Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/W1iU6dEXCAbvhe2vd34tim5xizw.roa
File:                     W1iU6dEXCAbvhe2vd34tim5xizw.roa (raw, json)
Hash identifier:          YozzXBe30PzSXaZDLGORJxpoX87WhdRqewFqwkX77GE=
Subject key identifier:   5B:58:94:E9:D1:17:08:06:EF:85:ED:AF:77:7E:2D:8A:6E:71:8B:3C
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       01998630D78A00B2A8CBB1594E5E68D7AE5D
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/W1iU6dEXCAbvhe2vd34tim5xizw.roa
Signing time:             Fri 26 Sep 2025 13:22:51 +0000
ROA not before:           Fri 26 Sep 2025 13:22:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        46.233.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:86:30:d7:8a:00:b2:a8:cb:b1:59:4e:5e:68:d7:ae:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Sep 26 13:22:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b5894e9d1170806ef85edaf777e2d8a6e718b3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2a:e8:8e:41:79:08:a6:8c:c1:8d:95:81:b2:
                    2d:c1:0c:c0:26:a5:bf:02:f9:5b:e1:89:fc:82:1a:
                    23:b9:77:c0:cc:1b:76:ae:c3:a0:b3:ec:b9:50:82:
                    98:ec:8d:6e:e7:f6:7d:40:e8:84:70:b6:f6:fc:dd:
                    d7:82:ae:5d:7d:e5:8c:76:bd:52:81:e7:b4:93:40:
                    aa:7c:a6:bf:07:8c:37:dc:03:53:3e:64:a6:f0:11:
                    cf:08:d3:ab:9f:4c:3c:10:a3:90:f2:d3:9d:ea:21:
                    86:46:09:38:47:1d:c1:97:8b:d3:a9:d4:70:96:8d:
                    c3:d5:57:07:95:07:95:92:b9:95:bd:35:ac:b2:06:
                    14:cf:c5:15:04:83:6b:a3:91:f1:68:7f:b3:2d:b2:
                    91:02:78:30:87:4b:ff:04:8a:38:da:6d:6f:3c:47:
                    a8:58:c9:ee:c8:50:ef:63:31:14:07:9f:8d:8e:0b:
                    ca:1d:46:45:a6:94:c3:e0:53:92:e0:3c:5e:84:50:
                    01:74:79:59:f8:a0:75:14:4d:65:87:4e:41:2d:34:
                    7d:63:87:14:b4:dd:77:a2:5e:10:43:3e:b5:b6:7f:
                    57:56:00:a6:9f:12:b8:6f:ce:d1:8c:82:4f:f9:7d:
                    b2:16:4a:2c:31:50:27:5b:c1:63:2f:49:a6:3a:d1:
                    d8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:58:94:E9:D1:17:08:06:EF:85:ED:AF:77:7E:2D:8A:6E:71:8B:3C
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/W1iU6dEXCAbvhe2vd34tim5xizw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:4c:6a:e8:b6:59:ed:74:a0:d4:8c:a4:dd:3e:d5:c9:63:10:
         e0:5f:0f:e4:2e:0f:f2:2b:64:aa:7e:84:60:bf:82:08:6f:7f:
         51:0d:bb:18:7c:89:17:ef:2f:97:9f:80:24:84:98:d3:6a:0d:
         ec:6e:31:91:a1:b2:9c:5a:04:fe:29:2d:21:1d:57:c4:8c:8d:
         46:df:66:45:4d:ad:9a:f9:98:38:59:3f:25:4e:ed:ca:88:f3:
         3b:ad:5b:4e:a4:a5:7b:89:f0:5a:9a:4d:80:a5:e1:e7:4a:a4:
         35:40:76:a5:c2:f4:2e:c3:f8:7a:66:40:25:db:f0:30:a8:d8:
         92:8f:f6:8d:2a:5d:80:ab:d4:84:fb:ec:49:42:42:c5:ae:9d:
         46:7b:75:c7:c2:8d:64:94:6b:2a:5a:e1:a6:77:4f:86:18:fd:
         5f:93:8e:e7:ec:2b:d4:5c:c5:27:cd:1c:c0:0b:d7:8a:f0:29:
         e1:ec:5d:bf:92:6d:92:fa:88:91:ef:7f:90:21:07:6e:26:a8:
         85:98:4d:71:a5:9e:f7:9f:d4:bc:ad:7e:f9:46:13:3b:3e:92:
         90:11:87:44:90:a6:28:90:0e:6e:8e:28:5f:3b:60:9c:2c:c5:
         8f:99:e2:b7:ff:17:a4:bc:88:b5:89:10:15:fe:ad:1e:6e:9c:
         59:cf:80:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmGMNeKALKoy7FZTl5o165dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwOTI2MTMyMjUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU4OTRlOWQxMTcwODA2ZWY4NWVkYWY3NzdlMmQ4YTZlNzE4YjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyrojkF5CKaMwY2VgbItwQzAJqW/
Avlb4Yn8ghojuXfAzBt2rsOgs+y5UIKY7I1u5/Z9QOiEcLb2/N3Xgq5dfeWMdr1S
gee0k0CqfKa/B4w33ANTPmSm8BHPCNOrn0w8EKOQ8tOd6iGGRgk4Rx3Bl4vTqdRw
lo3D1VcHlQeVkrmVvTWssgYUz8UVBINro5HxaH+zLbKRAngwh0v/BIo42m1vPEeo
WMnuyFDvYzEUB5+NjgvKHUZFppTD4FOS4DxehFABdHlZ+KB1FE1lh05BLTR9Y4cU
tN13ol4QQz61tn9XVgCmnxK4b87RjIJP+X2yFkosMVAnW8FjL0mmOtHYEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtYlOnRFwgG74Xtr3d+LYpucYs8MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvVzFpVTZkRVhDQWJ2aGUydmQzNHRpbTV4aXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukgMA0G
CSqGSIb3DQEBCwUAA4IBAQCTTGrotlntdKDUjKTdPtXJYxDgXw/kLg/yK2SqfoRg
v4IIb39RDbsYfIkX7y+Xn4AkhJjTag3sbjGRobKcWgT+KS0hHVfEjI1G32ZFTa2a
+Zg4WT8lTu3KiPM7rVtOpKV7ifBamk2ApeHnSqQ1QHalwvQuw/h6ZkAl2/AwqNiS
j/aNKl2Aq9SE++xJQkLFrp1Ge3XHwo1klGsqWuGmd0+GGP1fk47n7CvUXMUnzRzA
C9eK8Cnh7F2/km2S+oiR73+QIQduJqiFmE1xpZ73n9S8rX75RhM7PpKQEYdEkKYo
kA5ujihfO2CcLMWPmeK3/xekvIi1iRAV/q0ebpxZz4BE
-----END CERTIFICATE-----