Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/MuuzFIyNpWZONMllHbmnXx8HRv0.roa
File:                     MuuzFIyNpWZONMllHbmnXx8HRv0.roa (raw, json)
Hash identifier:          U3fGXgKZfpms0csUXLU3nnmhzkgEcT4L/f6Vy+UF3Bs=
Subject key identifier:   32:EB:B3:14:8C:8D:A5:66:4E:34:C9:65:1D:B9:A7:5F:1F:07:46:FD
Certificate issuer:       /CN=2d2f9339fbb8cb33c522751c530f3a20a753547c
Certificate serial:       01975FAC9F8C48EB948680363827C624F186
Authority key identifier: 2D:2F:93:39:FB:B8:CB:33:C5:22:75:1C:53:0F:3A:20:A7:53:54:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LS-TOfu4yzPFInUcUw86IKdTVHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/MuuzFIyNpWZONMllHbmnXx8HRv0.roa
Signing time:             Wed 11 Jun 2025 15:47:17 +0000
ROA not before:           Wed 11 Jun 2025 15:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200449
IP address blocks:        46.174.140.0/24 maxlen: 24
                          46.174.141.0/24 maxlen: 24
                          2a06:3341::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/LS-TOfu4yzPFInUcUw86IKdTVHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/LS-TOfu4yzPFInUcUw86IKdTVHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LS-TOfu4yzPFInUcUw86IKdTVHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5f:ac:9f:8c:48:eb:94:86:80:36:38:27:c6:24:f1:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d2f9339fbb8cb33c522751c530f3a20a753547c
        Validity
            Not Before: Jun 11 15:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32ebb3148c8da5664e34c9651db9a75f1f0746fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a2:7f:cb:6d:8a:a3:41:2d:d1:70:91:91:97:
                    d7:07:1e:29:02:c0:d0:db:6d:1b:ba:bc:c6:05:07:
                    b8:97:4e:8c:6e:7d:ee:d6:4e:42:3c:87:78:55:2e:
                    86:e9:b7:01:c3:a5:23:4a:ef:9e:ac:46:23:31:10:
                    ed:4e:e7:92:e3:a2:e1:91:13:6b:59:f4:fc:d3:45:
                    18:00:78:bb:ec:45:4a:44:84:7f:44:68:85:3f:8b:
                    fc:4a:83:a5:fe:8c:cb:07:60:18:86:3a:c9:1a:6a:
                    d0:b5:1c:a0:56:7f:98:d6:41:b3:0f:b7:78:ee:00:
                    00:66:81:df:ae:33:08:7b:8f:df:b1:08:c8:79:95:
                    b0:c7:a7:62:03:e5:cd:ac:7b:c9:a9:2e:ae:8b:32:
                    8a:99:f4:07:9c:a1:93:e0:7e:13:3d:2b:9d:50:e2:
                    0b:57:13:bb:6f:fa:1d:53:89:89:56:c2:fc:e6:24:
                    d5:63:f4:57:d9:a8:7a:07:14:d2:2d:5a:c1:58:f6:
                    b2:4e:c9:6d:8b:64:59:c4:1c:2a:a3:0e:6f:87:08:
                    2d:3e:07:f6:93:19:a6:3b:f2:0a:45:36:e4:c5:94:
                    91:19:6c:ca:75:af:d6:d2:11:35:0e:2e:27:e5:4e:
                    2b:72:9f:f0:b8:5d:6b:07:94:b8:ab:84:a3:a3:d7:
                    8c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:EB:B3:14:8C:8D:A5:66:4E:34:C9:65:1D:B9:A7:5F:1F:07:46:FD
            X509v3 Authority Key Identifier:
                keyid:2D:2F:93:39:FB:B8:CB:33:C5:22:75:1C:53:0F:3A:20:A7:53:54:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LS-TOfu4yzPFInUcUw86IKdTVHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/MuuzFIyNpWZONMllHbmnXx8HRv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/LS-TOfu4yzPFInUcUw86IKdTVHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.140.0/23
                IPv6:
                  2a06:3341::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:82:86:70:3b:45:ef:33:97:c9:c5:b6:e0:e3:f0:09:3c:4d:
         aa:c8:25:19:c6:c4:92:91:1b:62:0a:73:a3:46:63:06:bd:7c:
         89:46:45:7d:d1:73:dd:2a:37:4a:df:da:7c:9e:a6:f4:32:67:
         1f:77:ef:9b:41:a6:8f:41:86:1d:63:4c:ec:6c:05:9b:db:56:
         25:84:2c:4c:d8:0d:a8:69:19:7f:0d:bb:1e:61:a3:a3:15:c6:
         ef:dc:46:7b:07:e0:2a:ec:af:5b:d2:40:9e:f8:99:21:d0:e5:
         50:58:2d:4f:46:93:20:6a:ad:81:30:ae:bf:28:c5:d1:6d:54:
         28:5b:63:7c:d3:8f:ca:bb:08:d5:de:f8:b2:51:9d:fa:96:d9:
         9e:2c:65:56:ce:d2:e3:36:77:3e:83:36:20:5d:8a:6c:4a:ae:
         02:5b:cf:5a:f3:d7:67:20:dd:b3:91:19:ef:1b:31:88:06:38:
         23:16:1f:29:59:c1:8a:77:b6:f5:76:bb:af:50:91:57:15:ec:
         db:56:94:ef:3a:fd:e6:06:6f:5a:c0:ed:35:7e:8c:f4:4d:7c:
         c9:7e:31:de:b9:6f:0b:23:e2:0b:61:37:3a:21:d8:4f:5b:98:
         e3:6d:fb:e8:6f:0c:46:71:28:5b:19:68:15:43:77:f8:23:dd:
         fc:dc:81:a8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdfrJ+MSOuUhoA2OCfGJPGGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMmY5MzM5ZmJiOGNiMzNjNTIyNzUxYzUzMGYzYTIwYTc1
MzU0N2MwHhcNMjUwNjExMTU0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmViYjMxNDhjOGRhNTY2NGUzNGM5NjUxZGI5YTc1ZjFmMDc0NmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaJ/y22Ko0Et0XCRkZfXBx4pAsDQ
220burzGBQe4l06Mbn3u1k5CPId4VS6G6bcBw6UjSu+erEYjMRDtTueS46LhkRNr
WfT800UYAHi77EVKRIR/RGiFP4v8SoOl/ozLB2AYhjrJGmrQtRygVn+Y1kGzD7d4
7gAAZoHfrjMIe4/fsQjIeZWwx6diA+XNrHvJqS6uizKKmfQHnKGT4H4TPSudUOIL
VxO7b/odU4mJVsL85iTVY/RX2ah6BxTSLVrBWPayTslti2RZxBwqow5vhwgtPgf2
kxmmO/IKRTbkxZSRGWzKda/W0hE1Di4n5U4rcp/wuF1rB5S4q4Sjo9eMWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDLrsxSMjaVmTjTJZR25p18fB0b9MB8GA1UdIwQY
MBaAFC0vkzn7uMszxSJ1HFMPOiCnU1R8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFMtVE9mdTR5elBGSW5VY1V3ODZJS2RUVkh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85NWZhNjEtMTdmYi00ODkwLTk1OTgt
MWQzYTFlOWI3NTQ1LzEvTXV1ekZJeU5wV1pPTk1sbEhibW5YeDhIUnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85NWZhNjEtMTdmYi00ODkwLTk1OTgtMWQzYTFlOWI3NTQ1
LzEvTFMtVE9mdTR5elBGSW5VY1V3ODZJS2RUVkh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLq6MMA0E
AgACMAcDBQAqBjNBMA0GCSqGSIb3DQEBCwUAA4IBAQCUgoZwO0XvM5fJxbbg4/AJ
PE2qyCUZxsSSkRtiCnOjRmMGvXyJRkV90XPdKjdK39p8nqb0Mmcfd++bQaaPQYYd
Y0zsbAWb21YlhCxM2A2oaRl/DbseYaOjFcbv3EZ7B+Aq7K9b0kCe+Jkh0OVQWC1P
RpMgaq2BMK6/KMXRbVQoW2N804/KuwjV3viyUZ36ltmeLGVWztLjNnc+gzYgXYps
Sq4CW89a89dnIN2zkRnvGzGIBjgjFh8pWcGKd7b1druvUJFXFezbVpTvOv3mBm9a
wO01foz0TXzJfjHeuW8LI+ILYTc6IdhPW5jjbfvobwxGcShbGWgVQ3f4I9383IGo
-----END CERTIFICATE-----