Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MbJoP11Rjl90efVbpqimCGZozHI.roa
File:                     MbJoP11Rjl90efVbpqimCGZozHI.roa (raw, json)
Hash identifier:          ttunH4kBk2rcjsQ7NJzTUGwWDGSokidQpehM0Gp7TNc=
Subject key identifier:   31:B2:68:3F:5D:51:8E:5F:74:79:F5:5B:A6:A8:A6:08:66:68:CC:72
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       01999F971599525ECB51611401F5DD2741EA
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MbJoP11Rjl90efVbpqimCGZozHI.roa
Signing time:             Wed 01 Oct 2025 11:45:02 +0000
ROA not before:           Wed 01 Oct 2025 11:45:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207571
IP address blocks:        2a0c:9a40:8fe0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:97:15:99:52:5e:cb:51:61:14:01:f5:dd:27:41:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Oct  1 11:45:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31b2683f5d518e5f7479f55ba6a8a6086668cc72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5b:3a:9b:c0:93:51:dc:30:b4:5e:bb:20:e1:
                    83:3c:1c:03:14:d2:d9:01:a3:55:fd:f8:9f:29:7c:
                    64:26:e6:4e:21:ad:85:8a:b7:8b:6b:21:4a:67:3f:
                    0f:2a:54:6d:bd:39:31:59:96:78:e4:7b:a6:dd:dc:
                    1d:77:2a:c6:6f:33:5e:06:23:d4:32:c0:de:43:8c:
                    c5:c8:a5:bc:cf:64:ee:10:bc:6f:0f:50:8c:57:87:
                    aa:ee:5e:2a:78:25:38:80:44:34:7a:b4:d8:2b:70:
                    86:4b:66:1b:51:19:4b:1b:ea:7e:8d:ae:d9:29:d9:
                    9c:cb:80:4d:28:e6:18:93:c8:1f:5a:af:07:00:ef:
                    bb:65:c1:dc:d5:47:88:79:6e:df:89:c3:81:f2:43:
                    a9:15:d6:c4:cd:af:92:88:6e:93:52:c7:06:bc:65:
                    75:0c:4a:9c:9f:38:43:43:de:83:3f:01:db:a6:a6:
                    46:e6:d3:a7:c6:da:9b:86:f5:47:48:00:a2:35:a2:
                    49:fe:5c:8c:ee:5b:a2:c8:59:eb:af:90:aa:b2:8a:
                    88:cc:da:65:0a:22:98:3a:25:15:d8:0d:a6:17:39:
                    5d:be:a5:3a:4c:99:26:52:9e:33:5c:a1:75:38:3f:
                    fd:13:47:50:68:b4:7c:cd:3c:8b:35:58:5a:09:18:
                    74:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B2:68:3F:5D:51:8E:5F:74:79:F5:5B:A6:A8:A6:08:66:68:CC:72
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MbJoP11Rjl90efVbpqimCGZozHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8fe0::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:c1:a2:4c:e5:b2:33:d0:08:ac:34:0c:2f:82:48:33:61:99:
         bc:2c:ac:da:0f:17:44:43:1f:26:0f:a5:58:53:c9:54:38:09:
         11:a9:25:ed:93:fe:7d:63:3f:34:a4:b4:21:7d:cb:6b:e1:6c:
         e1:d6:d6:a9:f4:6b:da:99:88:1e:b2:ea:57:b4:9b:33:64:e6:
         db:69:8c:e6:a5:05:50:8e:42:09:7c:34:78:26:69:93:82:0d:
         08:4e:e1:17:ff:24:4e:0b:a2:11:54:78:02:ca:a9:8b:4d:d1:
         fd:a8:a6:30:84:74:05:a7:f0:2a:9d:fe:c3:a9:b1:a8:3a:f5:
         84:59:f7:47:1b:39:5b:f9:99:1c:0c:2d:70:c9:d3:d0:f8:dc:
         e9:c4:c5:c3:2f:2e:b3:f5:b5:04:73:38:ce:23:02:14:74:0d:
         c5:b1:9b:13:03:49:88:01:42:e4:10:0d:bb:e1:43:8c:fe:dc:
         21:d8:45:54:15:ad:8a:36:70:61:68:9f:38:96:26:f3:87:e4:
         00:f6:0b:03:35:bd:24:66:56:08:12:ac:c1:ea:80:1b:73:93:
         74:48:9d:0c:6a:ed:b9:b9:ae:8a:fc:3c:53:bc:59:38:ef:52:
         af:e9:64:03:de:b4:bd:60:a4:1a:a1:04:19:c9:a6:8f:94:67:
         85:59:d5:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmflxWZUl7LUWEUAfXdJ0HqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUxMDAxMTE0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWIyNjgzZjVkNTE4ZTVmNzQ3OWY1NWJhNmE4YTYwODY2NjhjYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Vs6m8CTUdwwtF67IOGDPBwDFNLZ
AaNV/fifKXxkJuZOIa2FireLayFKZz8PKlRtvTkxWZZ45Hum3dwddyrGbzNeBiPU
MsDeQ4zFyKW8z2TuELxvD1CMV4eq7l4qeCU4gEQ0erTYK3CGS2YbURlLG+p+ja7Z
Kdmcy4BNKOYYk8gfWq8HAO+7ZcHc1UeIeW7ficOB8kOpFdbEza+SiG6TUscGvGV1
DEqcnzhDQ96DPwHbpqZG5tOnxtqbhvVHSACiNaJJ/lyM7luiyFnrr5CqsoqIzNpl
CiKYOiUV2A2mFzldvqU6TJkmUp4zXKF1OD/9E0dQaLR8zTyLNVhaCRh0zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDGyaD9dUY5fdHn1W6aopghmaMxyMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvTWJKb1AxMVJqbDkwZWZWYnBxaW1DR1pvekhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQI/g
MA0GCSqGSIb3DQEBCwUAA4IBAQAwwaJM5bIz0AisNAwvgkgzYZm8LKzaDxdEQx8m
D6VYU8lUOAkRqSXtk/59Yz80pLQhfctr4Wzh1tap9GvamYgesupXtJszZObbaYzm
pQVQjkIJfDR4JmmTgg0ITuEX/yROC6IRVHgCyqmLTdH9qKYwhHQFp/Aqnf7DqbGo
OvWEWfdHGzlb+ZkcDC1wydPQ+NzpxMXDLy6z9bUEczjOIwIUdA3FsZsTA0mIAULk
EA274UOM/twh2EVUFa2KNnBhaJ84libzh+QA9gsDNb0kZlYIEqzB6oAbc5N0SJ0M
au25ua6K/DxTvFk471Kv6WQD3rS9YKQaoQQZyaaPlGeFWdVP
-----END CERTIFICATE-----