4ko8wCDAIrxZkF/s5X5
u9cxFULeWQSnndjkoIb12VUC8QiopPiFC8+1jex9kuwsG0AJRIZnCMsnRHaoPX18
3pphl36xN7GlWwT9nRIgZB3zAfGbw2r9QjV53RtyKr9Q+iEJpO+/AUB+9ahVWo5j
6ZvCUYJWJ7A1/mr6SUlej+Dh2reG0wCOUYiybLD8XN+poTX1D3LrvJ5B1OmWebRy
wPH+gpjxvlF7VyO43vks6dlisfMm0+hyJzXqdnTPpked0u8vgqFOBqkz0SfD/GG0
l7OxgE3xkRqNRRf4p/62COft4XP4otYGgL/zfswvtVpoIp6esE7L4RA/1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPHpf/OWQB/GqtwBCoNqMEoON6BLMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvOGVsXzg1WkFIOGFxM0FFS2cyb3dTZzQzb0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALukjAwQB
LukqAwQALuk0MA0GCSqGSIb3DQEBCwUAA4IBAQAX3lAOYsrbguW7XvI0LOXZG5Nq
T5JeEEGs5a+GR31a97hIzb89FhkLXGlSvoISXqM4r4yRfCQ/jXi0LcC19ECUDHl2
OKOzmrQat2ZZn+H1FNuF7h9YpFmvRmZk1AvTbB9277ZMLDMt5zU47r+dLg3mBijz
+wfSQBH/ayyDkCnEBte+hYZWTOZAwhS3Y0bB7cJtPXg3itMv0u/HKthh92/1J44o
unL3SJyV4j2CI1gVwbYXawRcVPfDErjS4yXZRF/ZZF/itbqOeMk1xyMUBOBBzMZF
iX8FFil9D7raW6oSjN3A76JiGC+xPFMGdfB0ltq7HV4wCTx8yAwc+ClTm1B3
-----END CERTIFICATE-----