Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/mvMvzcuR1NgOhwlZXo7XswNReO8.roa
File:                     mvMvzcuR1NgOhwlZXo7XswNReO8.roa (raw, json)
Hash identifier:          OC7UawU8PzTtEO+txuJgCieiCDiiiwo16T6kmqVkBqo=
Subject key identifier:   9A:F3:2F:CD:CB:91:D4:D8:0E:87:09:59:5E:8E:D7:B3:03:51:78:EF
Certificate issuer:       /CN=bd60edf96266b7c0d43836c854ab472cb74db034
Certificate serial:       019EDAF82CC5ACFE445F229E41CEB37874FE
Authority key identifier: BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/mvMvzcuR1NgOhwlZXo7XswNReO8.roa
Signing time:             Thu 18 Jun 2026 13:42:37 +0000
ROA not before:           Thu 18 Jun 2026 13:42:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        83.142.209.0/24 maxlen: 32
                          83.142.213.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 10:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:f8:2c:c5:ac:fe:44:5f:22:9e:41:ce:b3:78:74:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd60edf96266b7c0d43836c854ab472cb74db034
        Validity
            Not Before: Jun 18 13:42:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9af32fcdcb91d4d80e8709595e8ed7b3035178ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f4:bd:4e:04:a0:8a:33:7e:09:d2:34:1d:a7:
                    e4:61:d6:58:aa:aa:6c:d6:64:cf:7f:16:10:11:71:
                    c5:6f:f2:f0:38:60:c3:ae:38:30:66:27:a4:84:2c:
                    df:f1:aa:2e:9b:71:6f:ab:26:70:4f:88:41:ea:03:
                    db:af:cf:75:df:44:a1:e7:f8:05:a5:a0:0c:d2:f6:
                    dd:b1:53:0b:3e:6d:e9:58:31:f2:9f:8f:1c:b4:3c:
                    54:72:64:a9:04:55:c7:03:49:83:59:a7:cb:37:10:
                    d9:7e:fd:4b:69:2a:d1:86:c5:79:64:fa:d1:a7:db:
                    26:b3:8c:47:42:e8:8f:29:7b:50:a8:58:22:53:79:
                    1c:54:74:3d:1a:d7:56:e4:92:07:3b:b9:af:f4:d4:
                    a1:5f:bf:4c:6d:d6:bf:cb:be:70:c0:0b:6a:06:2a:
                    12:c7:14:d9:0d:16:67:c5:23:d9:94:1d:2d:a6:eb:
                    ff:c8:7a:2e:9c:55:8c:2f:94:23:fc:9c:a0:3d:2c:
                    7b:9c:54:c6:13:50:fb:a7:3c:3f:5a:27:3d:d2:9d:
                    55:f8:d0:9f:c3:7e:1a:73:a1:26:9e:af:8a:f4:d8:
                    bd:b3:67:e6:e7:9c:f4:eb:de:d6:04:6b:f9:bf:f6:
                    d4:c7:81:1e:9a:fe:65:95:8f:7c:d9:43:1d:9d:09:
                    a1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F3:2F:CD:CB:91:D4:D8:0E:87:09:59:5E:8E:D7:B3:03:51:78:EF
            X509v3 Authority Key Identifier:
                keyid:BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/mvMvzcuR1NgOhwlZXo7XswNReO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.142.209.0/24
                  83.142.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:ea:b7:49:23:50:ba:f5:e9:58:28:5e:28:27:dd:2d:eb:36:
         d7:f3:38:41:45:86:8d:31:bf:9c:47:b1:cd:0d:4c:64:1d:f1:
         de:19:bf:af:ec:54:8c:68:cd:60:b3:ba:f3:77:ec:07:82:f2:
         67:37:cd:ea:f5:61:47:7d:9e:82:82:3a:18:04:f3:ac:b8:99:
         45:4c:c7:10:c0:a8:82:3f:80:18:86:8b:75:22:c0:57:0a:4c:
         65:49:f7:dd:91:67:d8:74:cb:85:3d:e1:8f:bc:a9:de:91:ab:
         a7:12:9f:fd:4f:4c:f3:ef:ce:30:0d:db:af:5a:cf:0e:7a:ed:
         6d:92:95:16:74:49:3e:84:24:6a:f2:e2:3b:bb:92:0d:25:7c:
         f4:27:42:28:e8:c2:34:55:25:c7:aa:83:34:cd:9c:fb:05:a9:
         a8:f6:d2:33:7d:52:de:43:62:ab:dc:b2:07:e2:f2:69:d1:83:
         32:e0:b8:89:97:6e:d6:b9:b2:c8:63:54:ef:1d:61:99:21:d1:
         1c:c6:20:dd:32:50:62:b2:ea:51:51:28:cf:eb:18:d2:bd:d2:
         bd:78:da:c4:3e:7d:ac:25:ee:27:9b:f1:14:bf:57:76:9a:8e:
         37:7e:44:b5:94:98:07:c9:89:af:42:6e:0c:f5:67:49:5f:2b:
         49:d1:66:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7a+CzFrP5EXyKeQc6zeHT+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNjBlZGY5NjI2NmI3YzBkNDM4MzZjODU0YWI0NzJjYjc0
ZGIwMzQwHhcNMjYwNjE4MTM0MjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWYzMmZjZGNiOTFkNGQ4MGU4NzA5NTk1ZThlZDdiMzAzNTE3OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/S9TgSgijN+CdI0HafkYdZYqqps
1mTPfxYQEXHFb/LwOGDDrjgwZiekhCzf8aoum3FvqyZwT4hB6gPbr89130Sh5/gF
paAM0vbdsVMLPm3pWDHyn48ctDxUcmSpBFXHA0mDWafLNxDZfv1LaSrRhsV5ZPrR
p9sms4xHQuiPKXtQqFgiU3kcVHQ9GtdW5JIHO7mv9NShX79Mbda/y75wwAtqBioS
xxTZDRZnxSPZlB0tpuv/yHounFWML5Qj/JygPSx7nFTGE1D7pzw/Wic90p1V+NCf
w34ac6Emnq+K9Ni9s2fm55z0697WBGv5v/bUx4Eemv5llY982UMdnQmhhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJrzL83LkdTYDocJWV6O17MDUXjvMB8GA1UdIwQY
MBaAFL1g7fliZrfA1Dg2yFSrRyy3TbA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0Yzgt
NDJiYmYxYTZhNjViLzEvbXZNdnpjdVIxTmdPaHdsWlhvN1hzd05SZU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0YzgtNDJiYmYxYTZhNjVi
LzEvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU47RAwQA
U47VMA0GCSqGSIb3DQEBCwUAA4IBAQBi6rdJI1C69elYKF4oJ90t6zbX8zhBRYaN
Mb+cR7HNDUxkHfHeGb+v7FSMaM1gs7rzd+wHgvJnN83q9WFHfZ6CgjoYBPOsuJlF
TMcQwKiCP4AYhot1IsBXCkxlSffdkWfYdMuFPeGPvKnekaunEp/9T0zz784wDduv
Ws8Oeu1tkpUWdEk+hCRq8uI7u5INJXz0J0Io6MI0VSXHqoM0zZz7Bamo9tIzfVLe
Q2Kr3LIH4vJp0YMy4LiJl27WubLIY1TvHWGZIdEcxiDdMlBisupRUSjP6xjSvdK9
eNrEPn2sJe4nm/EUv1d2mo43fkS1lJgHyYmvQm4M9WdJXytJ0WZQ
-----END CERTIFICATE-----