Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/2HrqXeXo9pYDymmIm6gRkQ8fiH0.roa
File:                     2HrqXeXo9pYDymmIm6gRkQ8fiH0.roa (raw, json)
Hash identifier:          a8P3NJsFBPajt0RWltNWLSyNGu9NCv3uHqPkeX2s+xA=
Subject key identifier:   D8:7A:EA:5D:E5:E8:F6:96:03:CA:69:88:9B:A8:11:91:0F:1F:88:7D
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019D8807B73CAF2A2228027B46B5FFF55EBB
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/2HrqXeXo9pYDymmIm6gRkQ8fiH0.roa
Signing time:             Mon 13 Apr 2026 18:08:20 +0000
ROA not before:           Mon 13 Apr 2026 18:08:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.42.0/24 maxlen: 24
                          46.233.52.0/24 maxlen: 24
                          46.233.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:88:07:b7:3c:af:2a:22:28:02:7b:46:b5:ff:f5:5e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Apr 13 18:08:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d87aea5de5e8f69603ca69889ba811910f1f887d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7d:7f:64:83:0e:4e:16:61:6f:9f:d3:c1:c8:
                    9a:3c:a4:d4:82:82:ec:1d:4a:75:4d:c6:77:51:b7:
                    96:a0:02:19:44:f6:38:cd:e4:fa:60:09:a3:21:f0:
                    db:95:26:09:1a:6f:97:db:c3:77:a3:0b:5e:3a:2b:
                    05:df:23:ed:29:6b:d9:c8:f6:5d:6c:e8:c4:f7:7f:
                    7a:16:af:f9:88:46:23:a0:5d:9d:d7:cb:72:6a:c2:
                    0c:f5:2f:91:7e:2d:be:7e:30:32:f8:b2:bc:ab:60:
                    ce:ec:e1:42:45:ae:c0:38:97:02:a2:c3:d9:87:28:
                    63:7d:89:1c:09:88:26:be:50:cf:74:a8:91:e8:e3:
                    3d:b9:27:78:1d:7d:6f:ff:2b:f6:aa:9a:fa:d8:60:
                    62:a8:7a:aa:88:8b:ac:f6:a9:3b:60:86:8d:9b:64:
                    ea:41:f3:86:26:9f:5e:14:50:37:13:b1:f6:27:f2:
                    e6:80:82:39:6d:b0:ee:60:95:12:72:65:f0:a3:00:
                    63:7f:9c:e6:bf:7b:40:c3:75:98:bc:72:87:6b:12:
                    e7:a5:4d:fe:26:1b:e5:44:5a:2b:ed:05:ae:d1:aa:
                    e4:5f:b6:69:01:f5:14:07:0f:2b:66:dd:8a:9a:32:
                    5d:97:2b:9a:ec:98:de:6d:4b:bc:17:73:3b:fb:53:
                    09:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7A:EA:5D:E5:E8:F6:96:03:CA:69:88:9B:A8:11:91:0F:1F:88:7D
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/2HrqXeXo9pYDymmIm6gRkQ8fiH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.42.0/24
                  46.233.52.0/24
                  46.233.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:0c:bf:9b:0c:53:33:be:1a:9c:67:e9:5b:81:36:f6:92:b4:
         40:2c:65:76:c7:12:84:cd:eb:d7:88:23:14:65:cc:49:01:79:
         54:77:61:d7:8d:4a:a5:c8:94:69:45:c8:83:2e:73:48:cf:4e:
         cc:a7:5d:9f:93:bb:4f:47:79:02:95:e3:af:47:00:10:1b:3f:
         9f:1a:76:00:25:b4:c1:6a:71:d8:a6:2a:65:c7:b1:f6:dd:46:
         84:28:4f:54:c7:fa:f4:a3:3d:4c:23:39:d2:dc:ea:a0:14:c6:
         cc:0e:91:08:76:f7:10:21:9c:b3:6e:14:f9:3b:ea:78:06:3a:
         c5:6f:90:4b:74:fa:02:b0:a4:6d:25:ca:80:ac:a8:c4:27:1f:
         72:01:b3:32:7a:cd:b2:25:52:b5:9d:a8:38:cb:bf:e2:b7:2b:
         4d:a5:36:90:17:9c:87:62:38:4c:6e:9a:d8:7c:74:ef:31:48:
         3c:f8:2f:cf:3f:57:6f:e5:c0:3c:70:bf:eb:2c:89:3b:12:ef:
         a0:b1:8a:d5:98:4d:fb:d9:e8:5a:2c:78:fd:7c:9d:23:7d:bf:
         a0:1c:59:10:64:e4:af:21:eb:79:68:ab:85:48:29:84:11:35:
         9e:4c:f6:2a:b8:14:c6:37:96:9a:3d:90:21:3d:fe:a2:b2:9c:
         6b:7d:6b:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2IB7c8ryoiKAJ7RrX/9V67MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjYwNDEzMTgwODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdhZWE1ZGU1ZThmNjk2MDNjYTY5ODg5YmE4MTE5MTBmMWY4ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn1/ZIMOThZhb5/TwciaPKTUgoLs
HUp1TcZ3UbeWoAIZRPY4zeT6YAmjIfDblSYJGm+X28N3owteOisF3yPtKWvZyPZd
bOjE9396Fq/5iEYjoF2d18tyasIM9S+Rfi2+fjAy+LK8q2DO7OFCRa7AOJcCosPZ
hyhjfYkcCYgmvlDPdKiR6OM9uSd4HX1v/yv2qpr62GBiqHqqiIus9qk7YIaNm2Tq
QfOGJp9eFFA3E7H2J/LmgII5bbDuYJUScmXwowBjf5zmv3tAw3WYvHKHaxLnpU3+
JhvlRFor7QWu0arkX7ZpAfUUBw8rZt2KmjJdlyua7JjebUu8F3M7+1MJLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNh66l3l6PaWA8ppiJuoEZEPH4h9MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvMkhycVhlWG85cFlEeW1tSW02Z1JrUThmaUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALukqAwQA
Luk0AwQALuk+MA0GCSqGSIb3DQEBCwUAA4IBAQAEDL+bDFMzvhqcZ+lbgTb2krRA
LGV2xxKEzevXiCMUZcxJAXlUd2HXjUqlyJRpRciDLnNIz07Mp12fk7tPR3kCleOv
RwAQGz+fGnYAJbTBanHYpiplx7H23UaEKE9Ux/r0oz1MIznS3OqgFMbMDpEIdvcQ
IZyzbhT5O+p4BjrFb5BLdPoCsKRtJcqArKjEJx9yAbMyes2yJVK1nag4y7/itytN
pTaQF5yHYjhMbprYfHTvMUg8+C/PP1dv5cA8cL/rLIk7Eu+gsYrVmE372ehaLHj9
fJ0jfb+gHFkQZOSvIet5aKuFSCmEETWeTPYquBTGN5aaPZAhPf6ispxrfWtD
-----END CERTIFICATE-----