Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9FB6IxzvgMsv9O92kIwX8u3PHDA.roa
File:                     9FB6IxzvgMsv9O92kIwX8u3PHDA.roa (raw, json)
Hash identifier:          SBH7+No3OKPSg3tDsPshm5xv4/lifu/mNJhEU+ANbfo=
Subject key identifier:   F4:50:7A:23:1C:EF:80:CB:2F:F4:EF:76:90:8C:17:F2:ED:CF:1C:30
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D1AFD20379D523FC284F24908A83E771A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9FB6IxzvgMsv9O92kIwX8u3PHDA.roa
Signing time:             Mon 23 Mar 2026 13:58:09 +0000
ROA not before:           Mon 23 Mar 2026 13:58:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400040
IP address blocks:        212.46.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:fd:20:37:9d:52:3f:c2:84:f2:49:08:a8:3e:77:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 23 13:58:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4507a231cef80cb2ff4ef76908c17f2edcf1c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c7:26:43:94:e2:84:14:06:62:5b:da:05:e8:
                    87:6e:70:80:8e:be:b3:11:ea:6e:d8:9c:df:55:22:
                    ed:3b:a8:f0:b9:0f:03:22:33:40:b6:e6:7e:8c:12:
                    9f:11:74:66:2d:5e:47:c6:7e:2b:8d:8e:8b:0e:7e:
                    bd:78:46:19:b1:46:02:13:16:77:88:de:0b:83:60:
                    da:af:85:d3:35:4d:e6:3d:de:d9:87:85:ee:de:6d:
                    a6:23:75:ac:e8:0b:54:5e:98:7c:0d:0c:3b:ff:91:
                    eb:47:d0:d7:6b:c3:a4:b1:2e:1e:08:99:30:94:33:
                    a1:72:cd:d9:ea:3e:d2:b0:98:fd:90:26:a1:76:02:
                    6c:5e:ab:4f:78:be:86:7f:72:53:54:0f:7b:d0:3b:
                    5e:69:6a:5c:90:8a:35:3a:ca:72:ea:64:fb:55:57:
                    ea:2b:dd:7e:c6:98:9e:12:1c:80:2c:18:1c:6d:02:
                    8a:bc:f4:c7:ef:8f:4c:92:3f:c2:29:b6:36:7b:92:
                    be:20:9d:a4:1e:82:97:55:da:9f:d1:51:8a:69:b7:
                    1b:23:f1:37:57:c7:17:96:af:42:4e:a0:3f:74:ad:
                    00:b6:06:c6:bf:ff:e7:a3:0e:c2:18:c0:c4:82:fa:
                    26:f3:fb:6c:26:09:e0:0e:1e:9f:32:e7:ef:d1:8e:
                    78:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:50:7A:23:1C:EF:80:CB:2F:F4:EF:76:90:8C:17:F2:ED:CF:1C:30
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9FB6IxzvgMsv9O92kIwX8u3PHDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ad:e8:e0:a0:55:2b:aa:16:1f:ac:b1:5e:1e:4a:26:c8:10:
         de:60:27:37:5e:3e:e1:41:30:6d:b5:d2:e0:cb:c6:b9:b3:fb:
         f7:b9:94:0b:b2:2e:fa:5a:0a:47:f9:92:25:20:95:8b:2c:13:
         fd:a5:de:0b:c6:53:12:68:60:cd:9b:ae:fd:e1:14:83:25:20:
         6d:07:2b:14:e0:0f:89:c1:1e:05:07:b8:68:32:ab:85:22:9f:
         b7:02:43:5f:f0:7f:41:81:d1:9f:91:50:60:d8:ec:1e:05:26:
         de:f1:b9:d0:80:49:f7:91:25:86:4c:f6:8b:6e:0f:88:5f:35:
         6b:93:d7:3b:d4:dc:4d:3d:8e:21:87:cd:5a:fb:95:0f:7b:aa:
         2a:36:9d:61:cd:f1:37:d3:a8:ef:a2:ad:a6:88:59:52:05:52:
         ed:45:f6:86:0a:c1:f2:5f:82:0a:77:32:8d:d7:4e:af:bd:53:
         cc:33:0e:43:d8:37:91:db:a4:4c:a5:76:3f:53:ab:60:09:e2:
         43:da:17:a5:11:0b:da:5e:f8:00:80:12:9a:01:c5:61:58:c4:
         9f:73:bb:e1:78:c5:34:b3:f8:5c:8c:82:2f:02:4b:28:ae:e1:
         f4:af:34:b5:44:7d:68:22:e8:11:0d:88:f7:df:0f:cc:4c:95:
         80:d0:9c:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0a/SA3nVI/woTySQioPncaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzIzMTM1ODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDUwN2EyMzFjZWY4MGNiMmZmNGVmNzY5MDhjMTdmMmVkY2YxYzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqscmQ5TihBQGYlvaBeiHbnCAjr6z
Eepu2JzfVSLtO6jwuQ8DIjNAtuZ+jBKfEXRmLV5Hxn4rjY6LDn69eEYZsUYCExZ3
iN4Lg2Dar4XTNU3mPd7Zh4Xu3m2mI3Ws6AtUXph8DQw7/5HrR9DXa8OksS4eCJkw
lDOhcs3Z6j7SsJj9kCahdgJsXqtPeL6Gf3JTVA970DteaWpckIo1Ospy6mT7VVfq
K91+xpieEhyALBgcbQKKvPTH749Mkj/CKbY2e5K+IJ2kHoKXVdqf0VGKabcbI/E3
V8cXlq9CTqA/dK0AtgbGv//now7CGMDEgvom8/tsJgngDh6fMufv0Y543QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRQeiMc74DLL/TvdpCMF/LtzxwwMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOUZCNkl4enZnTXN2OU85MmtJd1g4dTNQSERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4uMA0G
CSqGSIb3DQEBCwUAA4IBAQAKrejgoFUrqhYfrLFeHkomyBDeYCc3Xj7hQTBttdLg
y8a5s/v3uZQLsi76WgpH+ZIlIJWLLBP9pd4LxlMSaGDNm6794RSDJSBtBysU4A+J
wR4FB7hoMquFIp+3AkNf8H9BgdGfkVBg2OweBSbe8bnQgEn3kSWGTPaLbg+IXzVr
k9c71NxNPY4hh81a+5UPe6oqNp1hzfE306jvoq2miFlSBVLtRfaGCsHyX4IKdzKN
106vvVPMMw5D2DeR26RMpXY/U6tgCeJD2helEQvaXvgAgBKaAcVhWMSfc7vheMU0
s/hcjIIvAksoruH0rzS1RH1oIugRDYj33w/MTJWA0Jwe
-----END CERTIFICATE-----