Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/mmCjIPSHue50n9fr4FMXty0dV-k.roa
File:                     mmCjIPSHue50n9fr4FMXty0dV-k.roa (raw, json)
Hash identifier:          VC9prRn7IOT7JxpZTmExJJUrJ+ZuBNfNV5QmExMYoaE=
Subject key identifier:   9A:60:A3:20:F4:87:B9:EE:74:9F:D7:EB:E0:53:17:B7:2D:1D:57:E9
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01997070CF273268DD6BB6D0F01AA8363ACD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/mmCjIPSHue50n9fr4FMXty0dV-k.roa
Signing time:             Mon 22 Sep 2025 08:01:05 +0000
ROA not before:           Mon 22 Sep 2025 08:01:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.90.17.0/24 maxlen: 24
                          185.222.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:70:70:cf:27:32:68:dd:6b:b6:d0:f0:1a:a8:36:3a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Sep 22 08:01:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a60a320f487b9ee749fd7ebe05317b72d1d57e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:09:9f:41:82:12:16:87:c2:b4:4f:20:d1:c5:
                    8d:3e:00:b6:ad:c6:ac:b4:df:91:b9:d1:19:5e:30:
                    64:53:22:2c:bd:75:c1:b7:56:b2:7c:fe:19:ac:7c:
                    4e:7a:23:0e:f0:cb:19:a5:c0:ad:2f:7a:71:5c:b9:
                    6d:84:88:f7:50:ad:fa:ea:b2:28:39:b1:b3:37:68:
                    9d:f7:ad:38:8f:5b:7d:87:c7:ea:0b:2a:ec:6d:12:
                    65:35:6d:4d:d1:01:33:d7:92:3c:33:d2:ce:d3:8d:
                    5a:5b:ff:17:a4:9b:64:8c:68:35:9d:78:4d:28:9d:
                    f0:fe:cc:ed:cb:e0:89:43:55:f3:72:d4:72:b3:f2:
                    9b:f3:cf:ca:69:1d:0a:4c:de:c3:a9:78:ff:ff:16:
                    f9:0b:56:a5:e5:18:ae:67:17:fe:f0:94:6d:5c:7e:
                    5d:8d:4d:61:2f:da:d4:f2:71:37:5d:c2:7d:a7:f0:
                    2c:77:4c:63:d7:83:69:43:95:7a:fc:91:e5:2c:31:
                    6c:d2:1d:9f:49:ec:bd:74:64:98:1b:08:c6:20:c9:
                    f0:3c:4d:c6:59:f5:64:fd:86:d8:a5:5d:fb:a0:a2:
                    f2:18:b0:86:3a:73:95:27:05:7c:93:ae:d4:0f:19:
                    cb:b3:10:60:f8:ca:ed:92:1e:8f:5d:9f:3f:a7:7b:
                    30:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:60:A3:20:F4:87:B9:EE:74:9F:D7:EB:E0:53:17:B7:2D:1D:57:E9
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/mmCjIPSHue50n9fr4FMXty0dV-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.17.0/24
                  185.222.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:05:de:52:db:17:47:d9:7a:bd:3d:35:e6:00:40:46:1e:b8:
         70:65:16:c9:12:9e:f3:67:b9:62:5e:48:cf:26:dc:21:5a:c1:
         79:1f:7b:dc:b6:b3:29:b9:76:74:3b:e4:ad:6a:cf:7f:60:0e:
         b7:6d:12:9a:67:d0:df:f6:36:c4:71:54:b2:9f:82:2e:2d:7d:
         21:83:6c:9b:fe:72:3e:3e:66:86:3b:f9:e2:e7:75:98:bd:00:
         92:b9:2c:49:a5:0d:01:52:6a:b2:74:8e:51:81:ea:10:35:9a:
         b8:01:e2:22:87:2d:b5:5f:40:c1:11:38:9c:67:88:4f:89:4d:
         05:18:d5:5c:82:bc:2f:54:fa:b7:c6:a1:07:fb:37:e7:09:d2:
         12:82:53:00:06:23:90:65:d0:3c:65:8f:6e:5d:10:7d:17:c7:
         a6:76:91:8c:26:20:2d:d1:45:60:d8:df:53:64:f9:1b:9e:28:
         1e:a7:cd:ee:3f:cb:7b:4d:dc:41:b6:25:e4:4a:23:1d:64:06:
         fa:8d:41:ef:56:3e:d2:75:ab:0d:41:5b:87:bb:fd:c2:a8:1e:
         67:4a:2a:c4:72:91:7f:e6:db:af:98:dc:16:12:e8:6d:cc:80:
         ac:95:f3:e2:a9:62:6c:a3:1e:ce:d0:cd:3b:0e:67:1c:2c:8c:
         5e:2f:29:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlwcM8nMmjda7bQ8BqoNjrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwOTIyMDgwMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTYwYTMyMGY0ODdiOWVlNzQ5ZmQ3ZWJlMDUzMTdiNzJkMWQ1N2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwmfQYISFofCtE8g0cWNPgC2rcas
tN+RudEZXjBkUyIsvXXBt1ayfP4ZrHxOeiMO8MsZpcCtL3pxXLlthIj3UK366rIo
ObGzN2id9604j1t9h8fqCyrsbRJlNW1N0QEz15I8M9LO041aW/8XpJtkjGg1nXhN
KJ3w/szty+CJQ1XzctRys/Kb88/KaR0KTN7DqXj//xb5C1al5RiuZxf+8JRtXH5d
jU1hL9rU8nE3XcJ9p/Asd0xj14NpQ5V6/JHlLDFs0h2fSey9dGSYGwjGIMnwPE3G
WfVk/YbYpV37oKLyGLCGOnOVJwV8k67UDxnLsxBg+Mrtkh6PXZ8/p3swjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJpgoyD0h7nudJ/X6+BTF7ctHVfpMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbW1DaklQU0h1ZTUwbjlmcjRGTVh0eTBkVi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVoRAwQA
ud4eMA0GCSqGSIb3DQEBCwUAA4IBAQA7Bd5S2xdH2Xq9PTXmAEBGHrhwZRbJEp7z
Z7liXkjPJtwhWsF5H3vctrMpuXZ0O+Stas9/YA63bRKaZ9Df9jbEcVSyn4IuLX0h
g2yb/nI+PmaGO/ni53WYvQCSuSxJpQ0BUmqydI5RgeoQNZq4AeIihy21X0DBETic
Z4hPiU0FGNVcgrwvVPq3xqEH+zfnCdISglMABiOQZdA8ZY9uXRB9F8emdpGMJiAt
0UVg2N9TZPkbnigep83uP8t7TdxBtiXkSiMdZAb6jUHvVj7SdasNQVuHu/3CqB5n
SirEcpF/5tuvmNwWEuhtzICslfPiqWJsox7O0M07DmccLIxeLyl1
-----END CERTIFICATE-----