Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/MCayH77-cChhvegFrgzYMB3Qy-g.roa
File:                     MCayH77-cChhvegFrgzYMB3Qy-g.roa (raw, json)
Hash identifier:          YRY0B9AQYo8xZ5qeT+W114F1xbpOsARZldkLg6nHx0M=
Subject key identifier:   30:26:B2:1F:BE:FE:70:28:61:BD:E8:05:AE:0C:D8:30:1D:D0:CB:E8
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019E91E7879ABCC2B888C52E64970E90ED11
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/MCayH77-cChhvegFrgzYMB3Qy-g.roa
Signing time:             Thu 04 Jun 2026 09:12:10 +0000
ROA not before:           Thu 04 Jun 2026 09:12:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209378
IP address blocks:        89.125.113.0/24 maxlen: 24
                          89.125.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:91:e7:87:9a:bc:c2:b8:88:c5:2e:64:97:0e:90:ed:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun  4 09:12:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3026b21fbefe702861bde805ae0cd8301dd0cbe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:86:4a:eb:c2:10:87:2e:f1:4e:6b:10:67:13:
                    a0:48:10:96:37:a1:0e:0f:5d:4d:c0:dc:24:49:53:
                    d6:ba:1e:b0:bb:d2:67:52:e9:83:b9:90:60:20:b9:
                    20:70:26:70:4f:83:d8:43:65:9f:32:1d:71:72:6b:
                    66:32:45:cc:fb:8a:4f:94:c8:2f:85:65:67:cd:8e:
                    b1:c2:39:51:09:a8:fb:23:fb:f9:76:99:ae:c1:e1:
                    9f:65:10:81:d5:da:db:d3:a6:36:15:2e:db:ca:6c:
                    fe:e5:e7:f3:02:b8:47:5e:52:29:46:38:99:c0:83:
                    16:16:2b:2e:d0:2f:47:6f:8f:49:f9:4d:62:65:96:
                    09:6c:53:fb:d7:e2:15:ea:c3:7f:d7:c1:15:8d:b3:
                    16:e0:da:f6:d7:d3:0a:e2:20:a0:b7:6c:30:ae:96:
                    aa:89:91:54:97:08:25:19:b7:06:36:43:de:87:fe:
                    ce:78:32:cd:7f:e8:93:b1:5a:bd:4b:45:3a:f6:33:
                    37:11:07:e6:df:80:f9:16:bf:29:00:45:29:c3:16:
                    3b:c4:50:ff:a1:83:3a:a8:0c:86:2a:99:5e:c8:9b:
                    99:13:de:7a:24:d4:1d:0b:81:60:9a:ca:1a:57:e7:
                    36:69:3d:7c:a0:3e:44:59:0e:76:ea:54:9b:24:af:
                    a8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:26:B2:1F:BE:FE:70:28:61:BD:E8:05:AE:0C:D8:30:1D:D0:CB:E8
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/MCayH77-cChhvegFrgzYMB3Qy-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.113.0/24
                  89.125.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:7c:b0:d4:10:2e:e1:e8:c9:0f:bb:09:ad:e9:20:ba:ea:9a:
         30:29:49:2f:56:ad:e4:d3:c0:29:ff:10:63:92:2c:b0:48:45:
         66:d2:db:f5:d3:dc:eb:01:01:e0:c3:b5:fc:0e:2c:44:4e:7c:
         b7:c7:c3:8e:a9:54:8c:a8:e5:0b:46:36:cf:8e:3a:35:09:a7:
         aa:b2:b9:d6:bc:8c:82:e0:00:cb:d1:d7:e8:a8:27:1a:a0:d7:
         04:47:aa:b1:93:00:23:e3:17:9b:e4:90:9e:f3:1a:e2:cc:fe:
         e8:90:35:1e:d5:d8:fa:80:ff:da:46:c2:6e:77:c5:02:f7:a3:
         6a:aa:53:26:a2:bf:1c:bc:94:dc:ab:82:cb:5e:39:ce:1c:bb:
         a4:73:71:53:be:18:84:6d:76:00:0c:7d:c7:29:9c:57:b8:15:
         db:19:e4:da:da:9a:52:ec:38:f9:b3:fe:ce:3e:c3:f0:79:6f:
         31:9f:32:75:06:50:e6:fb:84:94:81:bd:8b:48:cd:99:26:1c:
         87:96:30:5f:db:29:63:7f:87:6a:39:3f:7e:6d:6a:0b:8e:ea:
         83:67:33:1c:75:15:26:b3:48:e2:fe:48:6f:4f:37:9b:1b:03:
         64:c5:e4:e4:80:d8:dc:aa:24:69:4d:7a:57:e3:93:cf:6c:09:
         3d:9c:f8:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6R54eavMK4iMUuZJcOkO0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNjA0MDkxMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI2YjIxZmJlZmU3MDI4NjFiZGU4MDVhZTBjZDgzMDFkZDBjYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4ZK68IQhy7xTmsQZxOgSBCWN6EO
D11NwNwkSVPWuh6wu9JnUumDuZBgILkgcCZwT4PYQ2WfMh1xcmtmMkXM+4pPlMgv
hWVnzY6xwjlRCaj7I/v5dpmuweGfZRCB1drb06Y2FS7bymz+5efzArhHXlIpRjiZ
wIMWFisu0C9Hb49J+U1iZZYJbFP71+IV6sN/18EVjbMW4Nr219MK4iCgt2wwrpaq
iZFUlwglGbcGNkPeh/7OeDLNf+iTsVq9S0U69jM3EQfm34D5Fr8pAEUpwxY7xFD/
oYM6qAyGKpleyJuZE956JNQdC4FgmsoaV+c2aT18oD5EWQ526lSbJK+oIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDAmsh++/nAoYb3oBa4M2DAd0MvoMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTUNheUg3Ny1jQ2hodmVnRnJnellNQjNReS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWX1xAwQA
WX2pMA0GCSqGSIb3DQEBCwUAA4IBAQAifLDUEC7h6MkPuwmt6SC66powKUkvVq3k
08Ap/xBjkiywSEVm0tv109zrAQHgw7X8DixETny3x8OOqVSMqOULRjbPjjo1Caeq
srnWvIyC4ADL0dfoqCcaoNcER6qxkwAj4xeb5JCe8xrizP7okDUe1dj6gP/aRsJu
d8UC96NqqlMmor8cvJTcq4LLXjnOHLukc3FTvhiEbXYADH3HKZxXuBXbGeTa2ppS
7Dj5s/7OPsPweW8xnzJ1BlDm+4SUgb2LSM2ZJhyHljBf2yljf4dqOT9+bWoLjuqD
ZzMcdRUms0ji/khvTzebGwNkxeTkgNjcqiRpTXpX45PPbAk9nPiR
-----END CERTIFICATE-----