Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/1DBx2-MUTIkIpYE9hN3GDr3J2vw.roa
File:                     1DBx2-MUTIkIpYE9hN3GDr3J2vw.roa (raw, json)
Hash identifier:          5V1tMvfIn0DwnxGzRgl6Zl8Cs2OvGdVteM4s1j/nkTg=
Subject key identifier:   D4:30:71:DB:E3:14:4C:89:08:A5:81:3D:84:DD:C6:0E:BD:C9:DA:FC
Certificate issuer:       /CN=6ddd42ffdb7e8277023f1019b554feb19f5c3f23
Certificate serial:       019D0C192C75FAC3339FF5CD8349EF100859
Authority key identifier: 6D:DD:42:FF:DB:7E:82:77:02:3F:10:19:B5:54:FE:B1:9F:5C:3F:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bd1C_9t-gncCPxAZtVT-sZ9cPyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/1DBx2-MUTIkIpYE9hN3GDr3J2vw.roa
Signing time:             Fri 20 Mar 2026 16:34:29 +0000
ROA not before:           Fri 20 Mar 2026 16:34:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199242
IP address blocks:        46.245.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/bd1C_9t-gncCPxAZtVT-sZ9cPyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/bd1C_9t-gncCPxAZtVT-sZ9cPyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bd1C_9t-gncCPxAZtVT-sZ9cPyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0c:19:2c:75:fa:c3:33:9f:f5:cd:83:49:ef:10:08:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddd42ffdb7e8277023f1019b554feb19f5c3f23
        Validity
            Not Before: Mar 20 16:34:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d43071dbe3144c8908a5813d84ddc60ebdc9dafc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:08:e2:9e:1d:7d:08:4f:c3:74:fb:27:c5:68:
                    5c:89:31:63:5d:77:c5:97:21:7e:b5:86:6b:53:87:
                    1f:73:93:3d:e4:8f:94:e1:60:0f:2c:ba:88:1d:0e:
                    40:06:74:77:7a:4b:0d:3f:1a:ef:6a:d6:59:2e:44:
                    14:83:66:33:5c:2f:1a:92:c8:df:0d:ed:50:8f:35:
                    99:d0:74:ab:28:eb:15:78:3c:b7:30:3c:e7:c3:e4:
                    19:bf:05:91:06:5f:16:d2:6a:11:05:8a:08:1d:0e:
                    a3:5c:77:7b:93:25:2c:9c:04:cd:95:8d:e2:d0:71:
                    12:67:b2:96:76:3d:3a:f7:20:81:b8:67:1e:4d:08:
                    5a:31:4f:75:f8:88:28:47:09:6f:10:5f:db:2c:bb:
                    e6:a0:e4:c9:a7:e8:f9:5c:2e:4d:15:d6:01:b5:27:
                    fd:71:d2:78:45:ac:88:ce:18:41:16:bc:b4:3e:17:
                    d0:a4:ef:9a:43:e5:77:9f:d7:ae:7b:cf:e5:01:24:
                    a7:52:3f:a5:78:bf:fd:35:92:e9:cc:40:02:d0:7e:
                    9e:2f:9b:18:89:63:89:8c:e1:1f:77:c3:9b:71:ba:
                    51:cf:95:2f:67:3b:ad:66:c7:1b:b1:f8:f4:e3:2c:
                    c6:05:66:56:a3:07:a4:da:92:d4:86:2d:b8:d2:bb:
                    2b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:30:71:DB:E3:14:4C:89:08:A5:81:3D:84:DD:C6:0E:BD:C9:DA:FC
            X509v3 Authority Key Identifier:
                keyid:6D:DD:42:FF:DB:7E:82:77:02:3F:10:19:B5:54:FE:B1:9F:5C:3F:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd1C_9t-gncCPxAZtVT-sZ9cPyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/1DBx2-MUTIkIpYE9hN3GDr3J2vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/bd1C_9t-gncCPxAZtVT-sZ9cPyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:84:37:52:7a:32:3e:70:3c:be:a5:3d:d7:0e:d5:4e:80:61:
         13:92:27:d3:33:d9:7d:e3:86:7e:80:6c:5b:52:94:5e:68:10:
         4f:a8:31:f5:6a:7e:1a:69:9e:19:21:70:c9:a7:ca:35:56:06:
         1a:a2:9c:27:98:cc:a5:07:3c:6d:79:20:48:98:73:a8:c2:4c:
         4a:f0:00:f2:ff:1e:1b:a2:e7:ea:6a:25:71:f7:bf:90:a2:eb:
         63:2b:1b:f6:a7:82:5e:62:8a:4c:05:a9:2b:e5:1c:cb:a0:08:
         77:d6:d8:72:de:1b:c0:77:af:f9:8a:9d:63:97:e5:47:b8:98:
         32:8b:51:19:90:13:05:a9:61:64:bb:e5:40:ea:bf:b3:62:d9:
         f7:f2:3a:ca:b3:33:db:d1:bc:f1:1d:6b:2d:77:8d:97:e5:89:
         66:7a:ed:85:29:85:7b:0b:f7:01:1c:3b:94:3d:2e:1d:11:87:
         c4:9a:4c:12:07:26:fb:82:81:49:3e:34:25:4d:86:9d:af:a9:
         49:96:91:80:11:16:b3:7d:c1:68:19:81:a0:14:e7:ef:f5:a4:
         1e:7d:05:bc:1d:f5:ea:47:10:cc:6a:bb:fa:39:a0:ca:20:2c:
         78:eb:ec:c4:98:89:b8:fe:bd:d9:b4:43:b1:64:4b:a1:9f:41:
         b1:1a:41:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0MGSx1+sMzn/XNg0nvEAhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGQ0MmZmZGI3ZTgyNzcwMjNmMTAxOWI1NTRmZWIxOWY1
YzNmMjMwHhcNMjYwMzIwMTYzNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDMwNzFkYmUzMTQ0Yzg5MDhhNTgxM2Q4NGRkYzYwZWJkYzlkYWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngjinh19CE/DdPsnxWhciTFjXXfF
lyF+tYZrU4cfc5M95I+U4WAPLLqIHQ5ABnR3eksNPxrvatZZLkQUg2YzXC8aksjf
De1QjzWZ0HSrKOsVeDy3MDznw+QZvwWRBl8W0moRBYoIHQ6jXHd7kyUsnATNlY3i
0HESZ7KWdj069yCBuGceTQhaMU91+IgoRwlvEF/bLLvmoOTJp+j5XC5NFdYBtSf9
cdJ4RayIzhhBFry0PhfQpO+aQ+V3n9eue8/lASSnUj+leL/9NZLpzEAC0H6eL5sY
iWOJjOEfd8ObcbpRz5UvZzutZscbsfj04yzGBWZWowek2pLUhi240rsrAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQwcdvjFEyJCKWBPYTdxg69ydr8MB8GA1UdIwQY
MBaAFG3dQv/bfoJ3Aj8QGbVU/rGfXD8jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmQxQ185dC1nbmNDUHhBWnRWVC1zWjljUHlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9mMWMzNzUtNDFkYS00ZWE2LWFjZDEt
MDliYzkyZDRlZDk2LzEvMURCeDItTVVUSWtJcFlFOWhOM0dEcjNKMnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9mMWMzNzUtNDFkYS00ZWE2LWFjZDEtMDliYzkyZDRlZDk2
LzEvYmQxQ185dC1nbmNDUHhBWnRWVC1zWjljUHlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvXvMA0G
CSqGSIb3DQEBCwUAA4IBAQBWhDdSejI+cDy+pT3XDtVOgGETkifTM9l944Z+gGxb
UpReaBBPqDH1an4aaZ4ZIXDJp8o1VgYaopwnmMylBzxteSBImHOowkxK8ADy/x4b
oufqaiVx97+QoutjKxv2p4JeYopMBakr5RzLoAh31thy3hvAd6/5ip1jl+VHuJgy
i1EZkBMFqWFku+VA6r+zYtn38jrKszPb0bzxHWstd42X5Ylmeu2FKYV7C/cBHDuU
PS4dEYfEmkwSByb7goFJPjQlTYadr6lJlpGAERazfcFoGYGgFOfv9aQefQW8HfXq
RxDMarv6OaDKICx46+zEmIm4/r3ZtEOxZEuhn0GxGkHL
-----END CERTIFICATE-----