Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/4NdCq8obZr436D2aMDPBKInOKng.roa
File:                     4NdCq8obZr436D2aMDPBKInOKng.roa (raw, json)
Hash identifier:          nCVG/YTz/OgaKxKZF5iZyXglkJRNwFm23KPtP5MS7yg=
Subject key identifier:   E0:D7:42:AB:CA:1B:66:BE:37:E8:3D:9A:30:33:C1:28:89:CE:2A:78
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019EBB064851012BD5E5EDC3ABDF8D4B73E7
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/4NdCq8obZr436D2aMDPBKInOKng.roa
Signing time:             Fri 12 Jun 2026 08:50:11 +0000
ROA not before:           Fri 12 Jun 2026 08:50:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        46.34.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bb:06:48:51:01:2b:d5:e5:ed:c3:ab:df:8d:4b:73:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jun 12 08:50:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0d742abca1b66be37e83d9a3033c12889ce2a78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:28:6e:0b:c6:9c:67:3f:b2:a0:bb:2e:64:58:
                    aa:9e:68:c9:41:54:db:90:72:79:63:8b:48:d0:38:
                    67:cd:66:73:80:ca:65:25:f9:2f:17:11:2c:62:13:
                    10:71:9f:62:92:16:fb:96:84:71:de:d1:88:0f:49:
                    04:a1:40:f3:ec:a2:7b:14:d9:c9:e3:a4:08:2d:a9:
                    73:cd:68:4d:a2:e8:28:73:d8:a0:ec:86:7e:23:55:
                    0d:ae:5f:1d:df:8e:82:1d:18:d0:f5:f4:b6:1f:9a:
                    dd:82:28:da:56:c0:e1:78:f7:6c:05:5e:e4:f9:c4:
                    e3:d8:67:8a:af:ad:55:6f:64:8e:a9:a4:56:a9:dd:
                    f7:74:52:d2:11:d9:f1:1e:58:1c:2f:a1:a1:af:9e:
                    1f:0d:40:f1:44:36:e0:6d:e8:a5:52:55:2f:fb:ab:
                    14:c0:5d:d8:d1:9f:fb:93:68:82:21:60:0f:4b:45:
                    c0:85:61:d0:0d:11:8d:c2:c4:75:4b:2d:cc:37:f5:
                    cd:e4:f9:95:1e:b6:81:9c:41:29:10:a7:f8:4c:8a:
                    8a:3a:53:4b:18:e4:1d:99:e5:03:b2:7c:90:09:07:
                    5f:2c:9a:28:b4:7e:87:ab:67:d2:d6:55:b9:e1:7a:
                    bd:c7:eb:21:94:43:63:c4:40:ec:a2:99:d4:11:6b:
                    2c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D7:42:AB:CA:1B:66:BE:37:E8:3D:9A:30:33:C1:28:89:CE:2A:78
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/4NdCq8obZr436D2aMDPBKInOKng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:69:12:a7:8e:b2:f4:5f:2e:e3:e1:fa:ad:49:14:7f:01:c9:
         72:d9:44:fb:17:1d:74:6a:92:aa:71:f4:46:23:58:ae:f7:3b:
         0f:79:a7:c2:ca:14:ec:41:2a:cc:7e:15:51:2b:f2:6f:b9:e5:
         60:51:ec:a6:45:75:c3:34:26:4e:31:9f:94:be:7b:6b:38:a4:
         9e:fc:b2:37:65:c5:d9:01:57:fa:d0:96:c3:ba:fc:ac:d6:86:
         0f:26:52:aa:fc:e3:4f:c1:51:56:19:67:63:bd:42:41:03:67:
         11:20:36:e7:ca:ea:22:90:c8:66:ee:48:d9:96:24:f8:ee:2e:
         91:64:1a:9f:cb:11:f5:60:6d:5b:21:38:53:1b:96:b7:9a:c3:
         c9:18:d3:f9:35:9d:19:8c:9a:7e:08:e5:6c:7f:c6:16:1c:11:
         f4:4d:9b:7a:0a:1f:b3:79:de:f2:f8:15:91:3d:0e:e2:6c:83:
         bc:e6:95:56:73:47:c2:dc:96:55:13:b3:ba:a5:6f:59:0c:7e:
         7a:7b:8b:59:2a:99:22:5a:01:7e:a3:1b:27:a4:e3:0d:3b:a5:
         27:26:ce:4e:d2:ee:d2:2a:a7:f9:45:e9:de:a7:7a:69:87:b8:
         f9:5b:15:7d:8a:46:20:4d:04:24:d2:72:88:60:78:ad:e1:1f:
         7b:e2:08:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ67BkhRASvV5e3Dq9+NS3PnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjYwNjEyMDg1MDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQ3NDJhYmNhMWI2NmJlMzdlODNkOWEzMDMzYzEyODg5Y2UyYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvShuC8acZz+yoLsuZFiqnmjJQVTb
kHJ5Y4tI0DhnzWZzgMplJfkvFxEsYhMQcZ9ikhb7loRx3tGID0kEoUDz7KJ7FNnJ
46QILalzzWhNougoc9ig7IZ+I1UNrl8d346CHRjQ9fS2H5rdgijaVsDhePdsBV7k
+cTj2GeKr61Vb2SOqaRWqd33dFLSEdnxHlgcL6Ghr54fDUDxRDbgbeilUlUv+6sU
wF3Y0Z/7k2iCIWAPS0XAhWHQDRGNwsR1Sy3MN/XN5PmVHraBnEEpEKf4TIqKOlNL
GOQdmeUDsnyQCQdfLJootH6Hq2fS1lW54Xq9x+shlENjxEDsopnUEWssJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODXQqvKG2a+N+g9mjAzwSiJzip4MB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvNE5kQ3E4b2JacjQzNkQyYU1EUEJLSW5PS25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiIsMA0G
CSqGSIb3DQEBCwUAA4IBAQAqaRKnjrL0Xy7j4fqtSRR/Acly2UT7Fx10apKqcfRG
I1iu9zsPeafCyhTsQSrMfhVRK/JvueVgUeymRXXDNCZOMZ+UvntrOKSe/LI3ZcXZ
AVf60JbDuvys1oYPJlKq/ONPwVFWGWdjvUJBA2cRIDbnyuoikMhm7kjZliT47i6R
ZBqfyxH1YG1bIThTG5a3msPJGNP5NZ0ZjJp+COVsf8YWHBH0TZt6Ch+zed7y+BWR
PQ7ibIO85pVWc0fC3JZVE7O6pW9ZDH56e4tZKpkiWgF+oxsnpOMNO6UnJs5O0u7S
Kqf5Renep3pph7j5WxV9ikYgTQQk0nKIYHit4R974gg6
-----END CERTIFICATE-----