Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/mkmwIf1Iyo8hMno78fPepNImXH8.roa
File:                     mkmwIf1Iyo8hMno78fPepNImXH8.roa (raw, json)
Hash identifier:          wfID7yEbi2df8jq0Ckn9IY6ORqGPgrhezgKEUT4ICis=
Subject key identifier:   9A:49:B0:21:FD:48:CA:8F:21:32:7A:3B:F1:F3:DE:A4:D2:26:5C:7F
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       01991AE11AC543125E917E5FE718B22A828F
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/mkmwIf1Iyo8hMno78fPepNImXH8.roa
Signing time:             Fri 05 Sep 2025 17:16:24 +0000
ROA not before:           Fri 05 Sep 2025 17:16:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        89.185.79.0/24 maxlen: 24
                          92.240.215.0/24 maxlen: 24
                          92.240.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 23:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:e1:1a:c5:43:12:5e:91:7e:5f:e7:18:b2:2a:82:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Sep  5 17:16:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a49b021fd48ca8f21327a3bf1f3dea4d2265c7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:97:5f:73:29:e3:3a:e1:db:02:ad:67:cd:03:
                    b9:35:0c:3a:7a:67:bf:25:c1:a7:ce:81:7e:7b:93:
                    50:18:52:8d:a6:30:8c:98:cc:f0:c4:1b:aa:05:aa:
                    cb:3d:a1:43:41:97:04:4d:65:15:68:27:45:5f:ec:
                    cd:35:df:19:3d:81:b3:1e:3d:63:6e:de:a2:55:d3:
                    c8:05:d0:7a:1a:25:00:09:8e:d6:eb:d9:a5:e4:61:
                    5e:f9:95:27:2b:58:f3:b1:d4:87:16:4b:c0:20:77:
                    a2:56:1e:e1:bc:7d:03:15:89:c6:fe:e6:98:1c:18:
                    55:c0:61:32:ce:16:6d:41:f2:28:77:cd:cb:ea:14:
                    e1:55:c1:26:cc:21:62:18:3a:30:6c:d3:9f:38:af:
                    5d:dc:36:1b:7c:26:58:e5:18:6d:64:18:e6:2a:63:
                    5d:78:08:45:1e:14:63:52:b2:66:6d:7d:79:c5:b1:
                    30:0f:d0:fb:fd:2a:29:7a:57:6f:be:fe:d1:72:19:
                    c5:c1:bb:ad:d7:a9:fe:ec:c2:e2:9c:a2:26:3f:42:
                    12:27:06:7c:ce:66:6f:75:d2:05:97:36:1d:4f:92:
                    66:a9:0a:ff:2d:2b:10:46:77:c1:9f:cf:e6:5e:74:
                    02:4a:e5:43:4e:a3:7b:f5:5f:27:a8:23:4c:e1:44:
                    65:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:49:B0:21:FD:48:CA:8F:21:32:7A:3B:F1:F3:DE:A4:D2:26:5C:7F
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/mkmwIf1Iyo8hMno78fPepNImXH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.79.0/24
                  92.240.215.0/24
                  92.240.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:48:54:ad:47:25:ac:0d:ac:e3:29:72:6f:3f:a4:8a:f2:4a:
         16:86:10:1b:4b:7e:44:fd:96:3c:f4:6e:24:cf:cf:7d:2c:da:
         b2:a3:b0:03:52:83:84:f1:a6:84:6b:00:11:cf:67:0c:50:ce:
         d5:c1:81:55:10:97:70:03:71:8f:4e:7b:00:7a:7d:1a:28:83:
         c7:bd:13:22:f7:6c:5b:4b:de:5b:d5:67:13:e2:95:e4:83:b7:
         b2:d3:c6:c4:2f:67:48:92:f8:1d:7e:5a:30:ad:6c:d4:28:e5:
         de:60:cc:c2:14:0f:8a:bc:94:7f:95:dc:2c:89:24:2a:1b:1c:
         95:a8:d1:6e:95:12:86:5a:7c:4e:9f:1b:bb:72:70:61:1d:9d:
         38:84:38:2b:01:56:7a:31:49:5f:24:99:2c:92:f0:e9:fd:f5:
         98:21:02:1c:2c:14:fd:0d:30:6f:8d:81:77:8a:1d:8c:93:46:
         4e:f5:6e:09:22:5f:26:4a:29:58:7d:53:63:c1:d6:99:7c:55:
         82:56:dd:70:2f:d7:aa:7a:33:68:36:5d:94:64:3d:f0:7c:cd:
         60:9e:2d:fc:06:f6:a0:44:95:31:fe:d2:3d:a8:51:b7:40:be:
         6e:ae:be:eb:52:e8:78:26:12:30:c0:41:10:e9:6d:f8:d6:6c:
         0b:a4:a2:3d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZka4RrFQxJekX5f5xiyKoKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwOTA1MTcxNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ5YjAyMWZkNDhjYThmMjEzMjdhM2JmMWYzZGVhNGQyMjY1YzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZdfcynjOuHbAq1nzQO5NQw6eme/
JcGnzoF+e5NQGFKNpjCMmMzwxBuqBarLPaFDQZcETWUVaCdFX+zNNd8ZPYGzHj1j
bt6iVdPIBdB6GiUACY7W69ml5GFe+ZUnK1jzsdSHFkvAIHeiVh7hvH0DFYnG/uaY
HBhVwGEyzhZtQfIod83L6hThVcEmzCFiGDowbNOfOK9d3DYbfCZY5RhtZBjmKmNd
eAhFHhRjUrJmbX15xbEwD9D7/Sopeldvvv7RchnFwbut16n+7MLinKImP0ISJwZ8
zmZvddIFlzYdT5JmqQr/LSsQRnfBn8/mXnQCSuVDTqN79V8nqCNM4URlbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJpJsCH9SMqPITJ6O/Hz3qTSJlx/MB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvbWttd0lmMUl5bzhoTW5vNzhmUGVwTkltWEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWblPAwQA
XPDXAwQAXPDZMA0GCSqGSIb3DQEBCwUAA4IBAQBNSFStRyWsDazjKXJvP6SK8koW
hhAbS35E/ZY89G4kz899LNqyo7ADUoOE8aaEawARz2cMUM7VwYFVEJdwA3GPTnsA
en0aKIPHvRMi92xbS95b1WcT4pXkg7ey08bEL2dIkvgdflowrWzUKOXeYMzCFA+K
vJR/ldwsiSQqGxyVqNFulRKGWnxOnxu7cnBhHZ04hDgrAVZ6MUlfJJkskvDp/fWY
IQIcLBT9DTBvjYF3ih2Mk0ZO9W4JIl8mSilYfVNjwdaZfFWCVt1wL9eqejNoNl2U
ZD3wfM1gni38BvagRJUx/tI9qFG3QL5urr7rUuh4JhIwwEEQ6W341mwLpKI9
-----END CERTIFICATE-----