Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Mlo568QxCCOd6PBl-s71c6J79ho.roa
File:                     Mlo568QxCCOd6PBl-s71c6J79ho.roa (raw, json)
Hash identifier:          bRhR2jD+GKHVY66qCoW+yZNu4nLkYf0bCaNIyYdcO8w=
Subject key identifier:   32:5A:39:EB:C4:31:08:23:9D:E8:F0:65:FA:CE:F5:73:A2:7B:F6:1A
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0199140C2B6DB31779824570D5113A76345D
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Mlo568QxCCOd6PBl-s71c6J79ho.roa
Signing time:             Thu 04 Sep 2025 09:26:05 +0000
ROA not before:           Thu 04 Sep 2025 09:26:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.109.46.0/24 maxlen: 24
                          147.185.196.0/24 maxlen: 24
                          147.185.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:0c:2b:6d:b3:17:79:82:45:70:d5:11:3a:76:34:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Sep  4 09:26:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=325a39ebc43108239de8f065facef573a27bf61a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:69:53:06:89:a4:44:29:49:14:02:57:50:f4:
                    5a:5c:06:53:71:86:ef:f8:6a:ce:f4:b3:d9:20:cc:
                    a4:ca:84:52:91:ad:07:bf:8b:b2:9b:60:53:4e:fb:
                    70:fb:0b:51:5c:fb:9b:60:a4:3d:4a:f2:09:2e:50:
                    78:05:5f:cd:cc:43:55:9a:e8:eb:17:26:76:71:94:
                    46:70:1b:41:b0:df:e8:ff:f3:5a:a8:db:74:8a:ef:
                    8d:51:b1:2e:e6:26:41:07:6c:11:d7:65:be:35:84:
                    e7:44:a6:a0:31:57:40:ab:a5:4e:a9:69:6a:ac:92:
                    42:f2:0c:87:62:19:14:14:f7:49:d6:43:17:d4:68:
                    1e:96:30:a9:74:7a:81:ff:1d:50:76:14:90:4b:6c:
                    cf:23:b5:84:5c:e3:cb:be:4c:01:23:9e:3d:22:38:
                    22:66:de:e9:94:ae:ca:c4:ff:27:f9:14:d7:bf:80:
                    60:ec:32:ae:9a:ef:4b:16:1d:d9:2e:fe:41:7f:33:
                    df:e5:2d:9c:94:f7:ac:c7:ac:af:3d:d2:30:05:5a:
                    17:04:85:46:ab:bc:c2:f7:fb:b6:e8:16:9b:ad:8a:
                    d5:a7:2a:14:c7:e9:e9:db:30:54:22:29:a2:3c:61:
                    1a:cd:88:63:a7:48:26:cb:2b:d6:4d:13:00:0e:36:
                    2d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5A:39:EB:C4:31:08:23:9D:E8:F0:65:FA:CE:F5:73:A2:7B:F6:1A
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Mlo568QxCCOd6PBl-s71c6J79ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.46.0/24
                  147.185.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:14:a2:2a:02:96:c7:6a:f5:1d:22:3d:a7:fd:f6:29:de:46:
         b8:de:a4:60:1e:bf:29:43:df:9a:56:5c:bc:87:64:32:c1:b2:
         2c:47:14:6c:3f:39:fc:10:d3:18:7c:c7:97:ff:2d:d1:12:2a:
         82:28:49:7f:24:19:0d:7d:40:57:d2:4f:9b:35:76:89:3f:64:
         af:b6:13:a4:35:a1:f6:82:eb:7b:67:f1:9b:8e:3c:a6:3b:fd:
         65:89:94:a4:56:88:b6:19:90:00:86:63:e9:99:45:44:89:d8:
         36:f8:2c:a4:e4:48:de:98:b6:28:2e:71:fc:6d:f8:6b:5c:5d:
         ab:71:78:57:55:72:eb:fc:70:c0:a9:d5:c9:19:44:09:e2:40:
         e7:25:be:af:b0:3f:3a:63:8b:be:7d:44:8d:a3:ab:a3:72:38:
         40:f1:a3:51:e9:c0:e9:44:79:e6:48:a6:89:e4:a9:b8:8c:c7:
         fe:77:c2:e3:e4:65:88:45:b3:13:6c:55:f0:43:aa:d8:c4:a0:
         70:b6:92:3e:ef:86:db:2a:7d:fe:ad:32:9c:8b:b0:c6:5a:69:
         43:e9:71:55:82:17:83:11:7e:a2:74:6c:d7:72:d1:55:c8:6c:
         e0:67:37:fe:d2:bb:99:f9:b4:89:12:32:8d:9a:02:03:b6:3d:
         5f:11:05:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkUDCttsxd5gkVw1RE6djRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwOTA0MDkyNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjVhMzllYmM0MzEwODIzOWRlOGYwNjVmYWNlZjU3M2EyN2JmNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9WlTBomkRClJFAJXUPRaXAZTcYbv
+GrO9LPZIMykyoRSka0Hv4uym2BTTvtw+wtRXPubYKQ9SvIJLlB4BV/NzENVmujr
FyZ2cZRGcBtBsN/o//NaqNt0iu+NUbEu5iZBB2wR12W+NYTnRKagMVdAq6VOqWlq
rJJC8gyHYhkUFPdJ1kMX1GgeljCpdHqB/x1QdhSQS2zPI7WEXOPLvkwBI549Ijgi
Zt7plK7KxP8n+RTXv4Bg7DKumu9LFh3ZLv5BfzPf5S2clPesx6yvPdIwBVoXBIVG
q7zC9/u26BabrYrVpyoUx+np2zBUIimiPGEazYhjp0gmyyvWTRMADjYt4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDJaOevEMQgjnejwZfrO9XOie/YaMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvTWxvNTY4UXhDQ09kNlBCbC1zNzFjNko3OWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW20uAwQB
k7nEMA0GCSqGSIb3DQEBCwUAA4IBAQAaFKIqApbHavUdIj2n/fYp3ka43qRgHr8p
Q9+aVly8h2QywbIsRxRsPzn8ENMYfMeX/y3REiqCKEl/JBkNfUBX0k+bNXaJP2Sv
thOkNaH2gut7Z/GbjjymO/1liZSkVoi2GZAAhmPpmUVEidg2+Cyk5EjemLYoLnH8
bfhrXF2rcXhXVXLr/HDAqdXJGUQJ4kDnJb6vsD86Y4u+fUSNo6ujcjhA8aNR6cDp
RHnmSKaJ5Km4jMf+d8Lj5GWIRbMTbFXwQ6rYxKBwtpI+74bbKn3+rTKci7DGWmlD
6XFVgheDEX6idGzXctFVyGzgZzf+0ruZ+bSJEjKNmgIDtj1fEQXT
-----END CERTIFICATE-----