Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/MUTo9Ct9l1WiyIQQ6nBvZnM1A-M.roa
File:                     MUTo9Ct9l1WiyIQQ6nBvZnM1A-M.roa (raw, json)
Hash identifier:          HPVZ7aUwttQYyFcDKuNoILD9oscZW5Yi/RTFS1BnUw8=
Subject key identifier:   31:44:E8:F4:2B:7D:97:55:A2:C8:84:10:EA:70:6F:66:73:35:03:E3
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       01970BFB19CD88538E588007FB86EC90F2B9
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/MUTo9Ct9l1WiyIQQ6nBvZnM1A-M.roa
Signing time:             Mon 26 May 2025 09:44:54 +0000
ROA not before:           Mon 26 May 2025 09:44:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:fb:19:cd:88:53:8e:58:80:07:fb:86:ec:90:f2:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: May 26 09:44:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3144e8f42b7d9755a2c88410ea706f66733503e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4f:80:ff:85:88:0d:af:4a:0d:4d:93:56:a0:
                    07:4e:ba:88:c2:62:25:b3:01:a2:91:bb:7b:6e:63:
                    a1:07:e2:57:fc:24:49:5c:f1:a0:1b:1d:09:cb:24:
                    34:be:29:f7:cc:87:25:0c:9c:80:76:9b:57:dd:eb:
                    b0:74:bd:0a:3a:44:96:64:7c:b1:45:71:31:21:6e:
                    fd:a9:d9:d9:59:56:ec:3e:29:dc:d2:c3:58:d1:17:
                    48:72:07:00:0b:af:59:ec:65:98:83:6d:61:70:6e:
                    1e:69:b2:a7:17:61:3f:0b:e0:d3:e8:03:1e:d2:5e:
                    9d:4e:20:19:31:fe:25:b2:d6:bb:03:99:97:7b:9e:
                    01:3c:85:ec:9a:16:e4:54:ea:79:5f:6a:2a:74:6e:
                    bb:64:ec:83:8f:a4:b4:f9:62:eb:2e:d5:12:5a:8b:
                    4f:ff:5c:3a:b5:da:98:f8:87:c8:6a:2e:f1:99:79:
                    a6:cc:e5:54:c4:8e:98:07:45:aa:b4:89:b3:d2:a4:
                    3f:cb:17:b5:f9:d8:0f:b1:19:55:1e:59:a3:db:bb:
                    d0:84:93:55:eb:13:40:b4:3f:0d:21:bf:b7:07:d1:
                    98:a0:c4:5e:02:0a:2f:c5:32:dd:20:d9:31:6d:a6:
                    9c:c7:58:01:45:36:e7:40:74:3a:f1:cf:a2:c0:9d:
                    7f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:44:E8:F4:2B:7D:97:55:A2:C8:84:10:EA:70:6F:66:73:35:03:E3
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/MUTo9Ct9l1WiyIQQ6nBvZnM1A-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:28:e9:e3:02:79:9f:bf:bc:2f:79:30:92:e6:f1:06:d5:e9:
         2b:b4:d6:7b:8a:53:b1:46:cd:a8:ac:8c:af:e7:c3:41:3a:14:
         26:dd:aa:91:a3:4d:26:a9:51:ee:a6:99:40:77:c9:36:3f:f5:
         de:ca:6a:f0:5a:8c:e9:60:73:1b:0a:57:5e:7b:1a:a2:83:41:
         bf:da:43:d9:e8:7d:7e:ba:98:45:0e:ba:fc:e4:00:82:d3:21:
         9f:85:f6:8d:5c:56:ee:e8:ed:13:3e:f4:9c:ee:cd:14:2b:c6:
         9b:05:57:84:2d:ca:56:48:7f:98:74:bc:78:b6:82:5f:f6:72:
         93:0f:2a:a8:76:6b:49:a0:0d:2b:82:1e:ac:0e:c5:ad:eb:9e:
         e6:2e:e2:8a:df:f7:6e:6e:fd:86:17:46:fd:79:dd:8b:e9:72:
         ce:7a:7b:a8:47:91:70:9d:f0:94:22:3c:12:b4:01:18:80:c3:
         28:b3:cf:00:b1:c1:17:90:10:ad:8c:db:df:af:6e:04:c0:cb:
         89:46:5f:ef:9e:18:91:f0:97:8d:af:a9:98:ce:6b:39:ee:a7:
         4d:0e:77:41:50:00:96:c6:37:82:ac:d6:69:87:d5:fc:86:a4:
         c6:2c:aa:42:e4:89:16:08:20:73:b2:53:68:4c:07:d3:fb:e5:
         67:09:01:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcL+xnNiFOOWIAH+4bskPK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwNTI2MDk0NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQ0ZThmNDJiN2Q5NzU1YTJjODg0MTBlYTcwNmY2NjczMzUwM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk+A/4WIDa9KDU2TVqAHTrqIwmIl
swGikbt7bmOhB+JX/CRJXPGgGx0JyyQ0vin3zIclDJyAdptX3euwdL0KOkSWZHyx
RXExIW79qdnZWVbsPinc0sNY0RdIcgcAC69Z7GWYg21hcG4eabKnF2E/C+DT6AMe
0l6dTiAZMf4lsta7A5mXe54BPIXsmhbkVOp5X2oqdG67ZOyDj6S0+WLrLtUSWotP
/1w6tdqY+IfIai7xmXmmzOVUxI6YB0WqtImz0qQ/yxe1+dgPsRlVHlmj27vQhJNV
6xNAtD8NIb+3B9GYoMReAgovxTLdINkxbaacx1gBRTbnQHQ68c+iwJ1/8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFE6PQrfZdVosiEEOpwb2ZzNQPjMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvTVVUbzlDdDlsMVdpeUlRUTZuQnZabk0xQS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLukqMA0G
CSqGSIb3DQEBCwUAA4IBAQAxKOnjAnmfv7wveTCS5vEG1ekrtNZ7ilOxRs2orIyv
58NBOhQm3aqRo00mqVHupplAd8k2P/XeymrwWozpYHMbCldeexqig0G/2kPZ6H1+
uphFDrr85ACC0yGfhfaNXFbu6O0TPvSc7s0UK8abBVeELcpWSH+YdLx4toJf9nKT
DyqodmtJoA0rgh6sDsWt657mLuKK3/dubv2GF0b9ed2L6XLOenuoR5FwnfCUIjwS
tAEYgMMos88AscEXkBCtjNvfr24EwMuJRl/vnhiR8JeNr6mYzms57qdNDndBUACW
xjeCrNZph9X8hqTGLKpC5IkWCCBzslNoTAfT++VnCQEY
-----END CERTIFICATE-----