Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/MZHFY8HD5McZAOtlhbPS7Vef49w.roa
File:                     MZHFY8HD5McZAOtlhbPS7Vef49w.roa (raw, json)
Hash identifier:          xD5iI2qt5UTOM/VSmmNQTf65W6DIK7V2ytpdgUwyB3U=
Subject key identifier:   31:91:C5:63:C1:C3:E4:C7:19:00:EB:65:85:B3:D2:ED:57:9F:E3:DC
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0197C705E8F5BD31BA47973581E9447368C3
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/MZHFY8HD5McZAOtlhbPS7Vef49w.roa
Signing time:             Tue 01 Jul 2025 17:25:42 +0000
ROA not before:           Tue 01 Jul 2025 17:25:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202496
IP address blocks:        2a06:fe44::/32 maxlen: 32
                          2a11:2500::/29 maxlen: 29
                          2a11:e940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:05:e8:f5:bd:31:ba:47:97:35:81:e9:44:73:68:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jul  1 17:25:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3191c563c1c3e4c71900eb6585b3d2ed579fe3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:50:da:50:ee:72:5d:38:69:bd:74:47:c0:fb:
                    9b:cf:33:42:87:0d:ac:13:d9:56:53:64:1e:44:24:
                    94:64:3b:55:d1:d7:4b:46:bc:89:3f:85:cc:50:a6:
                    42:ad:73:eb:49:8a:60:d2:54:24:18:b5:d3:46:9a:
                    8e:b1:5a:fb:6b:35:5b:4d:44:5e:59:aa:1d:b2:d0:
                    37:be:8b:8a:ec:c2:51:bf:32:9d:f3:d7:73:09:e3:
                    4b:57:6e:e4:c7:52:11:57:12:2a:7b:e9:3b:b2:a5:
                    86:07:42:66:15:a4:0e:f9:66:a7:c3:d9:4a:57:63:
                    e9:45:1e:cb:78:da:2c:69:55:9c:a4:6a:f9:56:75:
                    79:c2:f1:d2:16:78:50:21:01:94:34:81:c7:61:03:
                    e9:9f:47:86:1a:58:6c:e2:af:49:90:e2:ff:2a:8b:
                    ce:ca:c7:37:b7:31:95:50:d9:bb:25:3a:d5:b7:d4:
                    35:32:34:88:ce:71:88:31:3f:d6:a9:e0:4c:f2:26:
                    5d:3f:3b:a4:28:c1:98:77:50:00:20:b1:9c:8b:94:
                    c0:cd:a2:e6:ef:a6:b3:d5:0c:53:aa:78:d9:55:84:
                    3f:63:ed:2b:47:78:6e:8e:48:47:e5:01:3d:f4:7b:
                    2e:b0:f1:4e:e0:17:5c:d7:23:68:a3:0b:0c:d0:7e:
                    8c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:91:C5:63:C1:C3:E4:C7:19:00:EB:65:85:B3:D2:ED:57:9F:E3:DC
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/MZHFY8HD5McZAOtlhbPS7Vef49w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fe44::/32
                  2a11:2500::/29
                  2a11:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:aa:28:27:a8:85:b7:08:c2:94:41:7c:71:14:28:5e:f6:c2:
         18:0b:87:17:ad:0a:ec:81:b6:83:38:9c:d0:3f:41:6f:93:10:
         d3:06:ba:aa:c8:60:45:72:9b:aa:09:ff:e0:1f:9b:c0:3f:36:
         90:cb:e3:6d:50:51:31:98:5f:7b:4a:6a:ba:3a:f0:28:9d:27:
         54:90:04:53:e3:46:06:7d:ad:70:f3:be:2c:16:47:6a:41:51:
         76:e7:63:d8:02:a9:2d:35:3a:8f:ad:b5:f2:b9:70:11:ab:13:
         3d:99:44:f2:9d:ad:cb:f3:b6:66:b2:9e:e7:f6:db:38:ae:fe:
         cc:ce:65:c4:9c:f0:4d:7f:08:f1:e0:dd:2c:aa:e8:2e:f7:09:
         fc:6b:62:a5:8d:ab:39:c0:b4:7b:eb:05:39:80:4c:3c:d4:0b:
         e0:f4:44:c6:2c:00:c0:77:27:4a:00:3a:12:87:45:72:30:a2:
         68:8d:d4:93:88:3f:69:b5:9e:4f:bd:43:21:ad:2e:22:a4:b5:
         71:a7:b6:b8:68:dc:14:ac:ac:fc:3b:b1:bc:48:0a:d4:2b:87:
         59:da:3d:ff:5c:dd:80:42:b1:4a:5c:cd:df:36:bf:60:59:09:
         ff:bf:ce:5d:ab:e5:67:f8:7e:26:89:8c:12:00:9e:46:b7:e7:
         16:83:77:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfHBej1vTG6R5c1gelEc2jDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNzAxMTcyNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTkxYzU2M2MxYzNlNGM3MTkwMGViNjU4NWIzZDJlZDU3OWZlM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlDaUO5yXThpvXRHwPubzzNChw2s
E9lWU2QeRCSUZDtV0ddLRryJP4XMUKZCrXPrSYpg0lQkGLXTRpqOsVr7azVbTURe
WaodstA3vouK7MJRvzKd89dzCeNLV27kx1IRVxIqe+k7sqWGB0JmFaQO+Wanw9lK
V2PpRR7LeNosaVWcpGr5VnV5wvHSFnhQIQGUNIHHYQPpn0eGGlhs4q9JkOL/KovO
ysc3tzGVUNm7JTrVt9Q1MjSIznGIMT/WqeBM8iZdPzukKMGYd1AAILGci5TAzaLm
76az1QxTqnjZVYQ/Y+0rR3hujkhH5QE99HsusPFO4Bdc1yNoowsM0H6MowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDGRxWPBw+THGQDrZYWz0u1Xn+PcMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvTVpIRlk4SEQ1TWNaQU90bGhiUFM3VmVmNDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgb+RAMF
AyoRJQADBQMqEelAMA0GCSqGSIb3DQEBCwUAA4IBAQBnqignqIW3CMKUQXxxFChe
9sIYC4cXrQrsgbaDOJzQP0FvkxDTBrqqyGBFcpuqCf/gH5vAPzaQy+NtUFExmF97
Smq6OvAonSdUkART40YGfa1w874sFkdqQVF252PYAqktNTqPrbXyuXARqxM9mUTy
na3L87Zmsp7n9ts4rv7MzmXEnPBNfwjx4N0squgu9wn8a2Kljas5wLR76wU5gEw8
1Avg9ETGLADAdydKADoSh0VyMKJojdSTiD9ptZ5PvUMhrS4ipLVxp7a4aNwUrKz8
O7G8SArUK4dZ2j3/XN2AQrFKXM3fNr9gWQn/v85dq+Vn+H4miYwSAJ5Gt+cWg3fv
-----END CERTIFICATE-----