Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/n4AMurCrww_nURM0yKJCQWoqFho.roa
File:                     n4AMurCrww_nURM0yKJCQWoqFho.roa (raw, json)
Hash identifier:          Pu6TaTGLhHGntg0HayCe7LPYpIinuWkfBvOuAdu6bq8=
Subject key identifier:   9F:80:0C:BA:B0:AB:C3:0F:E7:51:13:34:C8:A2:42:41:6A:2A:16:1A
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019DFDEB81A354D680856F01F0B2F77D41DE
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/n4AMurCrww_nURM0yKJCQWoqFho.roa
Signing time:             Wed 06 May 2026 15:32:42 +0000
ROA not before:           Wed 06 May 2026 15:32:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210751
IP address blocks:        46.29.24.0/24 maxlen: 24
                          185.85.188.0/24 maxlen: 24
                          185.98.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:eb:81:a3:54:d6:80:85:6f:01:f0:b2:f7:7d:41:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: May  6 15:32:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f800cbab0abc30fe7511334c8a242416a2a161a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5f:4d:03:34:68:9d:4a:9b:82:6e:6b:25:17:
                    89:77:75:a4:9e:7e:1f:b7:ab:3a:39:70:3b:41:42:
                    ef:c6:90:f7:01:86:46:41:93:8e:5a:c2:ae:6c:a4:
                    59:36:83:29:49:e3:5b:0b:44:b5:4e:79:fc:d9:8b:
                    7e:bc:59:69:2e:d6:8d:57:69:ec:57:02:cd:c7:0a:
                    e8:92:cd:c9:63:5a:22:f5:d9:2d:8c:93:3f:25:bd:
                    7d:b3:14:07:e4:10:00:7a:ca:0c:d2:c8:8c:c9:e7:
                    47:6e:59:0f:b0:d0:bc:a4:0e:6c:6d:a7:eb:6a:d5:
                    93:9c:22:27:66:62:73:bb:4b:53:d1:d4:16:d8:3f:
                    aa:b4:6c:3d:83:c4:b9:e9:40:7f:7d:9c:8b:73:3d:
                    01:dd:c7:2f:43:dc:5b:23:ee:57:6b:30:dc:34:5f:
                    a8:09:80:f5:fe:09:00:51:10:39:e6:d8:4e:4e:24:
                    a9:7c:55:68:21:4e:88:70:fd:3b:77:15:6c:10:ee:
                    77:f0:84:4f:62:2a:91:e5:89:b2:f9:34:cc:4e:aa:
                    85:b4:b3:61:24:7e:25:c5:43:08:f4:b1:b5:be:1f:
                    15:29:d7:e1:4b:ae:3b:f2:f3:11:1a:72:6d:48:73:
                    de:3b:e2:b1:f2:e1:17:40:2d:16:b2:09:5c:cd:3d:
                    33:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:80:0C:BA:B0:AB:C3:0F:E7:51:13:34:C8:A2:42:41:6A:2A:16:1A
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/n4AMurCrww_nURM0yKJCQWoqFho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.24.0/24
                  185.85.188.0/24
                  185.98.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b4:b4:e3:4c:2e:6c:ee:f2:89:78:33:93:96:8f:22:ae:b4:
         54:48:10:d2:45:8c:d3:2e:03:f8:ed:53:b9:48:87:9a:46:87:
         4a:59:d4:13:e6:e8:b2:10:50:ca:4b:a9:15:a0:79:c2:ec:76:
         2e:cd:38:c5:b0:68:18:61:fb:06:ff:af:b5:25:8b:1c:b9:63:
         53:a9:db:4b:cd:fb:d4:37:69:d6:59:ee:6a:83:18:ec:f1:c1:
         da:2c:4c:2d:77:94:3e:d5:67:fd:e7:68:67:6d:ec:12:fc:87:
         1a:b9:7b:4e:ba:0c:a9:aa:7a:34:11:28:3c:3a:2c:22:af:51:
         ba:d5:4e:4e:8d:c7:6f:80:47:5c:c2:d8:c7:3f:8a:56:be:7f:
         f7:c3:4d:83:c3:87:a4:60:5e:40:1c:2c:91:c1:9c:ee:5b:98:
         9d:ec:b0:4d:af:9b:d5:af:3f:bd:af:66:40:df:da:13:c5:ce:
         c2:fd:4c:81:f5:d0:c5:1c:04:46:12:27:f2:df:d4:6e:9d:23:
         8b:60:e1:d1:74:b9:bb:11:40:54:b6:06:c2:11:56:70:08:ac:
         7d:37:c6:ce:57:34:46:38:7f:08:79:f7:f8:e6:48:26:52:d1:
         b8:90:26:d4:34:48:be:82:84:dc:0d:19:39:df:53:60:e9:19:
         9e:50:5c:c1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3964GjVNaAhW8B8LL3fUHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNTA2MTUzMjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjgwMGNiYWIwYWJjMzBmZTc1MTEzMzRjOGEyNDI0MTZhMmExNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmV9NAzRonUqbgm5rJReJd3Wknn4f
t6s6OXA7QULvxpD3AYZGQZOOWsKubKRZNoMpSeNbC0S1Tnn82Yt+vFlpLtaNV2ns
VwLNxwroks3JY1oi9dktjJM/Jb19sxQH5BAAesoM0siMyedHblkPsNC8pA5sbafr
atWTnCInZmJzu0tT0dQW2D+qtGw9g8S56UB/fZyLcz0B3ccvQ9xbI+5XazDcNF+o
CYD1/gkAURA55thOTiSpfFVoIU6IcP07dxVsEO538IRPYiqR5Ymy+TTMTqqFtLNh
JH4lxUMI9LG1vh8VKdfhS6478vMRGnJtSHPeO+Kx8uEXQC0WsglczT0zFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ+ADLqwq8MP51ETNMiiQkFqKhYaMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvbjRBTXVyQ3J3d19uVVJNMHlLSkNRV29xRmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALh0YAwQA
uVW8AwQAuWI9MA0GCSqGSIb3DQEBCwUAA4IBAQCJtLTjTC5s7vKJeDOTlo8irrRU
SBDSRYzTLgP47VO5SIeaRodKWdQT5uiyEFDKS6kVoHnC7HYuzTjFsGgYYfsG/6+1
JYscuWNTqdtLzfvUN2nWWe5qgxjs8cHaLEwtd5Q+1Wf952hnbewS/IcauXtOugyp
qno0ESg8Oiwir1G61U5OjcdvgEdcwtjHP4pWvn/3w02Dw4ekYF5AHCyRwZzuW5id
7LBNr5vVrz+9r2ZA39oTxc7C/UyB9dDFHARGEify39RunSOLYOHRdLm7EUBUtgbC
EVZwCKx9N8bOVzRGOH8Ieff45kgmUtG4kCbUNEi+goTcDRk531Ng6RmeUFzB
-----END CERTIFICATE-----