Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MTcolobyd4LN3UJYqNXj32QICfA.roa
File:                     MTcolobyd4LN3UJYqNXj32QICfA.roa (raw, json)
Hash identifier:          SY2nubNRJwzzUult81E9exE+JbEzAGGam5npo1H+QHU=
Subject key identifier:   31:37:28:96:86:F2:77:82:CD:DD:42:58:A8:D5:E3:DF:64:08:09:F0
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019ED1C6595556D877BD985BEECD92CD1FBA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MTcolobyd4LN3UJYqNXj32QICfA.roa
Signing time:             Tue 16 Jun 2026 18:51:37 +0000
ROA not before:           Tue 16 Jun 2026 18:51:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198189
IP address blocks:        217.60.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:c6:59:55:56:d8:77:bd:98:5b:ee:cd:92:cd:1f:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 16 18:51:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3137289686f27782cddd4258a8d5e3df640809f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5b:f7:16:07:d1:7f:cf:b1:84:a6:f9:d3:d7:
                    e1:b1:ef:f0:18:8b:8e:5b:f3:24:25:01:7c:d9:b7:
                    52:6d:97:9a:3c:27:09:92:68:6b:92:b2:12:19:7d:
                    43:1b:e1:7b:b7:da:a6:fa:a1:fe:2b:82:77:24:6e:
                    5a:5a:86:8d:e3:e3:0c:5c:f8:d5:aa:de:c8:d5:7c:
                    0b:87:6b:a2:b0:63:96:26:f3:ba:f7:55:46:f9:bf:
                    1b:c6:6e:75:0d:f9:00:b6:f0:4f:b3:c7:6b:93:8e:
                    cf:45:a7:38:a8:13:14:0a:58:21:9e:bb:20:a4:bb:
                    5c:91:49:be:0d:77:a7:93:d2:bd:e2:fc:6b:47:a4:
                    51:95:28:07:0c:32:6f:53:07:19:9b:38:c8:39:e1:
                    f7:e3:20:7b:5f:c7:e6:51:e6:35:cc:3a:de:68:87:
                    72:a8:63:4f:cc:24:11:fa:8a:3a:e6:61:96:a3:69:
                    66:3c:7e:f0:46:c0:b8:80:8b:c2:ac:ca:f7:91:52:
                    62:70:16:3e:cd:3f:c5:80:46:8d:de:48:86:03:54:
                    16:ae:18:d2:65:f9:81:19:a5:df:f5:f4:03:19:94:
                    04:fd:71:3c:28:fa:53:aa:7d:8b:25:84:1a:ec:a3:
                    95:bf:4e:77:88:20:ef:51:0e:b7:5a:4f:29:65:31:
                    3c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:37:28:96:86:F2:77:82:CD:DD:42:58:A8:D5:E3:DF:64:08:09:F0
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/MTcolobyd4LN3UJYqNXj32QICfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:fd:d0:d0:a2:05:67:3a:50:87:9e:e5:66:d1:c7:f8:f0:cd:
         f5:d0:be:1f:ea:f7:e3:29:38:e5:6c:41:40:7f:da:a7:00:07:
         57:38:fb:3b:17:7b:68:4d:87:05:7a:8e:b9:6f:ec:4d:56:b4:
         93:70:9e:b9:f1:77:bd:d2:4a:5a:62:02:3f:72:11:a0:93:3e:
         e4:4b:1f:1e:ff:f4:9d:22:ea:a2:c0:d4:31:f9:f8:04:ce:37:
         79:73:f4:e2:91:62:b5:d1:e0:b9:03:00:6c:4c:7a:86:e9:65:
         9c:b0:4d:2d:bd:2c:a5:e2:2a:85:9a:22:2c:60:be:94:5f:6d:
         b8:57:de:59:89:4d:05:86:9a:ad:6f:e7:6b:06:a0:30:76:80:
         82:45:14:d1:82:9a:6d:6c:b8:ce:b1:77:69:ae:24:a0:59:e1:
         6c:33:f3:f4:84:a0:22:fa:6f:48:8c:78:34:38:31:4f:6f:8a:
         f8:83:ac:8e:39:19:6a:6b:a6:c6:b1:74:65:d7:ba:be:89:5f:
         0a:93:89:2e:68:86:a4:47:0e:10:5d:25:9c:2c:37:11:97:40:
         02:fc:fa:79:ac:00:2c:a3:59:bd:7a:4b:4a:ea:56:dd:cf:3f:
         fc:e9:c8:a9:3c:ce:ba:b2:42:07:68:18:6e:0f:f6:64:b0:84:
         20:ce:8d:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7RxllVVth3vZhb7s2SzR+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNjE2MTg1MTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTM3Mjg5Njg2ZjI3NzgyY2RkZDQyNThhOGQ1ZTNkZjY0MDgwOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1v3FgfRf8+xhKb509fhse/wGIuO
W/MkJQF82bdSbZeaPCcJkmhrkrISGX1DG+F7t9qm+qH+K4J3JG5aWoaN4+MMXPjV
qt7I1XwLh2uisGOWJvO691VG+b8bxm51DfkAtvBPs8drk47PRac4qBMUClghnrsg
pLtckUm+DXenk9K94vxrR6RRlSgHDDJvUwcZmzjIOeH34yB7X8fmUeY1zDreaIdy
qGNPzCQR+oo65mGWo2lmPH7wRsC4gIvCrMr3kVJicBY+zT/FgEaN3kiGA1QWrhjS
ZfmBGaXf9fQDGZQE/XE8KPpTqn2LJYQa7KOVv053iCDvUQ63Wk8pZTE8KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDE3KJaG8neCzd1CWKjV499kCAnwMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTVRjb2xvYnlkNExOM1VKWXFOWGozMlFJQ2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TxOMA0G
CSqGSIb3DQEBCwUAA4IBAQC3/dDQogVnOlCHnuVm0cf48M310L4f6vfjKTjlbEFA
f9qnAAdXOPs7F3toTYcFeo65b+xNVrSTcJ658Xe90kpaYgI/chGgkz7kSx8e//Sd
IuqiwNQx+fgEzjd5c/TikWK10eC5AwBsTHqG6WWcsE0tvSyl4iqFmiIsYL6UX224
V95ZiU0Fhpqtb+drBqAwdoCCRRTRgpptbLjOsXdpriSgWeFsM/P0hKAi+m9IjHg0
ODFPb4r4g6yOORlqa6bGsXRl17q+iV8Kk4kuaIakRw4QXSWcLDcRl0AC/Pp5rAAs
o1m9ektK6lbdzz/86cipPM66skIHaBhuD/ZksIQgzo2U
-----END CERTIFICATE-----