Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9e0c8c-e666-4e72-ae21-7a04bcbd0e46/1/MKNa-STNNQIC43-YfYTvv0QElrI.roa
File:                     MKNa-STNNQIC43-YfYTvv0QElrI.roa (raw, json)
Hash identifier:          5nl1biPNK+Z/9Gdw9bn2cf84K3XezIkK/OVnwTz/dio=
Subject key identifier:   30:A3:5A:F9:24:CD:35:02:02:E3:7F:98:7D:84:EF:BF:44:04:96:B2
Certificate issuer:       /CN=52d2ed8c49f501bf32991c6423c2acefaf024969
Certificate serial:       019586139B654541D43D6D5973C5D54DAE22
Authority key identifier: 52:D2:ED:8C:49:F5:01:BF:32:99:1C:64:23:C2:AC:EF:AF:02:49:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtLtjEn1Ab8ymRxkI8Ks768CSWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9e0c8c-e666-4e72-ae21-7a04bcbd0e46/1/MKNa-STNNQIC43-YfYTvv0QElrI.roa
Signing time:             Tue 11 Mar 2025 16:39:46 +0000
ROA not before:           Tue 11 Mar 2025 16:39:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        185.102.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9e0c8c-e666-4e72-ae21-7a04bcbd0e46/1/UtLtjEn1Ab8ymRxkI8Ks768CSWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9e0c8c-e666-4e72-ae21-7a04bcbd0e46/1/UtLtjEn1Ab8ymRxkI8Ks768CSWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtLtjEn1Ab8ymRxkI8Ks768CSWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:86:13:9b:65:45:41:d4:3d:6d:59:73:c5:d5:4d:ae:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52d2ed8c49f501bf32991c6423c2acefaf024969
        Validity
            Not Before: Mar 11 16:39:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30a35af924cd350202e37f987d84efbf440496b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:77:54:c3:78:d6:93:1a:2d:f3:bf:d4:11:1b:
                    1e:43:fd:9a:f8:77:b3:c3:9c:25:60:96:bd:3b:8e:
                    4d:58:f9:20:77:aa:b9:23:b7:92:39:80:4d:f6:e5:
                    4f:08:74:cf:b4:a4:68:06:c7:dc:9c:9b:70:a2:6c:
                    34:33:ca:ff:7b:bf:ac:f2:5e:59:f3:e4:03:62:45:
                    d2:09:4b:6f:c1:92:65:9e:38:1c:b9:de:f9:c2:16:
                    c9:e4:6a:ef:72:41:dd:1b:e4:77:03:a5:1a:e6:bb:
                    40:03:f0:04:d9:3a:f9:65:c5:31:4c:0f:ba:94:2f:
                    2c:49:c1:a0:5f:7c:59:78:05:35:08:8f:1b:af:a1:
                    5a:a2:e4:30:ce:f4:3d:1c:6f:13:07:80:51:50:1d:
                    8e:c7:91:b9:2c:e2:22:90:37:5a:17:a6:7b:a3:11:
                    f4:04:ae:2b:94:99:1d:b7:4e:b6:5c:6b:40:41:d1:
                    4e:15:5f:bc:76:a4:54:ae:e1:06:0b:f4:05:0d:57:
                    6c:90:ec:56:bc:93:1c:2e:85:93:b0:b9:18:81:9b:
                    53:75:31:0e:d5:de:85:e1:27:f9:d7:ee:4b:25:ba:
                    7b:d9:d2:41:5d:19:e2:7f:56:37:8d:a5:48:a4:18:
                    34:65:3d:b9:22:2d:a6:c2:35:84:5b:c9:62:f3:8d:
                    ad:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A3:5A:F9:24:CD:35:02:02:E3:7F:98:7D:84:EF:BF:44:04:96:B2
            X509v3 Authority Key Identifier:
                keyid:52:D2:ED:8C:49:F5:01:BF:32:99:1C:64:23:C2:AC:EF:AF:02:49:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtLtjEn1Ab8ymRxkI8Ks768CSWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9e0c8c-e666-4e72-ae21-7a04bcbd0e46/1/MKNa-STNNQIC43-YfYTvv0QElrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9e0c8c-e666-4e72-ae21-7a04bcbd0e46/1/UtLtjEn1Ab8ymRxkI8Ks768CSWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:93:c3:81:52:6b:eb:88:44:bc:c4:94:47:11:81:18:f7:11:
         e2:26:de:1d:d8:09:a3:89:bd:c0:1a:74:6d:d5:e2:e8:77:c7:
         7e:c9:f9:ea:14:0a:e6:13:1e:f6:1c:a4:76:ea:25:61:03:3e:
         65:bb:f9:d9:d2:54:09:e1:b8:f6:e0:2d:00:59:79:f3:9a:8e:
         df:f8:30:72:86:7e:65:ca:09:ba:05:c7:08:67:9d:4d:84:10:
         9c:c4:04:e8:8f:ff:4c:df:d2:c8:11:82:d5:da:1f:c8:00:aa:
         90:b8:76:fb:5e:63:50:31:58:43:89:f7:54:d1:99:be:10:68:
         8d:69:4b:7b:68:7d:fb:5a:2a:6f:0f:92:35:f4:2d:75:e1:dc:
         29:49:94:cf:80:8b:b8:26:da:7f:6b:a7:9e:17:79:81:3d:c0:
         0a:e1:75:13:a1:44:76:2b:49:bb:fc:e2:b6:91:ca:11:b3:d5:
         6b:05:d6:3f:1b:59:f5:32:2e:87:a5:fb:94:89:90:62:45:26:
         1d:b9:4b:d5:b1:df:35:68:8e:1d:f4:97:ca:09:15:f7:8b:0c:
         39:f4:14:78:fc:2b:c6:70:e3:4f:fc:12:9f:d2:71:86:25:0e:
         15:6d:9f:90:0b:3e:97:9b:3b:aa:d5:99:93:02:4b:20:26:1e:
         ab:43:2b:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWGE5tlRUHUPW1Zc8XVTa4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZDJlZDhjNDlmNTAxYmYzMjk5MWM2NDIzYzJhY2VmYWYw
MjQ5NjkwHhcNMjUwMzExMTYzOTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGEzNWFmOTI0Y2QzNTAyMDJlMzdmOTg3ZDg0ZWZiZjQ0MDQ5NmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43dUw3jWkxot87/UERseQ/2a+Hez
w5wlYJa9O45NWPkgd6q5I7eSOYBN9uVPCHTPtKRoBsfcnJtwomw0M8r/e7+s8l5Z
8+QDYkXSCUtvwZJlnjgcud75whbJ5GrvckHdG+R3A6Ua5rtAA/AE2Tr5ZcUxTA+6
lC8sScGgX3xZeAU1CI8br6FaouQwzvQ9HG8TB4BRUB2Ox5G5LOIikDdaF6Z7oxH0
BK4rlJkdt062XGtAQdFOFV+8dqRUruEGC/QFDVdskOxWvJMcLoWTsLkYgZtTdTEO
1d6F4Sf51+5LJbp72dJBXRnif1Y3jaVIpBg0ZT25Ii2mwjWEW8li842towIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCjWvkkzTUCAuN/mH2E779EBJayMB8GA1UdIwQY
MBaAFFLS7YxJ9QG/MpkcZCPCrO+vAklpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXRMdGpFbjFBYjh5bVJ4a0k4S3M3NjhDU1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85ZTBjOGMtZTY2Ni00ZTcyLWFlMjEt
N2EwNGJjYmQwZTQ2LzEvTUtOYS1TVE5OUUlDNDMtWWZZVHZ2MFFFbHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85ZTBjOGMtZTY2Ni00ZTcyLWFlMjEtN2EwNGJjYmQwZTQ2
LzEvVXRMdGpFbjFBYjh5bVJ4a0k4S3M3NjhDU1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWZXMA0G
CSqGSIb3DQEBCwUAA4IBAQA/k8OBUmvriES8xJRHEYEY9xHiJt4d2Amjib3AGnRt
1eLod8d+yfnqFArmEx72HKR26iVhAz5lu/nZ0lQJ4bj24C0AWXnzmo7f+DByhn5l
ygm6BccIZ51NhBCcxAToj/9M39LIEYLV2h/IAKqQuHb7XmNQMVhDifdU0Zm+EGiN
aUt7aH37WipvD5I19C114dwpSZTPgIu4Jtp/a6eeF3mBPcAK4XUToUR2K0m7/OK2
kcoRs9VrBdY/G1n1Mi6HpfuUiZBiRSYduUvVsd81aI4d9JfKCRX3iww59BR4/CvG
cONP/BKf0nGGJQ4VbZ+QCz6Xmzuq1ZmTAksgJh6rQys0
-----END CERTIFICATE-----