Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Nm74nw9-DBQVMhcuItU_tZfAL2k.roa
File:                     Nm74nw9-DBQVMhcuItU_tZfAL2k.roa (raw, json)
Hash identifier:          RyPc37bXaWUgAbxVMkVJRhAAvwA/KA0JIapwb+nu+pE=
Subject key identifier:   36:6E:F8:9F:0F:7E:0C:14:15:32:17:2E:22:D5:3F:B5:97:C0:2F:69
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019D67792A29E2EC67F85DD65F04366305EB
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Nm74nw9-DBQVMhcuItU_tZfAL2k.roa
Signing time:             Tue 07 Apr 2026 10:24:46 +0000
ROA not before:           Tue 07 Apr 2026 10:24:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        46.233.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:79:2a:29:e2:ec:67:f8:5d:d6:5f:04:36:63:05:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Apr  7 10:24:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=366ef89f0f7e0c141532172e22d53fb597c02f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:dc:5e:e8:05:5c:60:d1:e8:53:fd:ae:b5:f6:
                    d6:ed:c4:e1:16:08:6e:ba:33:da:c1:e4:21:37:76:
                    10:b3:84:e8:c8:bb:04:5d:86:af:52:1c:67:8b:2a:
                    68:d2:11:15:ab:b4:58:a1:22:21:6d:27:3f:45:22:
                    42:26:15:85:81:27:13:e7:01:26:83:80:b8:78:1a:
                    65:9f:21:82:1d:c4:f1:a4:20:99:f6:96:b4:88:17:
                    b4:a7:5e:a7:65:a6:14:66:36:52:06:55:86:8c:ac:
                    98:b0:dc:44:27:2f:8e:f3:56:0a:77:b0:1d:72:85:
                    f8:d6:60:21:97:48:fd:09:27:21:b1:f5:6b:fb:b9:
                    8c:ce:16:0c:15:9e:5b:53:5b:c6:38:69:7b:3d:04:
                    d0:23:4f:f5:ee:c0:70:03:7f:57:e1:c2:8a:18:ad:
                    26:40:ae:74:ce:95:c8:e0:ff:f6:9a:6f:ba:bf:b1:
                    9a:ed:bb:53:38:3f:9b:fe:85:a8:00:c9:8e:53:05:
                    a6:93:b0:5b:7b:ac:61:0d:79:d2:dd:4b:75:df:44:
                    03:66:76:bc:e6:08:d0:fc:8b:da:9c:f2:df:f4:59:
                    c4:87:d9:ef:f0:72:e4:3d:94:2a:e7:c4:a2:33:ec:
                    55:e0:bf:ad:93:63:61:82:ff:37:e2:8c:c7:dc:d6:
                    a5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:6E:F8:9F:0F:7E:0C:14:15:32:17:2E:22:D5:3F:B5:97:C0:2F:69
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Nm74nw9-DBQVMhcuItU_tZfAL2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:f9:48:79:fc:2f:80:99:72:6f:6f:44:92:a5:56:c9:11:db:
         48:82:6b:1f:cb:b4:99:cd:00:ef:ee:3e:ab:8b:d9:a3:cd:7e:
         80:ae:0e:73:ba:a3:2e:61:6e:aa:4e:47:0a:65:4e:bd:78:b0:
         24:de:d5:d8:5b:6c:a1:3f:96:05:48:eb:8e:f2:ad:50:61:1d:
         5f:e7:ba:58:8e:ba:1a:d4:a5:ad:15:05:6b:6e:0c:b1:c0:7f:
         ea:1f:d2:19:a4:75:3c:1e:a7:8b:01:d8:dd:42:9b:3c:54:c7:
         bc:f5:6d:ef:bd:74:e2:9c:81:a3:d6:15:aa:5d:ba:cf:5f:57:
         f9:47:a1:cb:13:ed:a9:04:6b:2b:9e:ea:1d:d9:99:65:c5:06:
         b4:36:39:61:07:e4:b4:df:80:58:eb:bb:0a:b9:2c:51:3c:47:
         c4:e0:42:62:0d:44:f0:32:70:f4:39:af:f4:27:d3:a7:c2:5f:
         de:84:35:b6:b7:0f:5a:e0:32:58:0b:77:7e:cc:38:68:e6:ee:
         5c:52:3c:8b:2f:7f:8c:76:34:74:9e:80:a4:6c:6c:78:a7:b3:
         b1:bb:58:1e:df:c3:92:89:c9:f6:05:a8:f7:21:f0:cc:57:57:
         12:74:33:39:e8:26:b2:c0:24:c5:fd:48:39:3e:c4:60:a5:12:
         4d:e6:4b:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1neSop4uxn+F3WXwQ2YwXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjYwNDA3MTAyNDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjZlZjg5ZjBmN2UwYzE0MTUzMjE3MmUyMmQ1M2ZiNTk3YzAyZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtxe6AVcYNHoU/2utfbW7cThFghu
ujPaweQhN3YQs4ToyLsEXYavUhxniypo0hEVq7RYoSIhbSc/RSJCJhWFgScT5wEm
g4C4eBplnyGCHcTxpCCZ9pa0iBe0p16nZaYUZjZSBlWGjKyYsNxEJy+O81YKd7Ad
coX41mAhl0j9CSchsfVr+7mMzhYMFZ5bU1vGOGl7PQTQI0/17sBwA39X4cKKGK0m
QK50zpXI4P/2mm+6v7Ga7btTOD+b/oWoAMmOUwWmk7Bbe6xhDXnS3Ut130QDZna8
5gjQ/IvanPLf9FnEh9nv8HLkPZQq58SiM+xV4L+tk2Nhgv834ozH3NalCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZu+J8PfgwUFTIXLiLVP7WXwC9pMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvTm03NG53OS1EQlFWTWhjdUl0VV90WmZBTDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukjMA0G
CSqGSIb3DQEBCwUAA4IBAQAq+Uh5/C+AmXJvb0SSpVbJEdtIgmsfy7SZzQDv7j6r
i9mjzX6Arg5zuqMuYW6qTkcKZU69eLAk3tXYW2yhP5YFSOuO8q1QYR1f57pYjroa
1KWtFQVrbgyxwH/qH9IZpHU8HqeLAdjdQps8VMe89W3vvXTinIGj1hWqXbrPX1f5
R6HLE+2pBGsrnuod2ZllxQa0NjlhB+S034BY67sKuSxRPEfE4EJiDUTwMnD0Oa/0
J9Onwl/ehDW2tw9a4DJYC3d+zDho5u5cUjyLL3+MdjR0noCkbGx4p7Oxu1ge38OS
icn2Baj3IfDMV1cSdDM56CaywCTF/Ug5PsRgpRJN5kuY
-----END CERTIFICATE-----