Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvc4SUGeeMRpyVitk1c105EVIQE.roa
File:                     mvc4SUGeeMRpyVitk1c105EVIQE.roa (raw, json)
Hash identifier:          QKAS/b/YBlwpeRQ62PltPpxUUgNsPIqf6HXtD66LZz4=
Subject key identifier:   9A:F7:38:49:41:9E:78:C4:69:C9:58:AD:93:57:35:D3:91:15:21:01
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019C31FDAAA1979B21EFCAC5A46BB31540C9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvc4SUGeeMRpyVitk1c105EVIQE.roa
Signing time:             Fri 06 Feb 2026 08:07:13 +0000
ROA not before:           Fri 06 Feb 2026 08:07:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4637
IP address blocks:        89.213.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:31:fd:aa:a1:97:9b:21:ef:ca:c5:a4:6b:b3:15:40:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  6 08:07:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9af73849419e78c469c958ad935735d391152101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:40:41:30:3b:73:d6:c8:c7:e8:d9:11:0a:a0:
                    07:2e:bf:49:16:a9:cb:e3:ae:09:37:e0:9d:1a:ab:
                    a1:46:ab:b9:d8:ae:4a:26:b0:6c:db:93:a7:37:3b:
                    f4:10:ea:d2:74:e7:1a:a3:8a:78:83:26:7c:39:b4:
                    5f:d9:81:9d:c2:19:c2:af:57:ae:3e:0e:d5:d5:05:
                    c9:c7:9a:30:1a:86:ca:b2:d2:88:2c:b8:46:23:b9:
                    0b:73:12:09:cc:26:51:8b:bc:e9:76:3d:78:ed:81:
                    93:0d:46:7d:eb:63:0a:02:4e:ee:d9:2e:91:c1:fa:
                    8f:21:64:f6:6b:a1:62:e4:4f:4b:ff:d2:5f:4c:30:
                    02:ad:88:c5:38:c8:42:e9:19:52:25:51:a7:be:5f:
                    e2:a8:3f:12:54:66:20:03:18:6c:d1:18:d5:d1:01:
                    53:c8:fa:1b:81:26:33:4c:3c:49:60:b5:86:c4:c2:
                    48:44:bb:b5:f5:2a:17:b0:6a:f0:7a:50:29:25:b5:
                    38:6d:b9:ad:2c:5e:c7:bc:6a:fa:91:e5:74:c7:10:
                    75:78:54:25:89:86:b3:0a:0b:56:1a:8d:41:6c:15:
                    75:c5:8e:d1:d4:89:c8:97:f1:c2:54:2d:a8:2e:39:
                    84:ed:f8:fc:d9:6a:de:b4:40:53:37:3e:ee:c4:b3:
                    54:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F7:38:49:41:9E:78:C4:69:C9:58:AD:93:57:35:D3:91:15:21:01
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mvc4SUGeeMRpyVitk1c105EVIQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ba:60:29:fb:9e:76:cd:3a:32:6c:d6:bd:7d:46:30:05:32:
         f6:d7:2a:a1:c2:9c:c9:2a:c5:03:35:c7:6a:d7:0b:ef:eb:41:
         70:47:bb:79:c8:b7:54:c7:4e:5b:5d:52:ef:65:f1:21:f8:6c:
         b2:aa:9b:dd:bd:7f:5b:3c:f3:e7:fc:48:f9:20:85:9f:54:eb:
         f6:7a:03:2e:3f:c8:c0:00:4a:ca:a5:ed:73:9e:5c:0c:61:d4:
         91:ed:77:d5:ab:9d:4f:f4:74:45:b3:d4:aa:7a:57:01:7d:f5:
         37:ec:44:d9:56:f1:c4:6a:75:33:69:db:df:24:36:6a:73:b0:
         0e:10:93:19:d8:d2:d3:82:f4:f4:5e:2c:8a:0f:19:98:90:7a:
         3d:14:d6:5f:cd:58:27:53:33:1c:7b:26:f9:36:64:d6:ce:03:
         10:82:63:ea:8b:3c:1d:32:04:b0:2f:21:55:c4:2c:ab:77:3f:
         17:f4:06:15:75:e0:3d:4a:c7:f1:fa:24:99:9d:59:bf:4a:77:
         35:60:9e:36:ec:18:c0:43:bc:97:ef:d8:25:f9:67:dd:1d:18:
         2a:8d:24:53:ce:52:9e:94:90:5c:f4:09:a4:58:c6:e0:dd:e6:
         11:24:44:73:0e:06:56:c4:42:98:d7:1e:8c:34:c8:b9:7f:7d:
         e7:fa:08:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwx/aqhl5sh78rFpGuzFUDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMjA2MDgwNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY3Mzg0OTQxOWU3OGM0NjljOTU4YWQ5MzU3MzVkMzkxMTUyMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9kBBMDtz1sjH6NkRCqAHLr9JFqnL
464JN+CdGquhRqu52K5KJrBs25OnNzv0EOrSdOcao4p4gyZ8ObRf2YGdwhnCr1eu
Pg7V1QXJx5owGobKstKILLhGI7kLcxIJzCZRi7zpdj147YGTDUZ962MKAk7u2S6R
wfqPIWT2a6Fi5E9L/9JfTDACrYjFOMhC6RlSJVGnvl/iqD8SVGYgAxhs0RjV0QFT
yPobgSYzTDxJYLWGxMJIRLu19SoXsGrwelApJbU4bbmtLF7HvGr6keV0xxB1eFQl
iYazCgtWGo1BbBV1xY7R1InIl/HCVC2oLjmE7fj82WretEBTNz7uxLNUGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJr3OElBnnjEaclYrZNXNdORFSEBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbXZjNFNVR2VlTVJweVZpdGsxYzEwNUVWSVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWSMA0G
CSqGSIb3DQEBCwUAA4IBAQAIumAp+552zToybNa9fUYwBTL21yqhwpzJKsUDNcdq
1wvv60FwR7t5yLdUx05bXVLvZfEh+GyyqpvdvX9bPPPn/Ej5IIWfVOv2egMuP8jA
AErKpe1znlwMYdSR7XfVq51P9HRFs9SqelcBffU37ETZVvHEanUzadvfJDZqc7AO
EJMZ2NLTgvT0XiyKDxmYkHo9FNZfzVgnUzMceyb5NmTWzgMQgmPqizwdMgSwLyFV
xCyrdz8X9AYVdeA9Ssfx+iSZnVm/Snc1YJ427BjAQ7yX79gl+WfdHRgqjSRTzlKe
lJBc9AmkWMbg3eYRJERzDgZWxEKY1x6MNMi5f33n+gix
-----END CERTIFICATE-----