Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/nnaZA_UoDA_GsSj9AEkMSBFIT28.roa
File:                     nnaZA_UoDA_GsSj9AEkMSBFIT28.roa (raw, json)
Hash identifier:          hf0b8TprwRdDFSmaoiM5KMZdx5WH9UrMc3oOOAhH8+E=
Subject key identifier:   9E:76:99:03:F5:28:0C:0F:C6:B1:28:FD:00:49:0C:48:11:48:4F:6F
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019D0B02DACF1748884122C8B22B95F2CB13
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/nnaZA_UoDA_GsSj9AEkMSBFIT28.roa
Signing time:             Fri 20 Mar 2026 11:30:29 +0000
ROA not before:           Fri 20 Mar 2026 11:30:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.34.0/23 maxlen: 24
                          46.233.42.0/24 maxlen: 24
                          46.233.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:02:da:cf:17:48:88:41:22:c8:b2:2b:95:f2:cb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Mar 20 11:30:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e769903f5280c0fc6b128fd00490c4811484f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:50:6a:13:c2:80:95:e9:0a:d4:9a:b3:e8:9a:
                    a2:f3:1b:62:10:ca:35:5f:20:6c:aa:0c:fd:bf:0a:
                    31:d5:07:d3:51:84:23:80:b4:b0:6a:e2:64:0e:d8:
                    35:46:f6:85:be:71:b3:6f:67:6b:22:b5:83:5e:ac:
                    7f:cb:eb:ac:d8:65:56:10:dc:e4:36:e9:95:66:3f:
                    e4:eb:38:79:20:67:ea:bd:59:bf:70:8f:19:6e:9f:
                    70:27:28:47:20:97:d5:1f:b1:16:36:c4:c6:ce:b3:
                    91:c6:fa:d8:f4:18:ef:37:d3:9f:10:9b:b7:57:fe:
                    fb:e2:ab:de:55:43:69:70:16:e9:e6:75:20:16:66:
                    03:64:e9:21:b8:17:6d:e6:d1:a1:e8:03:1d:fc:ba:
                    ff:29:40:81:0c:31:f7:2e:81:1f:a7:a3:62:49:3d:
                    19:a0:be:03:b5:b4:80:0b:f4:e2:86:41:bc:ca:b2:
                    ca:90:01:6e:6e:a3:2c:4f:7a:90:94:15:80:4a:e6:
                    a1:0d:98:9e:43:a7:90:b9:a9:8a:d2:ea:11:80:d5:
                    e5:d8:7e:31:66:d7:07:b0:d9:ed:62:96:04:4f:a3:
                    43:b7:17:f3:38:bc:0a:9a:d2:0d:99:9a:4c:7f:34:
                    bc:72:7e:51:49:25:ea:9f:73:bf:59:d0:f5:45:01:
                    a7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:76:99:03:F5:28:0C:0F:C6:B1:28:FD:00:49:0C:48:11:48:4F:6F
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/nnaZA_UoDA_GsSj9AEkMSBFIT28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.34.0/23
                  46.233.42.0/24
                  46.233.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:9d:94:e2:fb:64:0e:2f:21:53:3f:c6:53:c0:0c:ea:1d:d9:
         e9:91:4b:03:6e:ce:04:d7:06:79:4d:e4:7d:3e:f8:b4:77:6b:
         4b:01:6d:15:05:97:65:e3:b3:31:44:bc:89:7d:de:cc:6f:ff:
         35:03:bc:8d:8b:02:d0:94:3e:7f:4c:6c:e0:76:cb:e8:68:be:
         51:04:84:41:8b:5e:f4:f3:9f:1e:d3:58:84:ec:a9:d4:07:be:
         69:2a:2b:35:0e:61:4c:1b:77:44:42:e5:93:6d:29:c6:2b:31:
         f1:be:d6:15:7e:0f:88:81:b8:9b:9a:05:16:f8:da:4e:3d:7d:
         0a:fc:4c:82:7a:10:93:2b:a0:fb:d5:57:e9:1b:43:bf:53:56:
         55:61:59:51:cb:35:45:f6:c4:7e:d6:07:28:51:be:52:51:b8:
         98:b3:01:82:68:05:d6:8c:60:25:82:fe:94:0a:69:81:83:c0:
         ac:04:d5:9a:c7:77:8d:52:70:bf:48:ea:c4:c3:75:86:44:c9:
         13:8c:ae:b4:ba:e9:de:70:2a:2e:cc:1a:a9:42:d7:62:59:60:
         cd:ac:ea:75:a9:90:06:b0:8a:fe:f2:06:5f:5f:d5:da:f1:1e:
         a1:cc:71:bb:c7:7f:06:e8:93:33:83:26:41:be:77:ef:c1:ff:
         a6:5e:4a:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0LAtrPF0iIQSLIsiuV8ssTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjYwMzIwMTEzMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTc2OTkwM2Y1MjgwYzBmYzZiMTI4ZmQwMDQ5MGM0ODExNDg0ZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllBqE8KAlekK1Jqz6Jqi8xtiEMo1
XyBsqgz9vwox1QfTUYQjgLSwauJkDtg1RvaFvnGzb2drIrWDXqx/y+us2GVWENzk
NumVZj/k6zh5IGfqvVm/cI8Zbp9wJyhHIJfVH7EWNsTGzrORxvrY9BjvN9OfEJu3
V/774qveVUNpcBbp5nUgFmYDZOkhuBdt5tGh6AMd/Lr/KUCBDDH3LoEfp6NiST0Z
oL4DtbSAC/TihkG8yrLKkAFubqMsT3qQlBWASuahDZieQ6eQuamK0uoRgNXl2H4x
ZtcHsNntYpYET6NDtxfzOLwKmtINmZpMfzS8cn5RSSXqn3O/WdD1RQGnVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ52mQP1KAwPxrEo/QBJDEgRSE9vMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvbm5hWkFfVW9EQV9Hc1NqOUFFa01TQkZJVDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLukiAwQA
LukqAwQALuk0MA0GCSqGSIb3DQEBCwUAA4IBAQADnZTi+2QOLyFTP8ZTwAzqHdnp
kUsDbs4E1wZ5TeR9Pvi0d2tLAW0VBZdl47MxRLyJfd7Mb/81A7yNiwLQlD5/TGzg
dsvoaL5RBIRBi170858e01iE7KnUB75pKis1DmFMG3dEQuWTbSnGKzHxvtYVfg+I
gbibmgUW+NpOPX0K/EyCehCTK6D71VfpG0O/U1ZVYVlRyzVF9sR+1gcoUb5SUbiY
swGCaAXWjGAlgv6UCmmBg8CsBNWax3eNUnC/SOrEw3WGRMkTjK60uunecCouzBqp
QtdiWWDNrOp1qZAGsIr+8gZfX9Xa8R6hzHG7x38G6JMzgyZBvnfvwf+mXkqH
-----END CERTIFICATE-----