Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/mxHk_x4_7-pXmkuBflFU5C_xuDU.roa
File:                     mxHk_x4_7-pXmkuBflFU5C_xuDU.roa (raw, json)
Hash identifier:          gtzHct2NI5Df3c0cYS0pdqVMvUN2VqKpHBWx5S3TAmU=
Subject key identifier:   9B:11:E4:FF:1E:3F:EF:EA:57:9A:4B:81:7E:51:54:E4:2F:F1:B8:35
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       0199AED15EF7EBF7F657576ECC1445B5008F
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/mxHk_x4_7-pXmkuBflFU5C_xuDU.roa
Signing time:             Sat 04 Oct 2025 10:43:00 +0000
ROA not before:           Sat 04 Oct 2025 10:43:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42410
IP address blocks:        46.233.48.0/22 maxlen: 24
                          46.233.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ae:d1:5e:f7:eb:f7:f6:57:57:6e:cc:14:45:b5:00:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Oct  4 10:43:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b11e4ff1e3fefea579a4b817e5154e42ff1b835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1e:7a:e5:2b:6c:e7:ee:d7:78:e3:da:93:57:
                    2e:68:71:12:c7:c1:72:e3:3d:f7:f1:76:34:85:35:
                    bd:0f:3f:65:75:97:6b:8f:50:3c:2b:37:71:d2:d2:
                    52:f0:08:a1:c7:e9:4d:f8:0b:cb:b0:25:06:78:33:
                    8d:fa:5a:98:e6:e4:c9:9b:13:ed:29:1a:f8:8d:8b:
                    1b:22:c2:a3:d1:0a:33:9a:ef:75:ca:3b:2a:ef:b3:
                    72:f3:29:53:22:61:aa:72:eb:ee:7a:87:bb:42:11:
                    1b:3c:ec:0f:a8:64:38:3a:59:75:a2:71:c7:a2:72:
                    b8:fe:bf:ee:8e:2f:bd:54:95:4c:c0:84:17:f5:0b:
                    70:36:16:a2:78:a3:65:ec:91:0d:f5:e2:64:6f:ea:
                    42:1d:ac:5f:75:a1:fb:3f:7b:34:b8:93:63:26:0a:
                    2a:c8:5b:09:00:23:e0:2f:f4:bd:bf:37:3e:17:01:
                    b0:66:ca:97:04:f5:65:29:40:8a:2c:0f:16:08:4e:
                    b3:37:67:fb:cf:a5:c5:0a:e8:b9:a5:8f:3f:a5:c4:
                    6c:27:11:2a:05:57:40:50:da:cd:ba:ca:c4:7d:74:
                    3e:68:97:11:74:a8:6f:6d:f1:b9:de:b2:3e:ad:d9:
                    fb:8e:07:7e:67:f5:38:6d:ab:4c:6e:58:cb:f8:04:
                    a5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:11:E4:FF:1E:3F:EF:EA:57:9A:4B:81:7E:51:54:E4:2F:F1:B8:35
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/mxHk_x4_7-pXmkuBflFU5C_xuDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.48.0/22
                  46.233.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:31:a6:a4:88:2e:b3:f9:39:4f:db:a1:88:7e:4a:ac:6a:b8:
         9d:42:cb:62:8a:09:8b:88:5f:ad:dd:6a:f7:4d:62:bb:4b:6b:
         fe:b3:78:bf:a4:ae:86:2a:0d:96:92:06:8e:e3:a1:87:d0:0c:
         6c:36:3a:ec:6d:59:67:98:f1:e2:51:6e:1c:a3:e7:c5:17:e6:
         cc:58:60:03:3d:63:42:c7:d3:0d:5b:11:ed:76:24:b5:ee:22:
         dd:3a:fe:c8:2b:31:d4:1c:bf:89:ed:61:4d:bd:26:f1:68:a2:
         ea:59:bf:73:64:8a:e1:74:49:81:a6:58:25:ad:a5:ca:b3:ed:
         f5:83:01:81:90:4d:1d:a2:4b:87:5c:5c:f5:56:cb:4a:da:fd:
         bb:bb:67:eb:3a:df:b1:ea:d4:65:ad:0a:c5:d8:5f:1c:02:de:
         79:a7:cd:13:94:53:18:38:5f:28:fe:df:59:95:7a:97:74:51:
         92:e5:71:be:0d:c9:4a:3e:48:75:f3:a4:e1:57:5c:2a:04:ce:
         87:81:70:67:88:4b:c0:97:f4:dc:60:4d:ee:6e:e7:5c:4b:a6:
         5a:e3:68:4a:df:c3:37:b4:3b:fb:b2:40:73:67:67:1e:30:e4:
         73:53:71:5f:69:f1:b9:33:27:9e:ac:38:2a:95:81:d3:cb:36:
         40:3a:83:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmu0V736/f2V1duzBRFtQCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUxMDA0MTA0MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjExZTRmZjFlM2ZlZmVhNTc5YTRiODE3ZTUxNTRlNDJmZjFiODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB565Sts5+7XeOPak1cuaHESx8Fy
4z338XY0hTW9Dz9ldZdrj1A8Kzdx0tJS8Aihx+lN+AvLsCUGeDON+lqY5uTJmxPt
KRr4jYsbIsKj0Qozmu91yjsq77Ny8ylTImGqcuvueoe7QhEbPOwPqGQ4Oll1onHH
onK4/r/uji+9VJVMwIQX9QtwNhaieKNl7JEN9eJkb+pCHaxfdaH7P3s0uJNjJgoq
yFsJACPgL/S9vzc+FwGwZsqXBPVlKUCKLA8WCE6zN2f7z6XFCui5pY8/pcRsJxEq
BVdAUNrNusrEfXQ+aJcRdKhvbfG53rI+rdn7jgd+Z/U4batMbljL+ASlGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJsR5P8eP+/qV5pLgX5RVOQv8bg1MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvbXhIa194NF83LXBYbWt1QmZsRlU1Q194dURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLukwAwQA
Luk2MA0GCSqGSIb3DQEBCwUAA4IBAQB5MaakiC6z+TlP26GIfkqsaridQstiigmL
iF+t3Wr3TWK7S2v+s3i/pK6GKg2WkgaO46GH0AxsNjrsbVlnmPHiUW4co+fFF+bM
WGADPWNCx9MNWxHtdiS17iLdOv7IKzHUHL+J7WFNvSbxaKLqWb9zZIrhdEmBplgl
raXKs+31gwGBkE0dokuHXFz1VstK2v27u2frOt+x6tRlrQrF2F8cAt55p80TlFMY
OF8o/t9ZlXqXdFGS5XG+DclKPkh186ThV1wqBM6HgXBniEvAl/TcYE3ubudcS6Za
42hK38M3tDv7skBzZ2ceMORzU3FfafG5MyeerDgqlYHTyzZAOoOM
-----END CERTIFICATE-----