Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ce8e59-e062-421a-9f46-4edf19b35eca/1/MjDiSya5rSIxCbP2JLylYPClbHU.roa
File:                     MjDiSya5rSIxCbP2JLylYPClbHU.roa (raw, json)
Hash identifier:          sVwKHPoYwVN9YVNb0RadzlN6+FZIECFGTzUXxcescyI=
Subject key identifier:   32:30:E2:4B:26:B9:AD:22:31:09:B3:F6:24:BC:A5:60:F0:A5:6C:75
Certificate issuer:       /CN=66a2fe934ed1def75f0636ae7cf0198c81d348b4
Certificate serial:       019A5383458A1A04C9E20465D2B130FB4ED1
Authority key identifier: 66:A2:FE:93:4E:D1:DE:F7:5F:06:36:AE:7C:F0:19:8C:81:D3:48:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZqL-k07R3vdfBjaufPAZjIHTSLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ce8e59-e062-421a-9f46-4edf19b35eca/1/MjDiSya5rSIxCbP2JLylYPClbHU.roa
Signing time:             Wed 05 Nov 2025 10:15:02 +0000
ROA not before:           Wed 05 Nov 2025 10:15:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204897
IP address blocks:        217.26.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ce8e59-e062-421a-9f46-4edf19b35eca/1/ZqL-k07R3vdfBjaufPAZjIHTSLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ce8e59-e062-421a-9f46-4edf19b35eca/1/ZqL-k07R3vdfBjaufPAZjIHTSLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZqL-k07R3vdfBjaufPAZjIHTSLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:83:45:8a:1a:04:c9:e2:04:65:d2:b1:30:fb:4e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66a2fe934ed1def75f0636ae7cf0198c81d348b4
        Validity
            Not Before: Nov  5 10:15:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3230e24b26b9ad223109b3f624bca560f0a56c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ec:29:4d:91:8b:86:df:2b:33:19:8b:5f:ec:
                    9f:bc:ae:28:45:a1:f9:c1:0f:f4:ea:9a:c2:51:d9:
                    62:23:78:c0:ed:96:04:11:15:d1:f4:40:db:88:25:
                    f2:43:cf:a2:d2:5e:c4:72:91:77:e1:4d:1e:03:3f:
                    24:b3:08:3d:cd:51:c4:6f:be:98:0e:8c:b0:62:74:
                    9c:8d:a3:2e:5a:49:58:47:54:3c:07:c5:a2:e6:34:
                    9a:ef:79:90:fe:8a:31:c5:ca:49:49:a8:3f:19:41:
                    ef:e9:9d:68:e6:e8:e6:ce:72:92:88:8a:80:73:2a:
                    db:08:e3:42:be:9c:78:98:c3:15:88:04:95:3d:19:
                    62:da:46:19:ca:f9:45:b9:12:bd:48:af:aa:7d:a1:
                    19:1e:34:84:5a:d2:c5:93:f8:d5:ab:69:ef:29:49:
                    54:0e:61:fb:ab:2e:b9:3b:8b:f4:0f:75:60:e9:25:
                    36:bb:58:1b:af:c0:b4:90:3d:9f:81:dc:90:9f:cd:
                    ec:09:11:ca:2f:5f:7a:7c:a0:76:a9:d5:01:ff:cf:
                    c2:12:dc:d4:c5:21:29:be:48:c6:54:5c:6d:39:d6:
                    98:24:40:a3:eb:85:08:38:59:2e:e9:f5:9a:7f:b0:
                    6f:b7:83:bd:42:d2:2b:d4:89:ee:18:9b:4a:0c:9a:
                    18:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:30:E2:4B:26:B9:AD:22:31:09:B3:F6:24:BC:A5:60:F0:A5:6C:75
            X509v3 Authority Key Identifier:
                keyid:66:A2:FE:93:4E:D1:DE:F7:5F:06:36:AE:7C:F0:19:8C:81:D3:48:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZqL-k07R3vdfBjaufPAZjIHTSLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ce8e59-e062-421a-9f46-4edf19b35eca/1/MjDiSya5rSIxCbP2JLylYPClbHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ce8e59-e062-421a-9f46-4edf19b35eca/1/ZqL-k07R3vdfBjaufPAZjIHTSLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.26.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:3b:ac:8b:a7:fd:8c:2b:28:91:91:fb:1c:c7:74:93:de:ce:
         e3:d7:2e:ae:da:8d:cc:19:ee:b2:5b:e2:58:24:d1:a1:7c:a9:
         59:76:de:cf:cb:58:d0:fd:ff:6a:24:fb:52:aa:33:0a:11:2d:
         02:56:f9:f2:21:9a:af:ca:81:af:15:fc:c7:3a:a8:e4:9d:19:
         c3:69:48:ad:42:24:40:2d:07:04:e2:47:88:be:ed:95:6b:85:
         2e:48:88:9a:6a:ea:b5:16:b1:21:a5:f1:5d:72:2e:02:00:af:
         39:47:4d:29:a4:49:ad:58:97:b9:00:ad:ca:5f:5f:5f:89:d7:
         ef:35:e4:64:a8:4c:34:86:fd:80:3b:c4:e8:70:0a:28:fe:81:
         b1:9b:9b:26:0a:0d:3e:60:d8:1d:fd:3b:75:da:0c:89:08:0b:
         59:85:4d:55:8f:3a:87:23:a3:0b:d0:2e:3b:22:82:ed:17:07:
         ee:4c:53:05:da:69:99:df:93:f7:e7:3f:7c:e0:3b:9b:1f:f1:
         9e:97:b0:ff:90:9d:35:bb:af:0d:31:49:9d:f1:ae:51:61:73:
         c1:ff:4f:98:1d:ae:2f:61:d5:7e:97:14:f9:05:31:e8:95:00:
         08:1f:f2:27:c7:2e:33:8a:3b:18:2c:b7:c7:73:7d:54:70:32:
         a1:4b:5f:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpTg0WKGgTJ4gRl0rEw+07RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YTJmZTkzNGVkMWRlZjc1ZjA2MzZhZTdjZjAxOThjODFk
MzQ4YjQwHhcNMjUxMTA1MTAxNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjMwZTI0YjI2YjlhZDIyMzEwOWIzZjYyNGJjYTU2MGYwYTU2Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOwpTZGLht8rMxmLX+yfvK4oRaH5
wQ/06prCUdliI3jA7ZYEERXR9EDbiCXyQ8+i0l7EcpF34U0eAz8kswg9zVHEb76Y
DoywYnScjaMuWklYR1Q8B8Wi5jSa73mQ/ooxxcpJSag/GUHv6Z1o5ujmznKSiIqA
cyrbCONCvpx4mMMViASVPRli2kYZyvlFuRK9SK+qfaEZHjSEWtLFk/jVq2nvKUlU
DmH7qy65O4v0D3Vg6SU2u1gbr8C0kD2fgdyQn83sCRHKL196fKB2qdUB/8/CEtzU
xSEpvkjGVFxtOdaYJECj64UIOFku6fWaf7Bvt4O9QtIr1InuGJtKDJoYyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIw4ksmua0iMQmz9iS8pWDwpWx1MB8GA1UdIwQY
MBaAFGai/pNO0d73XwY2rnzwGYyB00i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnFMLWswN1IzdmRmQmphdWZQQVpqSUhUU0xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9jZThlNTktZTA2Mi00MjFhLTlmNDYt
NGVkZjE5YjM1ZWNhLzEvTWpEaVN5YTVyU0l4Q2JQMkpMeWxZUENsYkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9jZThlNTktZTA2Mi00MjFhLTlmNDYtNGVkZjE5YjM1ZWNh
LzEvWnFMLWswN1IzdmRmQmphdWZQQVpqSUhUU0xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RraMA0G
CSqGSIb3DQEBCwUAA4IBAQBpO6yLp/2MKyiRkfscx3ST3s7j1y6u2o3MGe6yW+JY
JNGhfKlZdt7Py1jQ/f9qJPtSqjMKES0CVvnyIZqvyoGvFfzHOqjknRnDaUitQiRA
LQcE4keIvu2Va4UuSIiaauq1FrEhpfFdci4CAK85R00ppEmtWJe5AK3KX19fidfv
NeRkqEw0hv2AO8TocAoo/oGxm5smCg0+YNgd/Tt12gyJCAtZhU1VjzqHI6ML0C47
IoLtFwfuTFMF2mmZ35P35z984DubH/Gel7D/kJ01u68NMUmd8a5RYXPB/0+YHa4v
YdV+lxT5BTHolQAIH/Inxy4zijsYLLfHc31UcDKhS18v
-----END CERTIFICATE-----