Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/2rO9mH3OXryLXQ1fKrL6Nz5IHqU.roa
File:                     2rO9mH3OXryLXQ1fKrL6Nz5IHqU.roa (raw, json)
Hash identifier:          pjcgHLDWo1fInBoA6L65uzzfcpINA+52BV8ltO/eZJE=
Subject key identifier:   DA:B3:BD:98:7D:CE:5E:BC:8B:5D:0D:5F:2A:B2:FA:37:3E:48:1E:A5
Certificate issuer:       /CN=96ce931f852f4046ff8db482b39450219f8b383a
Certificate serial:       019DE3E80E6262EAB8705BDC8CCA4E00F646
Authority key identifier: 96:CE:93:1F:85:2F:40:46:FF:8D:B4:82:B3:94:50:21:9F:8B:38:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ls6TH4UvQEb_jbSCs5RQIZ-LODo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/2rO9mH3OXryLXQ1fKrL6Nz5IHqU.roa
Signing time:             Fri 01 May 2026 14:18:49 +0000
ROA not before:           Fri 01 May 2026 14:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44931
IP address blocks:        46.248.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/ls6TH4UvQEb_jbSCs5RQIZ-LODo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/ls6TH4UvQEb_jbSCs5RQIZ-LODo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ls6TH4UvQEb_jbSCs5RQIZ-LODo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:e8:0e:62:62:ea:b8:70:5b:dc:8c:ca:4e:00:f6:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96ce931f852f4046ff8db482b39450219f8b383a
        Validity
            Not Before: May  1 14:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dab3bd987dce5ebc8b5d0d5f2ab2fa373e481ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d8:0e:97:33:6b:f9:90:04:b9:60:fa:1e:52:
                    30:62:c4:52:73:36:48:8e:ac:7f:67:f1:78:10:78:
                    38:f9:cf:24:ee:25:af:60:de:d9:df:1c:72:62:49:
                    2e:34:2e:c6:e0:71:c9:0b:18:a3:4e:61:bc:4f:37:
                    c9:e9:36:aa:d3:db:9d:5e:25:c9:36:df:43:91:f2:
                    e1:3c:a7:c3:f6:a7:a2:f6:20:59:b1:42:c0:16:eb:
                    ed:92:95:16:3a:9f:5b:eb:95:b2:db:97:0b:d4:32:
                    a7:19:7c:f0:1b:a5:d7:4a:70:a3:a5:ce:af:d7:ad:
                    9f:7a:b4:a2:25:67:63:42:37:b6:87:75:47:57:19:
                    53:c3:51:24:00:65:5e:2a:70:d3:3e:97:07:0a:e3:
                    f8:de:13:1e:52:e9:69:c6:4e:d6:d5:9d:5b:2f:03:
                    55:ce:ed:e3:62:f1:7d:c3:80:e0:49:66:f4:d5:e3:
                    e2:cc:38:f1:18:c9:63:d6:35:0b:02:83:a8:fe:a6:
                    a0:c4:20:60:c3:36:20:58:16:1f:8e:e9:c9:43:de:
                    0d:eb:b0:90:0b:6f:49:cc:77:e8:43:69:e1:41:79:
                    62:0c:33:49:b3:58:fb:2d:7d:64:9e:66:b8:69:c6:
                    16:02:ce:d9:46:09:ca:ad:10:03:ff:28:87:5b:db:
                    77:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B3:BD:98:7D:CE:5E:BC:8B:5D:0D:5F:2A:B2:FA:37:3E:48:1E:A5
            X509v3 Authority Key Identifier:
                keyid:96:CE:93:1F:85:2F:40:46:FF:8D:B4:82:B3:94:50:21:9F:8B:38:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ls6TH4UvQEb_jbSCs5RQIZ-LODo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/2rO9mH3OXryLXQ1fKrL6Nz5IHqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/ls6TH4UvQEb_jbSCs5RQIZ-LODo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.248.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:d7:21:bd:2b:c9:3d:0a:4e:dc:3a:95:45:37:81:9c:e5:b5:
         46:82:5c:fc:71:d8:c8:1f:fc:77:e1:01:83:4c:ee:7e:69:fa:
         80:d4:28:2e:3f:a7:dd:f1:ff:92:4b:0a:13:e5:ff:f0:34:aa:
         82:02:aa:7f:85:12:49:3b:e7:54:74:48:b3:be:3e:10:33:9e:
         a5:a4:4f:8c:19:79:f0:c9:e8:1d:02:ed:86:fb:b8:18:96:f2:
         e5:44:d2:a9:11:f1:03:c9:0c:73:09:67:34:1e:32:0f:81:a6:
         7e:3e:9a:b3:33:21:98:55:b1:b7:3b:74:44:1b:0f:40:8c:96:
         b0:95:2b:c0:50:72:28:bf:56:61:9c:36:db:cb:1e:e3:0c:92:
         82:47:94:10:fc:3c:3d:5c:42:c6:b8:eb:f5:94:0b:66:35:08:
         58:bf:11:72:fa:c6:bf:02:03:9f:f4:2d:5d:6d:dc:3f:02:d6:
         67:92:e6:db:23:21:69:5b:e0:fa:51:28:f3:22:f8:11:57:e1:
         39:30:cf:11:f7:9c:17:2b:be:d0:ea:1f:4f:5e:78:3a:13:bf:
         e8:e2:f6:9a:81:d1:fa:9f:c8:c6:c2:d6:b9:fe:85:de:57:27:
         03:af:0f:2f:7f:f9:a7:9e:ab:e1:dc:4f:e1:91:b9:71:4c:e2:
         f2:e5:77:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3j6A5iYuq4cFvcjMpOAPZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2Y2U5MzFmODUyZjQwNDZmZjhkYjQ4MmIzOTQ1MDIxOWY4
YjM4M2EwHhcNMjYwNTAxMTQxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWIzYmQ5ODdkY2U1ZWJjOGI1ZDBkNWYyYWIyZmEzNzNlNDgxZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9gOlzNr+ZAEuWD6HlIwYsRSczZI
jqx/Z/F4EHg4+c8k7iWvYN7Z3xxyYkkuNC7G4HHJCxijTmG8TzfJ6Taq09udXiXJ
Nt9DkfLhPKfD9qei9iBZsULAFuvtkpUWOp9b65Wy25cL1DKnGXzwG6XXSnCjpc6v
162ferSiJWdjQje2h3VHVxlTw1EkAGVeKnDTPpcHCuP43hMeUulpxk7W1Z1bLwNV
zu3jYvF9w4DgSWb01ePizDjxGMlj1jULAoOo/qagxCBgwzYgWBYfjunJQ94N67CQ
C29JzHfoQ2nhQXliDDNJs1j7LX1knma4acYWAs7ZRgnKrRAD/yiHW9t37QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqzvZh9zl68i10NXyqy+jc+SB6lMB8GA1UdIwQY
MBaAFJbOkx+FL0BG/420grOUUCGfizg6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHM2VEg0VXZRRWJfamJTQ3M1UlFJWi1MT0RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9iYmQ4ZDYtOGY4YS00ZGNiLThjODAt
NzFmMTI1ZjVmNGM3LzEvMnJPOW1IM09YcnlMWFExZktyTDZOejVJSHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9iYmQ4ZDYtOGY4YS00ZGNiLThjODAtNzFmMTI1ZjVmNGM3
LzEvbHM2VEg0VXZRRWJfamJTQ3M1UlFJWi1MT0RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLvgUMA0G
CSqGSIb3DQEBCwUAA4IBAQB61yG9K8k9Ck7cOpVFN4Gc5bVGglz8cdjIH/x34QGD
TO5+afqA1CguP6fd8f+SSwoT5f/wNKqCAqp/hRJJO+dUdEizvj4QM56lpE+MGXnw
yegdAu2G+7gYlvLlRNKpEfEDyQxzCWc0HjIPgaZ+PpqzMyGYVbG3O3REGw9AjJaw
lSvAUHIov1ZhnDbbyx7jDJKCR5QQ/Dw9XELGuOv1lAtmNQhYvxFy+sa/AgOf9C1d
bdw/AtZnkubbIyFpW+D6USjzIvgRV+E5MM8R95wXK77Q6h9PXng6E7/o4vaagdH6
n8jGwta5/oXeVycDrw8vf/mnnqvh3E/hkblxTOLy5Xc2
-----END CERTIFICATE-----