Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/mstAyx12aWOmsAotqkQqmXEkSDg.roa
File:                     mstAyx12aWOmsAotqkQqmXEkSDg.roa (raw, json)
Hash identifier:          byYvZvloKw8W9tmcb0fLz0nJIghsJPutICFz6epq2WU=
Subject key identifier:   9A:CB:40:CB:1D:76:69:63:A6:B0:0A:2D:AA:44:2A:99:71:24:48:38
Certificate issuer:       /CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
Certificate serial:       0197D0C94BB1C3F27E67BFEBEB52B71CDD55
Authority key identifier: FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/mstAyx12aWOmsAotqkQqmXEkSDg.roa
Signing time:             Thu 03 Jul 2025 14:55:42 +0000
ROA not before:           Thu 03 Jul 2025 14:55:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        185.165.92.0/24 maxlen: 24
                          2a13:80c0::/29 maxlen: 32
                          2a13:9240::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:c9:4b:b1:c3:f2:7e:67:bf:eb:eb:52:b7:1c:dd:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
        Validity
            Not Before: Jul  3 14:55:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9acb40cb1d766963a6b00a2daa442a9971244838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0a:cd:99:7d:36:6a:e3:35:8e:13:0d:a8:1f:
                    8c:ae:dc:1a:e7:f6:13:f7:1b:22:42:fc:f8:1b:0c:
                    33:2f:23:51:57:0b:db:06:62:a6:46:40:2a:fb:7e:
                    f9:49:bf:65:ea:09:92:b6:0e:75:97:c6:c2:3b:1a:
                    ec:0d:1a:0c:b4:db:a3:63:8f:d2:b9:0d:35:3d:7c:
                    8c:dd:f2:c8:6e:3d:a2:e5:f0:26:6b:64:30:fc:60:
                    46:d3:f3:c9:2f:7d:79:af:a1:2e:45:3d:e8:bb:c4:
                    e9:a7:ce:a0:76:45:1a:c3:c1:a1:e7:64:fb:e5:d5:
                    c2:ad:4b:e7:d9:9e:a8:3e:c0:31:27:a1:b7:ce:63:
                    9e:c1:48:78:00:b4:52:ea:82:a8:de:14:ce:9b:5b:
                    2f:fc:e9:83:ae:9c:ec:b2:b6:40:f4:89:cc:17:5d:
                    9d:64:13:e4:b3:cd:36:92:5f:b1:0e:21:a5:1f:f9:
                    1f:12:85:03:f6:b7:77:76:0c:75:34:53:97:5a:e6:
                    82:dd:9e:92:da:f0:94:6d:07:1e:c8:a8:04:63:0a:
                    03:24:ec:f3:4e:c6:e3:4d:cc:df:e0:3f:ea:61:3e:
                    7c:8d:b7:43:b2:1f:64:a6:b1:e4:99:71:27:4c:e2:
                    ed:6b:7a:83:d8:6c:98:be:92:72:37:e2:54:ab:24:
                    96:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CB:40:CB:1D:76:69:63:A6:B0:0A:2D:AA:44:2A:99:71:24:48:38
            X509v3 Authority Key Identifier:
                keyid:FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/mstAyx12aWOmsAotqkQqmXEkSDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.92.0/24
                IPv6:
                  2a13:80c0::/29
                  2a13:9240::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:ee:64:ac:4d:6b:26:54:e0:4c:74:2b:73:fd:d6:e0:21:d7:
         3d:08:4e:80:03:9c:0e:ac:33:51:bf:fa:e7:ee:41:4c:85:d2:
         b0:2b:37:c7:a7:68:51:2e:49:b5:02:21:74:4a:87:28:bc:9c:
         7b:9f:42:4d:c2:0b:ab:ff:b5:f6:4b:f5:da:1f:25:47:16:38:
         4f:5d:ca:b0:57:6e:b8:eb:88:c5:8f:a6:8f:0a:6b:dc:ca:b7:
         12:c1:f4:1b:7f:aa:ba:bc:d6:f7:36:2e:4c:4f:b6:7f:83:e5:
         02:be:e4:63:04:99:b4:ee:53:5e:76:40:90:b9:fa:dd:20:4a:
         6f:77:c3:58:ab:8b:31:1d:2f:d7:af:90:6c:b9:1f:e6:0b:e4:
         38:06:9e:de:7f:82:ef:25:74:e3:b9:4c:f8:82:6b:73:3c:33:
         eb:ba:20:1b:7a:72:18:78:0a:b7:07:9a:a0:98:ab:81:60:eb:
         d4:06:ae:1e:bd:d5:4f:ab:6d:d8:b0:36:ef:0a:b4:d2:11:0b:
         51:b7:e5:29:c4:f8:fa:a5:28:41:d0:17:88:8f:6e:a3:94:dc:
         c2:ed:15:6a:ad:67:a9:01:c2:34:f1:c6:e1:fc:1b:93:30:9e:
         07:af:dd:aa:e5:66:45:bb:0f:27:8f:70:d1:ab:41:18:31:1e:
         32:af:4b:b5
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZfQyUuxw/J+Z7/r61K3HN1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjM2FiNTVkNTc1MDljYmZhZTc5OGJkNzFhYWEyM2IzNDQ0
ZDhlNWEwHhcNMjUwNzAzMTQ1NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWNiNDBjYjFkNzY2OTYzYTZiMDBhMmRhYTQ0MmE5OTcxMjQ0ODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwrNmX02auM1jhMNqB+Mrtwa5/YT
9xsiQvz4GwwzLyNRVwvbBmKmRkAq+375Sb9l6gmStg51l8bCOxrsDRoMtNujY4/S
uQ01PXyM3fLIbj2i5fAma2Qw/GBG0/PJL315r6EuRT3ou8Tpp86gdkUaw8Gh52T7
5dXCrUvn2Z6oPsAxJ6G3zmOewUh4ALRS6oKo3hTOm1sv/OmDrpzssrZA9InMF12d
ZBPks802kl+xDiGlH/kfEoUD9rd3dgx1NFOXWuaC3Z6S2vCUbQceyKgEYwoDJOzz
TsbjTczf4D/qYT58jbdDsh9kprHkmXEnTOLta3qD2GyYvpJyN+JUqySWFwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJrLQMsddmljprAKLapEKplxJEg4MB8GA1UdIwQY
MBaAFPw6tV1XUJy/rnmL1xqqI7NETY5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYt
MGM0NTIxOGU3OTgxLzEvbXN0QXl4MTJhV09tc0FvdHFrUXFtWEVrU0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYtMGM0NTIxOGU3OTgx
LzEvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAuaVcMBQE
AgACMA4DBQMqE4DAAwUDKhOSQDANBgkqhkiG9w0BAQsFAAOCAQEAYu5krE1rJlTg
THQrc/3W4CHXPQhOgAOcDqwzUb/65+5BTIXSsCs3x6doUS5JtQIhdEqHKLyce59C
TcILq/+19kv12h8lRxY4T13KsFduuOuIxY+mjwpr3Mq3EsH0G3+qurzW9zYuTE+2
f4PlAr7kYwSZtO5TXnZAkLn63SBKb3fDWKuLMR0v16+QbLkf5gvkOAae3n+C7yV0
47lM+IJrczwz67ogG3pyGHgKtweaoJirgWDr1AauHr3VT6tt2LA27wq00hELUbfl
KcT4+qUoQdAXiI9uo5Tcwu0Vaq1nqQHCNPHG4fwbkzCeB6/dquVmRbsPJ49w0atB
GDEeMq9LtQ==
-----END CERTIFICATE-----