Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/MOJ_MmqJwKp741jgBgm-pEatlmQ.roa
File:                     MOJ_MmqJwKp741jgBgm-pEatlmQ.roa (raw, json)
Hash identifier:          dE0c0TKslQoRPrRp1veDilwlhsqiEDf1BmfdfrJ1QGU=
Subject key identifier:   30:E2:7F:32:6A:89:C0:AA:7B:E3:58:E0:06:09:BE:A4:46:AD:96:64
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0198FC3D0D548DFA8DAD333196EB052BDAF0
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/MOJ_MmqJwKp741jgBgm-pEatlmQ.roa
Signing time:             Sat 30 Aug 2025 18:28:36 +0000
ROA not before:           Sat 30 Aug 2025 18:28:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        141.226.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fc:3d:0d:54:8d:fa:8d:ad:33:31:96:eb:05:2b:da:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Aug 30 18:28:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30e27f326a89c0aa7be358e00609bea446ad9664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:eb:66:78:07:29:90:3f:de:d9:d2:8a:7a:9d:
                    0a:66:dc:c9:05:99:68:37:97:3c:a2:7d:cd:8e:f1:
                    37:6c:80:5c:ba:9c:e3:39:00:9b:35:86:f1:63:77:
                    4c:5f:d4:82:4e:cc:40:38:c7:05:90:78:a7:b8:e0:
                    0c:46:c6:fd:d7:b7:67:8e:3e:65:ed:b1:e9:fc:e4:
                    8b:0d:3a:b8:1e:cb:1f:8c:6d:1d:1b:27:81:3c:8e:
                    f9:8f:53:58:e7:5c:83:39:4d:2b:8f:b8:c3:56:c2:
                    94:3d:07:58:d0:6a:c6:e0:3d:3e:31:aa:28:e0:c3:
                    88:0b:e6:b8:ad:46:72:2d:8d:c6:b7:5e:3e:09:91:
                    2b:2d:7b:45:20:ca:78:fa:3e:58:43:dc:14:a0:c2:
                    8f:42:40:95:bf:24:b5:4b:c0:89:37:bd:98:06:a0:
                    5f:a8:dd:77:b0:e5:52:53:4f:88:72:f0:55:f3:c4:
                    e6:4d:81:db:32:a6:18:f6:e0:1c:ca:3c:30:f7:0f:
                    c5:d4:9d:44:7d:56:ce:42:92:06:01:f2:51:05:80:
                    ec:4d:4f:a1:7d:bd:80:b1:27:2a:1e:8e:36:b3:9d:
                    d7:40:82:84:87:b9:6c:fe:7b:b4:0b:a4:e2:67:7d:
                    81:f1:fd:e7:56:58:7a:98:20:5a:72:18:b6:2c:55:
                    4f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E2:7F:32:6A:89:C0:AA:7B:E3:58:E0:06:09:BE:A4:46:AD:96:64
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/MOJ_MmqJwKp741jgBgm-pEatlmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:a1:f4:18:40:3e:fc:67:74:36:25:d8:2a:8e:a9:58:bb:ce:
         c3:75:40:04:8f:74:3a:2f:c9:3e:b3:36:7c:bd:ab:aa:22:c7:
         ee:ed:f0:e5:56:c8:a3:05:e4:e9:49:27:0a:f5:d0:5e:3a:71:
         8c:08:ed:31:96:b7:ba:c9:ba:12:72:bf:cd:c5:06:52:1e:14:
         c4:2b:ea:89:ed:1b:d8:7e:63:ae:75:95:08:af:aa:d0:eb:24:
         b1:e9:f0:13:5c:bf:a9:c2:80:4a:ec:a2:84:67:f6:60:73:f8:
         d4:5e:43:14:0e:ea:f2:96:29:8a:9a:2c:4c:08:36:e2:1e:c7:
         ad:d1:b5:77:25:e5:89:66:5c:d2:2a:37:3b:71:ff:ff:d5:47:
         f8:74:84:32:e7:f9:90:17:9a:8b:70:0f:fa:16:08:40:49:1a:
         51:da:cf:8d:70:c7:e0:f9:28:03:8b:ca:07:9d:80:e5:77:fc:
         e1:d7:d0:cd:ba:77:27:b8:2a:c9:d7:ff:d8:8d:c0:09:c7:d3:
         a5:17:7e:71:ff:f8:ae:6e:88:cb:c0:25:aa:44:cc:f6:e2:c4:
         24:aa:0d:2e:9d:97:a3:db:58:8f:5a:d0:c0:ca:28:d6:cd:92:
         6c:9e:74:78:27:16:59:84:bb:34:e0:59:2b:90:6f:c9:59:58:
         b8:92:a7:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj8PQ1UjfqNrTMxlusFK9rwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwODMwMTgyODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGUyN2YzMjZhODljMGFhN2JlMzU4ZTAwNjA5YmVhNDQ2YWQ5NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+tmeAcpkD/e2dKKep0KZtzJBZlo
N5c8on3NjvE3bIBcupzjOQCbNYbxY3dMX9SCTsxAOMcFkHinuOAMRsb917dnjj5l
7bHp/OSLDTq4HssfjG0dGyeBPI75j1NY51yDOU0rj7jDVsKUPQdY0GrG4D0+Maoo
4MOIC+a4rUZyLY3Gt14+CZErLXtFIMp4+j5YQ9wUoMKPQkCVvyS1S8CJN72YBqBf
qN13sOVSU0+IcvBV88TmTYHbMqYY9uAcyjww9w/F1J1EfVbOQpIGAfJRBYDsTU+h
fb2AsScqHo42s53XQIKEh7ls/nu0C6TiZ32B8f3nVlh6mCBachi2LFVPfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDifzJqicCqe+NY4AYJvqRGrZZkMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvTU9KX01tcUp3S3A3NDFqZ0JnbS1wRWF0bG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeL1MA0G
CSqGSIb3DQEBCwUAA4IBAQCCofQYQD78Z3Q2JdgqjqlYu87DdUAEj3Q6L8k+szZ8
vauqIsfu7fDlVsijBeTpSScK9dBeOnGMCO0xlre6yboScr/NxQZSHhTEK+qJ7RvY
fmOudZUIr6rQ6ySx6fATXL+pwoBK7KKEZ/Zgc/jUXkMUDurylimKmixMCDbiHset
0bV3JeWJZlzSKjc7cf//1Uf4dIQy5/mQF5qLcA/6FghASRpR2s+NcMfg+SgDi8oH
nYDld/zh19DNuncnuCrJ1//YjcAJx9OlF35x//iubojLwCWqRMz24sQkqg0unZej
21iPWtDAyijWzZJsnnR4JxZZhLs04FkrkG/JWVi4kqe7
-----END CERTIFICATE-----