Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/z9WdjHDGVO_QNyTUefxjXvwqlmE.roa
File:                     z9WdjHDGVO_QNyTUefxjXvwqlmE.roa (raw, json)
Hash identifier:          jnaqhBEfars/K+UUffwwHYmWK5Todz+HNYWDXLE9cyo=
Subject key identifier:   CF:D5:9D:8C:70:C6:54:EF:D0:37:24:D4:79:FC:63:5E:FC:2A:96:61
Certificate issuer:       /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial:       019A4F57C3C3690CFB0C2639D23AFF64E3E4
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/z9WdjHDGVO_QNyTUefxjXvwqlmE.roa
Signing time:             Tue 04 Nov 2025 14:49:03 +0000
ROA not before:           Tue 04 Nov 2025 14:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57543
IP address blocks:        46.143.216.0/21 maxlen: 21
                          46.143.232.0/22 maxlen: 22
                          46.143.236.0/23 maxlen: 23
                          46.143.238.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:57:c3:c3:69:0c:fb:0c:26:39:d2:3a:ff:64:e3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
        Validity
            Not Before: Nov  4 14:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfd59d8c70c654efd03724d479fc635efc2a9661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7c:83:fd:f5:39:35:4b:7f:2a:24:86:f5:95:
                    9a:a4:bb:1b:61:57:a8:34:28:35:bd:2e:46:b2:e4:
                    64:09:21:c5:88:e8:ed:0d:40:68:3e:42:b3:f5:18:
                    4a:95:be:73:7b:e1:12:92:59:2c:c5:e3:b1:be:79:
                    a8:c4:25:d3:92:4a:83:d6:f9:70:3d:1c:8c:ba:c3:
                    76:bc:7f:4d:5a:d1:a7:9e:a5:12:8f:72:e1:a6:81:
                    86:78:6b:dd:24:e6:a5:e4:6f:e4:b1:bf:d9:62:99:
                    a3:57:56:ca:b2:b7:ee:77:c6:8e:8f:c7:10:80:04:
                    6d:86:cd:35:9c:e6:95:f3:c5:15:74:2d:d1:7c:c5:
                    f4:2d:ca:91:e4:9b:05:fd:e0:e5:96:23:5a:1d:9c:
                    e5:44:86:44:ac:0e:ea:9f:f0:48:04:f0:24:4b:f5:
                    27:33:be:09:aa:df:f1:bc:11:2b:68:2c:85:c4:9f:
                    2c:24:c6:17:5c:99:7a:84:3f:a9:0e:22:8b:72:f5:
                    f0:5f:5d:aa:32:4b:a1:98:cd:17:be:17:87:90:de:
                    3f:76:99:25:ae:44:64:33:ab:6f:61:d9:ec:ae:ae:
                    9e:2a:77:d5:cd:7f:5d:fa:d5:fd:14:cc:f0:d7:c6:
                    a1:e8:55:33:d2:67:52:be:da:d4:02:b3:ba:44:f2:
                    73:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D5:9D:8C:70:C6:54:EF:D0:37:24:D4:79:FC:63:5E:FC:2A:96:61
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/z9WdjHDGVO_QNyTUefxjXvwqlmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.216.0/21
                  46.143.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         86:e7:63:4d:9e:79:81:8a:29:b7:15:67:58:de:66:7f:e4:a0:
         40:91:2b:b7:6e:f7:d5:0b:b6:06:6a:03:41:a3:b4:17:2e:66:
         32:8e:00:c2:96:85:c0:c5:03:ec:e2:b4:d2:79:67:27:45:3f:
         3f:b5:36:2c:7a:47:b9:76:0f:ca:79:f8:76:ca:2a:e9:a5:4f:
         f1:8a:6b:34:d3:93:86:ed:e2:b8:12:25:4b:cd:71:f2:68:5c:
         77:2a:8b:b9:07:22:6c:24:0e:58:e3:42:0b:a5:6c:70:6a:68:
         ca:c5:bd:cd:52:2a:fc:77:a0:eb:a6:13:87:23:33:77:0b:ab:
         03:66:ee:7d:fd:68:cc:42:15:34:b9:b9:bc:53:11:84:27:cb:
         00:8c:80:8d:73:1b:95:53:d4:fd:f3:65:2c:84:e1:09:23:cd:
         db:a8:73:d9:89:c5:17:c8:89:3b:bb:a7:29:12:67:a6:d6:19:
         13:54:4c:35:a8:be:6e:d0:75:a8:f0:00:73:61:fb:06:68:0c:
         73:fe:08:15:f8:d0:ff:b6:5b:94:5a:e5:b4:65:33:24:9e:b2:
         cd:ef:6b:55:a2:44:9d:3a:da:7d:88:2b:b0:ac:6f:15:42:c3:
         84:b6:36:eb:2b:40:b6:39:0e:af:08:7a:b9:1d:33:d9:71:03:
         95:d5:a7:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpPV8PDaQz7DCY50jr/ZOPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjUxMTA0MTQ0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ1OWQ4YzcwYzY1NGVmZDAzNzI0ZDQ3OWZjNjM1ZWZjMmE5NjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnyD/fU5NUt/KiSG9ZWapLsbYVeo
NCg1vS5GsuRkCSHFiOjtDUBoPkKz9RhKlb5ze+ESklksxeOxvnmoxCXTkkqD1vlw
PRyMusN2vH9NWtGnnqUSj3LhpoGGeGvdJOal5G/ksb/ZYpmjV1bKsrfud8aOj8cQ
gARths01nOaV88UVdC3RfMX0LcqR5JsF/eDlliNaHZzlRIZErA7qn/BIBPAkS/Un
M74Jqt/xvBEraCyFxJ8sJMYXXJl6hD+pDiKLcvXwX12qMkuhmM0XvheHkN4/dpkl
rkRkM6tvYdnsrq6eKnfVzX9d+tX9FMzw18ah6FUz0mdSvtrUArO6RPJzzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM/VnYxwxlTv0Dck1Hn8Y178KpZhMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvejlXZGpIREdWT19RTnlUVWVmeGpYdndxbG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLo/YAwQD
Lo/oMA0GCSqGSIb3DQEBCwUAA4IBAQCG52NNnnmBiim3FWdY3mZ/5KBAkSu3bvfV
C7YGagNBo7QXLmYyjgDCloXAxQPs4rTSeWcnRT8/tTYseke5dg/Kefh2yirppU/x
ims005OG7eK4EiVLzXHyaFx3Kou5ByJsJA5Y40ILpWxwamjKxb3NUir8d6DrphOH
IzN3C6sDZu59/WjMQhU0ubm8UxGEJ8sAjICNcxuVU9T982UshOEJI83bqHPZicUX
yIk7u6cpEmem1hkTVEw1qL5u0HWo8ABzYfsGaAxz/ggV+ND/tluUWuW0ZTMknrLN
72tVokSdOtp9iCuwrG8VQsOEtjbrK0C2OQ6vCHq5HTPZcQOV1adX
-----END CERTIFICATE-----