Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/F71lf1rO3_j_YrGDLp8vXCnWwNQ.roa
File:                     F71lf1rO3_j_YrGDLp8vXCnWwNQ.roa (raw, json)
Hash identifier:          2T6cEG+G6vR7CgItj3CD3tb1JHo1M1LaioFUbAKMaFQ=
Subject key identifier:   17:BD:65:7F:5A:CE:DF:F8:FF:62:B1:83:2E:9F:2F:5C:29:D6:C0:D4
Certificate issuer:       /CN=c89c2cc489ebe48f490584ac866fe362c4117e75
Certificate serial:       019D61D2512030E3709EEE0DA70D69968E7C
Authority key identifier: C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/F71lf1rO3_j_YrGDLp8vXCnWwNQ.roa
Signing time:             Mon 06 Apr 2026 08:04:26 +0000
ROA not before:           Mon 06 Apr 2026 08:04:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214824
IP address blocks:        46.148.33.0/24 maxlen: 24
                          46.148.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:61:d2:51:20:30:e3:70:9e:ee:0d:a7:0d:69:96:8e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c89c2cc489ebe48f490584ac866fe362c4117e75
        Validity
            Not Before: Apr  6 08:04:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17bd657f5acedff8ff62b1832e9f2f5c29d6c0d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:49:ab:74:1f:3b:66:e6:29:fb:74:d8:24:68:
                    4d:19:64:e9:74:3b:0a:02:3a:b4:2d:59:15:d4:f1:
                    20:af:fa:76:68:5b:c1:fd:1a:59:14:23:a9:34:f7:
                    39:2a:88:90:58:e7:6a:6f:66:d5:52:b8:d8:43:6a:
                    1d:c5:44:26:8b:62:95:08:a2:58:d9:bd:ef:3d:42:
                    6a:fd:0d:d4:29:1b:bc:f9:8c:ff:d4:a3:2e:7e:a3:
                    12:58:01:b8:2d:8a:8f:38:b2:42:39:d6:35:f1:5b:
                    37:f8:f2:57:46:4d:3d:ca:4d:71:11:c0:8e:e0:6b:
                    fc:d7:c7:85:55:98:bb:b3:c3:6b:98:54:b6:5d:b1:
                    7d:0b:ab:9b:d1:4f:ce:71:a9:e2:d3:07:e4:d9:34:
                    c2:57:b2:d8:fd:c0:7a:e6:b2:93:7a:09:81:33:ba:
                    61:f5:ba:0a:56:ac:64:97:00:33:fb:81:1a:7b:88:
                    22:1d:c6:7a:7e:30:12:74:2a:cf:b3:ca:fd:9d:c0:
                    80:3c:de:48:a9:67:10:60:1c:26:38:0a:ee:20:d5:
                    d5:83:03:81:6f:78:c2:1e:99:4a:f7:b1:fe:1e:ec:
                    01:b0:f0:21:96:d0:43:d8:a6:40:d3:21:27:39:89:
                    28:bb:ed:39:9b:8f:fd:da:94:10:1f:d8:42:84:3c:
                    7a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BD:65:7F:5A:CE:DF:F8:FF:62:B1:83:2E:9F:2F:5C:29:D6:C0:D4
            X509v3 Authority Key Identifier:
                keyid:C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/F71lf1rO3_j_YrGDLp8vXCnWwNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.33.0/24
                  46.148.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:48:62:4c:4e:dc:ad:48:bb:d0:57:5e:74:0f:7e:dc:fc:74:
         a6:35:63:6e:9f:10:49:10:17:63:7f:9f:8e:05:94:5a:d1:45:
         9f:44:84:96:c2:5c:3f:fb:0f:36:9b:02:59:c7:22:c1:7c:ef:
         b5:66:29:7c:0c:7b:09:7b:68:e0:68:64:84:76:c9:9b:91:83:
         05:fd:a1:f0:00:7d:d5:55:5e:68:a5:fb:71:78:d3:40:d7:86:
         45:2b:62:5a:af:69:60:5a:27:5f:65:9b:05:a3:cd:1e:e1:e2:
         c5:a3:57:0c:97:d0:7a:78:8e:60:51:c8:10:36:29:a8:46:f2:
         93:3e:60:e7:ba:73:ab:4a:d9:30:43:47:71:bf:49:2a:36:f9:
         17:36:ee:f4:2e:76:f1:f2:06:64:c8:1d:1f:e7:14:b5:51:1d:
         66:70:ac:da:f5:15:2b:88:00:b7:1b:2b:94:aa:7d:c9:7c:64:
         92:e0:81:3c:9d:df:06:33:5a:90:5c:c4:d4:7b:d0:39:c3:ac:
         e3:ae:34:3a:06:fd:c1:b4:45:27:6e:95:48:f7:23:e2:07:7b:
         f3:53:63:02:ac:4b:ff:df:f6:c5:5c:d7:34:7a:1f:54:0d:22:
         cc:e3:4c:df:1c:ba:3c:2a:7e:39:cf:73:07:d5:38:b5:85:8f:
         43:0a:bd:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1h0lEgMONwnu4Npw1plo58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4OWMyY2M0ODllYmU0OGY0OTA1ODRhYzg2NmZlMzYyYzQx
MTdlNzUwHhcNMjYwNDA2MDgwNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2JkNjU3ZjVhY2VkZmY4ZmY2MmIxODMyZTlmMmY1YzI5ZDZjMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEmrdB87ZuYp+3TYJGhNGWTpdDsK
Ajq0LVkV1PEgr/p2aFvB/RpZFCOpNPc5KoiQWOdqb2bVUrjYQ2odxUQmi2KVCKJY
2b3vPUJq/Q3UKRu8+Yz/1KMufqMSWAG4LYqPOLJCOdY18Vs3+PJXRk09yk1xEcCO
4Gv818eFVZi7s8NrmFS2XbF9C6ub0U/Ocani0wfk2TTCV7LY/cB65rKTegmBM7ph
9boKVqxklwAz+4Eae4giHcZ6fjASdCrPs8r9ncCAPN5IqWcQYBwmOAruINXVgwOB
b3jCHplK97H+HuwBsPAhltBD2KZA0yEnOYkou+05m4/92pQQH9hChDx6UwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBe9ZX9azt/4/2Kxgy6fL1wp1sDUMB8GA1UdIwQY
MBaAFMicLMSJ6+SPSQWErIZv42LEEX51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEt
YWYyY2ZhNjIyZDE4LzEvRjcxbGYxck8zX2pfWXJHRExwOHZYQ25Xd05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEtYWYyY2ZhNjIyZDE4
LzEveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALpQhAwQA
LpQlMA0GCSqGSIb3DQEBCwUAA4IBAQCiSGJMTtytSLvQV150D37c/HSmNWNunxBJ
EBdjf5+OBZRa0UWfRISWwlw/+w82mwJZxyLBfO+1Zil8DHsJe2jgaGSEdsmbkYMF
/aHwAH3VVV5opftxeNNA14ZFK2Jar2lgWidfZZsFo80e4eLFo1cMl9B6eI5gUcgQ
NimoRvKTPmDnunOrStkwQ0dxv0kqNvkXNu70Lnbx8gZkyB0f5xS1UR1mcKza9RUr
iAC3GyuUqn3JfGSS4IE8nd8GM1qQXMTUe9A5w6zjrjQ6Bv3BtEUnbpVI9yPiB3vz
U2MCrEv/3/bFXNc0eh9UDSLM40zfHLo8Kn45z3MH1Ti1hY9DCr13
-----END CERTIFICATE-----