Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/12MZQSbP_ZdgOCfFXTFT0q3MHik.roa
File:                     12MZQSbP_ZdgOCfFXTFT0q3MHik.roa (raw, json)
Hash identifier:          rWnbGf0lzlRsCKrRXbYFsvmVZ/URM9IvWnmhnAyQdys=
Subject key identifier:   D7:63:19:41:26:CF:FD:97:60:38:27:C5:5D:31:53:D2:AD:CC:1E:29
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198E264FBECCAB66FCE93882C70CE835722
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/12MZQSbP_ZdgOCfFXTFT0q3MHik.roa
Signing time:             Mon 25 Aug 2025 18:02:05 +0000
ROA not before:           Mon 25 Aug 2025 18:02:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        93.88.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e2:64:fb:ec:ca:b6:6f:ce:93:88:2c:70:ce:83:57:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 25 18:02:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d763194126cffd97603827c55d3153d2adcc1e29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:50:5f:de:7a:28:95:be:09:f0:15:85:fe:b9:
                    5c:09:38:92:50:70:e5:06:20:f6:b4:82:9c:2b:7b:
                    cc:12:3f:43:f9:ea:bd:2b:21:39:98:da:51:07:2e:
                    2f:b5:6f:f3:d0:cd:a8:69:fc:0b:58:b0:ce:7c:ac:
                    41:2d:73:d0:d0:9e:dc:44:58:ed:40:f5:d8:f7:08:
                    d4:da:41:72:ed:7f:7a:e2:71:70:a3:d5:f8:75:f7:
                    5f:81:f5:0c:98:50:f7:ea:19:37:bf:0a:41:d5:fd:
                    89:5f:1a:e6:72:a4:9e:cd:4a:13:3f:00:90:17:dd:
                    a3:e1:0d:83:e1:60:29:f4:fb:b7:d0:3f:0a:86:52:
                    13:09:dd:73:c0:06:c2:71:16:31:7b:7c:3a:1d:8d:
                    78:11:15:aa:74:c0:d1:08:83:d1:6e:23:fe:9e:b9:
                    e0:a7:3e:58:da:62:c3:e3:e7:27:d7:fd:6f:5e:83:
                    dc:4a:32:c9:cd:e1:64:3b:a2:e1:e3:05:fb:a4:30:
                    cd:5b:ce:68:82:79:af:db:5b:f4:a4:d9:0d:bc:14:
                    8b:98:48:ce:66:bc:da:7e:2f:14:47:50:0b:84:0e:
                    6c:34:e0:27:dc:23:4a:a0:a4:96:d7:00:88:22:e7:
                    82:ab:c0:21:13:eb:d4:38:bf:e1:0e:49:c3:55:21:
                    ad:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:63:19:41:26:CF:FD:97:60:38:27:C5:5D:31:53:D2:AD:CC:1E:29
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/12MZQSbP_ZdgOCfFXTFT0q3MHik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:44:2a:b5:2a:91:72:82:7d:22:dd:48:60:f6:c2:d5:70:90:
         27:7b:4b:e3:50:9a:97:c0:73:50:63:7d:1f:df:31:1f:6c:d2:
         54:17:d7:20:14:52:33:e6:2c:8e:c9:92:d7:25:0a:df:1e:a4:
         3d:5a:56:56:b2:25:22:79:97:80:da:e6:79:d7:35:23:ae:c7:
         d5:0f:ff:5a:0b:98:3b:83:51:66:6b:e9:61:16:72:02:c4:9b:
         99:4e:15:5d:ff:f9:60:21:03:c6:39:db:78:7a:15:32:15:2b:
         65:95:fc:2d:4e:29:5f:38:93:a4:c6:14:68:dc:30:27:0b:7c:
         db:4a:7b:28:93:e8:ca:8a:57:dd:87:4e:a5:05:99:13:28:5b:
         a5:b0:42:a3:54:9b:50:10:fa:03:ff:fc:57:a8:2d:6a:bb:1d:
         ba:18:a6:79:65:27:38:32:34:2f:89:38:1b:00:9e:f4:61:a4:
         56:d6:89:29:46:82:5e:fa:8d:76:e2:bf:57:26:6c:c5:96:31:
         e5:dc:8e:e8:48:98:66:c7:1a:81:09:8d:1a:51:a6:a8:15:f5:
         0e:41:b8:7e:19:d8:39:91:c2:30:72:38:fa:8e:34:c6:0b:93:
         61:43:f7:4d:3c:03:10:5f:2f:c9:4c:5a:70:a7:a9:67:c7:49:
         03:49:f3:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjiZPvsyrZvzpOILHDOg1ciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODI1MTgwMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzYzMTk0MTI2Y2ZmZDk3NjAzODI3YzU1ZDMxNTNkMmFkY2MxZTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVBf3noolb4J8BWF/rlcCTiSUHDl
BiD2tIKcK3vMEj9D+eq9KyE5mNpRBy4vtW/z0M2oafwLWLDOfKxBLXPQ0J7cRFjt
QPXY9wjU2kFy7X964nFwo9X4dfdfgfUMmFD36hk3vwpB1f2JXxrmcqSezUoTPwCQ
F92j4Q2D4WAp9Pu30D8KhlITCd1zwAbCcRYxe3w6HY14ERWqdMDRCIPRbiP+nrng
pz5Y2mLD4+cn1/1vXoPcSjLJzeFkO6Lh4wX7pDDNW85ognmv21v0pNkNvBSLmEjO
Zrzafi8UR1ALhA5sNOAn3CNKoKSW1wCIIueCq8AhE+vUOL/hDknDVSGtPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdjGUEmz/2XYDgnxV0xU9KtzB4pMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMTJNWlFTYlBfWmRnT0NmRlhURlQwcTNNSGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVjOMA0G
CSqGSIb3DQEBCwUAA4IBAQB/RCq1KpFygn0i3Uhg9sLVcJAne0vjUJqXwHNQY30f
3zEfbNJUF9cgFFIz5iyOyZLXJQrfHqQ9WlZWsiUieZeA2uZ51zUjrsfVD/9aC5g7
g1Fma+lhFnICxJuZThVd//lgIQPGOdt4ehUyFStllfwtTilfOJOkxhRo3DAnC3zb
Snsok+jKilfdh06lBZkTKFulsEKjVJtQEPoD//xXqC1qux26GKZ5ZSc4MjQviTgb
AJ70YaRW1okpRoJe+o124r9XJmzFljHl3I7oSJhmxxqBCY0aUaaoFfUOQbh+Gdg5
kcIwcjj6jjTGC5NhQ/dNPAMQXy/JTFpwp6lnx0kDSfMB
-----END CERTIFICATE-----