Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/EYPDvxacKnqAiwCcH_eLh5D-wzo.roa
File:                     EYPDvxacKnqAiwCcH_eLh5D-wzo.roa (raw, json)
Hash identifier:          SGm3Pfgt15u6hgkLS+1eCeSmFoagCG2dGfjKmmJu+Tg=
Subject key identifier:   11:83:C3:BF:16:9C:2A:7A:80:8B:00:9C:1F:F7:8B:87:90:FE:C3:3A
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019975B9532B4EC6DC4F90C2FB894523F5F5
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/EYPDvxacKnqAiwCcH_eLh5D-wzo.roa
Signing time:             Tue 23 Sep 2025 08:38:23 +0000
ROA not before:           Tue 23 Sep 2025 08:38:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20648
IP address blocks:        46.233.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:75:b9:53:2b:4e:c6:dc:4f:90:c2:fb:89:45:23:f5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Sep 23 08:38:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1183c3bf169c2a7a808b009c1ff78b8790fec33a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f3:c9:78:e8:5e:72:b6:a1:62:33:ca:b3:b3:
                    d9:46:25:77:ad:bf:ef:d6:5f:25:96:c6:8e:aa:21:
                    4c:27:03:9d:b7:20:fa:ea:1c:79:93:81:98:72:58:
                    97:e7:f5:80:b9:9e:be:d8:1b:4c:72:fe:1f:17:de:
                    54:95:77:ab:93:17:da:41:85:e1:c3:cf:ea:54:4b:
                    ab:f3:a7:43:b2:8c:23:62:a3:60:b1:44:18:e7:5f:
                    be:d7:15:b4:0b:c3:38:ca:86:b4:d0:6e:17:a3:2c:
                    40:f9:05:9f:06:ec:ba:ed:09:4a:17:3a:b2:c6:9c:
                    d9:cf:9f:66:4f:9d:8c:b9:a9:dd:70:a3:2f:cf:64:
                    c9:e5:12:5c:28:73:d5:be:fd:eb:54:13:82:68:c1:
                    5f:e6:73:54:fe:c0:9a:80:dd:b5:51:14:03:af:f6:
                    35:67:03:25:28:4a:aa:0a:ca:b1:4c:79:59:66:bc:
                    5e:67:ff:7c:e2:a6:11:4d:c8:c5:31:6a:0c:dd:17:
                    58:ba:4c:19:17:bb:af:e4:04:b7:06:0b:09:11:03:
                    1e:4e:dc:aa:96:01:f3:53:98:eb:ad:53:f2:7f:6a:
                    e3:3f:f7:f3:35:d5:ed:a6:d1:36:10:08:dc:e4:d0:
                    4c:2b:be:04:d4:48:ad:7b:b3:70:50:48:69:eb:88:
                    7f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:83:C3:BF:16:9C:2A:7A:80:8B:00:9C:1F:F7:8B:87:90:FE:C3:3A
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/EYPDvxacKnqAiwCcH_eLh5D-wzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:dc:71:ec:c8:40:09:5d:e1:17:40:cd:0a:a8:c8:01:00:04:
         f5:6b:cd:dd:8a:19:f2:10:98:b9:e2:96:04:06:98:30:98:9e:
         d3:18:85:eb:57:09:90:ce:c7:35:6f:2e:fc:07:27:59:3e:24:
         cd:98:e7:c5:87:3f:7e:a1:63:95:82:d0:0c:d3:94:e5:eb:30:
         64:28:ad:08:a6:ae:ab:b6:96:32:27:f1:e9:27:48:de:37:27:
         2d:26:d8:ba:40:7b:53:45:62:75:68:f7:c1:02:ec:f0:76:2d:
         40:b4:ef:e7:9f:93:16:08:9a:33:39:a5:0b:e1:74:6b:14:fd:
         05:b3:a6:a5:28:51:ad:55:e3:6f:9d:92:c7:76:61:86:e7:24:
         4c:b1:a4:6e:bd:a3:74:d4:7f:de:75:82:db:c8:08:01:a6:08:
         ec:e5:24:e5:22:d4:e8:3f:48:ce:7b:7a:52:c0:47:2c:36:81:
         8d:8e:b1:dd:68:2b:f8:0a:1a:16:67:24:8e:db:56:c5:c7:43:
         7d:a8:88:a3:fa:0e:0a:b3:69:ff:a6:f9:29:33:51:c5:37:a7:
         6c:e1:9a:a2:e8:03:28:ec:0a:a5:c4:7d:2f:b6:8f:ad:53:d5:
         2a:16:11:e3:63:78:54:8a:a9:ce:44:30:34:f3:6f:e3:47:d6:
         41:04:30:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl1uVMrTsbcT5DC+4lFI/X1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwOTIzMDgzODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTgzYzNiZjE2OWMyYTdhODA4YjAwOWMxZmY3OGI4NzkwZmVjMzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvPJeOhecrahYjPKs7PZRiV3rb/v
1l8llsaOqiFMJwOdtyD66hx5k4GYcliX5/WAuZ6+2BtMcv4fF95UlXerkxfaQYXh
w8/qVEur86dDsowjYqNgsUQY51++1xW0C8M4yoa00G4XoyxA+QWfBuy67QlKFzqy
xpzZz59mT52MuandcKMvz2TJ5RJcKHPVvv3rVBOCaMFf5nNU/sCagN21URQDr/Y1
ZwMlKEqqCsqxTHlZZrxeZ/984qYRTcjFMWoM3RdYukwZF7uv5AS3BgsJEQMeTtyq
lgHzU5jrrVPyf2rjP/fzNdXtptE2EAjc5NBMK74E1Eite7NwUEhp64h/pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGDw78WnCp6gIsAnB/3i4eQ/sM6MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvRVlQRHZ4YWNLbnFBaXdDY0hfZUxoNUQtd3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukhMA0G
CSqGSIb3DQEBCwUAA4IBAQB13HHsyEAJXeEXQM0KqMgBAAT1a83dihnyEJi54pYE
BpgwmJ7TGIXrVwmQzsc1by78BydZPiTNmOfFhz9+oWOVgtAM05Tl6zBkKK0Ipq6r
tpYyJ/HpJ0jeNyctJti6QHtTRWJ1aPfBAuzwdi1AtO/nn5MWCJozOaUL4XRrFP0F
s6alKFGtVeNvnZLHdmGG5yRMsaRuvaN01H/edYLbyAgBpgjs5STlItToP0jOe3pS
wEcsNoGNjrHdaCv4ChoWZySO21bFx0N9qIij+g4Ks2n/pvkpM1HFN6ds4Zqi6AMo
7AqlxH0vto+tU9UqFhHjY3hUiqnORDA082/jR9ZBBDDZ
-----END CERTIFICATE-----