Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mx-vJPLeOqdmtLu0nJopMC-Tg_I.roa
File:                     mx-vJPLeOqdmtLu0nJopMC-Tg_I.roa (raw, json)
Hash identifier:          t9lOaWFl7ZBlWtcXTRwcJSTUwmx4JB19fKZsnHDIjYY=
Subject key identifier:   9B:1F:AF:24:F2:DE:3A:A7:66:B4:BB:B4:9C:9A:29:30:2F:93:83:F2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0197CA76A5E1F1A91721C3FA40FC1730E957
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mx-vJPLeOqdmtLu0nJopMC-Tg_I.roa
Signing time:             Wed 02 Jul 2025 09:27:42 +0000
ROA not before:           Wed 02 Jul 2025 09:27:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35133
IP address blocks:        45.13.117.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:76:a5:e1:f1:a9:17:21:c3:fa:40:fc:17:30:e9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul  2 09:27:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b1faf24f2de3aa766b4bbb49c9a29302f9383f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:61:43:de:3b:40:6b:c6:46:f1:0b:11:fa:7e:
                    9c:49:bc:d2:ad:f8:09:7a:13:b2:6e:fb:f7:f5:f7:
                    95:ff:8c:93:fd:fb:01:4a:dc:c5:1f:14:c1:83:fb:
                    cf:e6:4c:99:ec:8c:ba:20:93:31:30:33:f7:29:15:
                    b1:b6:7b:75:43:41:6c:a6:16:bf:d6:98:55:86:48:
                    f1:66:3a:ad:7f:0e:a7:32:bc:54:60:ba:6f:91:dd:
                    9c:03:24:e7:00:f1:e6:96:92:c6:55:35:12:c2:97:
                    4e:6f:60:7d:4e:23:f0:19:0e:82:9c:9f:ac:ec:56:
                    a3:ff:09:ee:9f:f8:34:b1:e3:32:70:42:b3:31:f2:
                    d6:74:24:5e:92:c0:cd:b7:13:63:83:81:cf:4b:cd:
                    95:df:25:7b:b4:99:2f:b8:1b:c8:40:a7:0d:90:55:
                    43:58:a1:87:ea:67:9c:08:3f:63:20:19:77:af:db:
                    73:ba:a1:20:c4:40:3e:76:72:08:d8:d5:e7:cc:64:
                    21:40:79:72:4d:c8:db:8a:a5:bf:90:26:3b:a4:49:
                    5f:99:9c:7c:ad:56:84:13:cc:13:19:a8:28:ec:3c:
                    ef:11:a6:c7:94:b1:1b:58:61:dd:64:05:5d:e9:ca:
                    b5:09:38:16:59:56:30:5a:45:48:b4:6d:fb:b4:28:
                    11:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:1F:AF:24:F2:DE:3A:A7:66:B4:BB:B4:9C:9A:29:30:2F:93:83:F2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mx-vJPLeOqdmtLu0nJopMC-Tg_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f0:02:fa:c2:e1:7e:97:9b:9f:76:47:34:57:ca:ba:7f:3b:
         04:b5:37:cb:93:82:f0:19:44:01:1f:d4:4d:a1:47:0b:df:d4:
         22:04:af:02:a7:17:36:a2:d9:32:86:89:35:4b:fc:00:c3:07:
         27:6a:31:17:d0:5a:8f:cb:4e:e5:10:24:86:0f:47:f1:c2:61:
         8a:8d:c7:71:6b:ff:3f:af:e0:97:6a:24:6a:a0:12:32:ef:5a:
         78:4d:02:25:76:bb:c6:9a:e4:ec:ae:1d:db:07:21:2d:1b:49:
         f7:87:2f:21:42:90:fc:b0:fe:c1:2d:00:cb:8d:a5:b6:8c:24:
         27:6a:e9:e7:ee:1a:45:48:0a:e5:2d:fc:49:7f:02:13:b8:d4:
         b7:f0:2a:b2:84:ae:33:75:c6:7d:e0:80:48:0d:0b:4d:4a:6d:
         71:e4:e4:76:95:4b:05:ac:43:4b:88:0f:40:0b:fe:f9:ec:ac:
         08:74:dd:ed:c1:22:2c:56:19:e8:b5:58:cb:37:d5:40:07:5a:
         b9:aa:f6:e6:10:e7:bd:94:0b:82:2f:a3:fc:d6:f5:e0:50:b3:
         3f:f7:3f:58:fb:cc:61:3c:8c:89:9c:62:03:54:53:05:11:4b:
         e1:e4:b7:9f:1f:7d:f8:bd:53:44:9f:a7:40:a3:59:bd:da:8b:
         c4:13:97:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfKdqXh8akXIcP6QPwXMOlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNzAyMDkyNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjFmYWYyNGYyZGUzYWE3NjZiNGJiYjQ5YzlhMjkzMDJmOTM4M2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmFD3jtAa8ZG8QsR+n6cSbzSrfgJ
ehOybvv39feV/4yT/fsBStzFHxTBg/vP5kyZ7Iy6IJMxMDP3KRWxtnt1Q0Fspha/
1phVhkjxZjqtfw6nMrxUYLpvkd2cAyTnAPHmlpLGVTUSwpdOb2B9TiPwGQ6CnJ+s
7Faj/wnun/g0seMycEKzMfLWdCReksDNtxNjg4HPS82V3yV7tJkvuBvIQKcNkFVD
WKGH6mecCD9jIBl3r9tzuqEgxEA+dnII2NXnzGQhQHlyTcjbiqW/kCY7pElfmZx8
rVaEE8wTGago7DzvEabHlLEbWGHdZAVd6cq1CTgWWVYwWkVItG37tCgRowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsfryTy3jqnZrS7tJyaKTAvk4PyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbXgtdkpQTGVPcWRtdEx1MG5Kb3BNQy1UZ19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ11MA0G
CSqGSIb3DQEBCwUAA4IBAQBq8AL6wuF+l5ufdkc0V8q6fzsEtTfLk4LwGUQBH9RN
oUcL39QiBK8Cpxc2otkyhok1S/wAwwcnajEX0FqPy07lECSGD0fxwmGKjcdxa/8/
r+CXaiRqoBIy71p4TQIldrvGmuTsrh3bByEtG0n3hy8hQpD8sP7BLQDLjaW2jCQn
aunn7hpFSArlLfxJfwITuNS38CqyhK4zdcZ94IBIDQtNSm1x5OR2lUsFrENLiA9A
C/757KwIdN3twSIsVhnotVjLN9VAB1q5qvbmEOe9lAuCL6P81vXgULM/9z9Y+8xh
PIyJnGIDVFMFEUvh5LefH334vVNEn6dAo1m92ovEE5fC
-----END CERTIFICATE-----