Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/C5Xs3N6YlAvqeKGXwFJ89E5HGJM.roa
File:                     C5Xs3N6YlAvqeKGXwFJ89E5HGJM.roa (raw, json)
Hash identifier:          wGkOURT9w38WEveyum+OtHnzUiYwwdwVsQOfo9tkP1M=
Subject key identifier:   0B:95:EC:DC:DE:98:94:0B:EA:78:A1:97:C0:52:7C:F4:4E:47:18:93
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       0197819865919FBFA777F1787049F1A001CE
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/C5Xs3N6YlAvqeKGXwFJ89E5HGJM.roa
Signing time:             Wed 18 Jun 2025 05:52:17 +0000
ROA not before:           Wed 18 Jun 2025 05:52:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.38.0/24 maxlen: 24
                          46.233.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:81:98:65:91:9f:bf:a7:77:f1:78:70:49:f1:a0:01:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jun 18 05:52:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b95ecdcde98940bea78a197c0527cf44e471893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7f:03:12:8c:4a:ca:23:b0:6a:44:8d:16:e1:
                    40:f4:3e:e1:a4:97:7b:16:07:84:08:7e:be:1d:b9:
                    70:bd:f1:6c:8b:a9:50:ab:e4:c5:8b:ed:2e:ff:73:
                    4a:d2:d3:4e:a9:63:90:72:e7:2e:f3:8b:c5:9f:65:
                    19:b8:69:b9:9f:b7:2b:9f:0f:e3:7b:cc:2c:fd:51:
                    8a:b9:03:20:db:c2:55:ed:28:19:41:32:d1:29:0c:
                    4a:19:2f:34:0f:96:10:04:ce:0b:ba:a0:fa:2b:8b:
                    6d:b3:90:b0:c9:e0:7b:53:e5:0d:6d:71:a7:0d:6a:
                    ab:d2:98:cd:c3:4a:64:10:e3:1a:d7:63:a3:8f:a7:
                    90:a8:5d:b8:41:2a:ea:2c:fe:a6:13:7b:ae:85:ba:
                    ff:c1:7e:c3:06:07:f7:41:4f:ea:87:89:df:15:1c:
                    47:ff:4d:1a:f9:68:4e:92:84:f9:b4:2f:5a:9a:9a:
                    db:6a:d6:19:11:44:cd:c5:b5:8d:b8:58:d0:ea:46:
                    6a:cd:42:3d:eb:2a:9b:b9:9b:43:9e:65:49:d4:eb:
                    39:66:ce:25:62:76:1d:2b:29:60:cb:57:7d:ab:1f:
                    3c:af:ad:8d:a2:31:88:d7:94:24:e0:7e:3b:bc:ac:
                    7d:e8:1a:b3:c9:eb:ac:82:c1:59:2c:ac:ff:02:de:
                    b8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:95:EC:DC:DE:98:94:0B:EA:78:A1:97:C0:52:7C:F4:4E:47:18:93
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/C5Xs3N6YlAvqeKGXwFJ89E5HGJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.38.0/24
                  46.233.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:e6:0a:36:f0:f9:22:84:35:b6:75:13:50:ff:ec:4e:12:09:
         7b:df:2f:40:73:06:f2:de:dd:7a:90:a1:3f:30:f9:a3:33:e6:
         17:9d:28:11:55:59:0d:77:14:83:d2:af:21:9e:04:86:07:dc:
         5e:0e:a6:8a:41:6a:82:26:ed:98:a6:9f:b6:7c:fc:53:25:68:
         40:f3:1d:7a:87:87:a7:b8:58:01:91:e2:a1:68:e5:14:e2:76:
         05:26:72:09:05:96:7d:1f:9a:a7:9f:61:19:14:40:e4:2a:e5:
         5c:8f:31:fb:74:68:28:c0:a5:09:58:d8:07:f2:5e:2d:b2:4f:
         c6:8a:71:85:45:e5:f5:3a:7c:63:34:7c:88:5b:be:a6:1e:11:
         67:44:d1:b0:69:fd:9e:ce:49:77:b5:56:15:2d:95:db:db:c7:
         55:6e:d2:46:c5:ac:3e:92:03:06:83:bf:5b:91:99:1b:c4:4e:
         ca:80:8a:56:68:df:59:b7:74:cd:1a:d6:21:1f:4d:91:11:08:
         d3:f1:7b:1c:41:94:09:5c:c0:2c:67:2f:78:b9:57:e4:21:35:
         dd:2e:62:36:aa:9a:fa:9c:c3:25:43:19:28:8f:1b:35:0d:ee:
         48:bd:d4:4a:ab:56:60:f8:7f:7b:a3:f1:85:ea:32:a1:40:5c:
         e3:8a:8e:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeBmGWRn7+nd/F4cEnxoAHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwNjE4MDU1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjk1ZWNkY2RlOTg5NDBiZWE3OGExOTdjMDUyN2NmNDRlNDcxODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA038DEoxKyiOwakSNFuFA9D7hpJd7
FgeECH6+HblwvfFsi6lQq+TFi+0u/3NK0tNOqWOQcucu84vFn2UZuGm5n7crnw/j
e8ws/VGKuQMg28JV7SgZQTLRKQxKGS80D5YQBM4LuqD6K4tts5CwyeB7U+UNbXGn
DWqr0pjNw0pkEOMa12Ojj6eQqF24QSrqLP6mE3uuhbr/wX7DBgf3QU/qh4nfFRxH
/00a+WhOkoT5tC9amprbatYZEUTNxbWNuFjQ6kZqzUI96yqbuZtDnmVJ1Os5Zs4l
YnYdKylgy1d9qx88r62NojGI15Qk4H47vKx96BqzyeusgsFZLKz/At64/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAuV7NzemJQL6nihl8BSfPRORxiTMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvQzVYczNONllsQXZxZUtHWHdGSjg5RTVIR0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALukmAwQB
LukqMA0GCSqGSIb3DQEBCwUAA4IBAQAy5go28PkihDW2dRNQ/+xOEgl73y9Acwby
3t16kKE/MPmjM+YXnSgRVVkNdxSD0q8hngSGB9xeDqaKQWqCJu2Ypp+2fPxTJWhA
8x16h4enuFgBkeKhaOUU4nYFJnIJBZZ9H5qnn2EZFEDkKuVcjzH7dGgowKUJWNgH
8l4tsk/GinGFReX1OnxjNHyIW76mHhFnRNGwaf2ezkl3tVYVLZXb28dVbtJGxaw+
kgMGg79bkZkbxE7KgIpWaN9Zt3TNGtYhH02REQjT8XscQZQJXMAsZy94uVfkITXd
LmI2qpr6nMMlQxkojxs1De5IvdRKq1Zg+H97o/GF6jKhQFzjio67
-----END CERTIFICATE-----