Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/mgi-sHB9BvG_JhGVaolwV53PdcI.roa
File:                     mgi-sHB9BvG_JhGVaolwV53PdcI.roa (raw, json)
Hash identifier:          Mp5ienel094fK7II/BeJb819aKnF3b9Sr1dy+H9Nl2U=
Subject key identifier:   9A:08:BE:B0:70:7D:06:F1:BF:26:11:95:6A:89:70:57:9D:CF:75:C2
Certificate issuer:       /CN=237c83447d17183380f489bc946c8b9e300ffb1d
Certificate serial:       01992FF61C7CA47444AB0997CD13D467D3E2
Authority key identifier: 23:7C:83:44:7D:17:18:33:80:F4:89:BC:94:6C:8B:9E:30:0F:FB:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3yDRH0XGDOA9Im8lGyLnjAP-x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/mgi-sHB9BvG_JhGVaolwV53PdcI.roa
Signing time:             Tue 09 Sep 2025 19:31:22 +0000
ROA not before:           Tue 09 Sep 2025 19:31:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14544
IP address blocks:        81.208.192.0/19 maxlen: 19
                          130.110.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/I3yDRH0XGDOA9Im8lGyLnjAP-x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/I3yDRH0XGDOA9Im8lGyLnjAP-x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3yDRH0XGDOA9Im8lGyLnjAP-x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2f:f6:1c:7c:a4:74:44:ab:09:97:cd:13:d4:67:d3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=237c83447d17183380f489bc946c8b9e300ffb1d
        Validity
            Not Before: Sep  9 19:31:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a08beb0707d06f1bf2611956a8970579dcf75c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1b:f0:b3:88:f1:06:e3:d9:f2:65:6a:fa:82:
                    23:11:74:4b:a0:dd:4a:e4:27:24:87:9f:87:d0:b5:
                    c9:8d:cc:6c:a2:bb:dd:6f:e5:33:f8:5f:7f:c7:49:
                    56:51:9d:f6:de:01:21:a9:c8:59:f3:2a:30:96:da:
                    89:59:d1:3c:d7:d1:c2:19:8f:53:32:e6:28:09:5c:
                    58:d6:b1:ab:75:db:18:f5:8d:ad:b5:b1:9d:1b:0e:
                    87:96:92:fe:73:45:3f:98:b9:a4:f1:77:28:e2:5c:
                    b8:23:34:b6:f9:e4:e5:11:71:3a:8c:75:d5:34:2c:
                    ec:01:86:14:5d:6a:d6:13:a7:f3:1f:51:4e:63:f4:
                    04:e6:7b:e9:e4:35:43:72:5d:18:c6:99:60:91:7e:
                    96:cb:b1:71:df:75:8c:d3:ed:71:58:7c:28:c0:d1:
                    b1:76:56:e5:5a:61:a0:47:4f:84:f3:dd:f9:b0:1a:
                    46:63:7c:c0:9a:e9:e2:42:b8:dd:0c:31:81:ac:cb:
                    a0:10:1c:e5:11:05:58:43:bc:57:91:3a:99:35:a8:
                    ca:7b:d1:97:2f:03:0d:46:15:73:1b:ee:1a:98:4d:
                    b5:cc:1e:81:d8:b0:da:38:69:2c:a2:da:c4:24:da:
                    a5:42:b3:93:60:e0:41:9c:68:a8:0b:7c:ff:01:db:
                    ef:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:08:BE:B0:70:7D:06:F1:BF:26:11:95:6A:89:70:57:9D:CF:75:C2
            X509v3 Authority Key Identifier:
                keyid:23:7C:83:44:7D:17:18:33:80:F4:89:BC:94:6C:8B:9E:30:0F:FB:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3yDRH0XGDOA9Im8lGyLnjAP-x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/mgi-sHB9BvG_JhGVaolwV53PdcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/I3yDRH0XGDOA9Im8lGyLnjAP-x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.208.192.0/19
                  130.110.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:5e:f0:d8:31:35:5f:5c:ed:a6:4f:fa:00:17:73:2e:fc:a2:
         2c:6e:15:59:34:b5:22:48:f2:2b:29:dd:89:a9:11:ff:b5:65:
         70:f7:6d:dd:1b:b4:69:62:a9:f4:34:4a:ce:f4:b0:86:56:4a:
         86:bb:24:bb:cf:0f:09:80:ad:83:86:34:d4:4b:d2:6d:4f:74:
         11:78:55:a7:92:cc:07:41:65:dd:6c:d9:87:2e:f2:7b:e0:9d:
         11:7c:ca:35:f7:19:c1:71:64:d2:b0:41:52:f8:0f:f6:0f:ed:
         fa:fd:ea:d9:98:b0:9c:ea:8c:4e:4f:a3:56:8b:dd:db:e0:bc:
         48:3a:91:be:e9:86:fd:ef:1b:4a:82:62:fa:60:6d:53:a5:e1:
         ed:f0:ef:4e:51:43:08:cb:6d:bb:8b:08:fe:46:0b:04:21:6d:
         69:84:50:be:a7:70:c0:9f:2d:7d:33:34:f3:6b:6b:1b:5d:7b:
         3e:84:40:0c:ac:e4:fc:5d:65:5c:f2:5f:80:cc:6c:c9:19:d4:
         c5:3c:58:bf:67:c5:9e:9f:dd:ca:4f:1a:72:87:c4:00:4a:5d:
         1a:0d:78:d2:12:c8:76:2d:bd:53:2a:4f:60:86:96:6b:e5:48:
         da:c1:fb:c9:5b:90:2c:0c:81:ad:38:1f:6d:15:c4:dc:c3:82:
         96:9b:92:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkv9hx8pHREqwmXzRPUZ9PiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzN2M4MzQ0N2QxNzE4MzM4MGY0ODliYzk0NmM4YjllMzAw
ZmZiMWQwHhcNMjUwOTA5MTkzMTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTA4YmViMDcwN2QwNmYxYmYyNjExOTU2YTg5NzA1NzlkY2Y3NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBvws4jxBuPZ8mVq+oIjEXRLoN1K
5Cckh5+H0LXJjcxsorvdb+Uz+F9/x0lWUZ323gEhqchZ8yowltqJWdE819HCGY9T
MuYoCVxY1rGrddsY9Y2ttbGdGw6HlpL+c0U/mLmk8Xco4ly4IzS2+eTlEXE6jHXV
NCzsAYYUXWrWE6fzH1FOY/QE5nvp5DVDcl0YxplgkX6Wy7Fx33WM0+1xWHwowNGx
dlblWmGgR0+E8935sBpGY3zAmuniQrjdDDGBrMugEBzlEQVYQ7xXkTqZNajKe9GX
LwMNRhVzG+4amE21zB6B2LDaOGksotrEJNqlQrOTYOBBnGioC3z/AdvvtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJoIvrBwfQbxvyYRlWqJcFedz3XCMB8GA1UdIwQY
MBaAFCN8g0R9FxgzgPSJvJRsi54wD/sdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTN5RFJIMFhHRE9BOUltOGxHeUxuakFQLXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85ZDU5ZTEtN2E2Ny00NjlkLWI0ZGEt
OGIzMzcyMjM0ZGMwLzEvbWdpLXNIQjlCdkdfSmhHVmFvbHdWNTNQZGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85ZDU5ZTEtN2E2Ny00NjlkLWI0ZGEtOGIzMzcyMjM0ZGMw
LzEvSTN5RFJIMFhHRE9BOUltOGxHeUxuakFQLXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFUdDAAwQB
gm4eMA0GCSqGSIb3DQEBCwUAA4IBAQCKXvDYMTVfXO2mT/oAF3Mu/KIsbhVZNLUi
SPIrKd2JqRH/tWVw923dG7RpYqn0NErO9LCGVkqGuyS7zw8JgK2DhjTUS9JtT3QR
eFWnkswHQWXdbNmHLvJ74J0RfMo19xnBcWTSsEFS+A/2D+36/erZmLCc6oxOT6NW
i93b4LxIOpG+6Yb97xtKgmL6YG1TpeHt8O9OUUMIy227iwj+RgsEIW1phFC+p3DA
ny19MzTza2sbXXs+hEAMrOT8XWVc8l+AzGzJGdTFPFi/Z8Wen93KTxpyh8QASl0a
DXjSEsh2Lb1TKk9ghpZr5UjawfvJW5AsDIGtOB9tFcTcw4KWm5K0
-----END CERTIFICATE-----