Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/mNWhV9Hvaf2yXpnhOSbY3EKbOiU.roa
File:                     mNWhV9Hvaf2yXpnhOSbY3EKbOiU.roa (raw, json)
Hash identifier:          xbTjMWQPzIJQuFzWCStCIwa5zKEG4q5JVM9fdDMAgcI=
Subject key identifier:   98:D5:A1:57:D1:EF:69:FD:B2:5E:99:E1:39:26:D8:DC:42:9B:3A:25
Certificate issuer:       /CN=724ea41878ee9137e7c93d6dcd31d020ec3fe461
Certificate serial:       019952D8FA4723C6C92BD825F8D4A8BD170D
Authority key identifier: 72:4E:A4:18:78:EE:91:37:E7:C9:3D:6D:CD:31:D0:20:EC:3F:E4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ck6kGHjukTfnyT1tzTHQIOw_5GE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/mNWhV9Hvaf2yXpnhOSbY3EKbOiU.roa
Signing time:             Tue 16 Sep 2025 14:06:15 +0000
ROA not before:           Tue 16 Sep 2025 14:06:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215396
IP address blocks:        185.52.17.0/24 maxlen: 24
                          194.32.114.0/23 maxlen: 23
                          194.32.114.0/24 maxlen: 24
                          194.32.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/ck6kGHjukTfnyT1tzTHQIOw_5GE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/ck6kGHjukTfnyT1tzTHQIOw_5GE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ck6kGHjukTfnyT1tzTHQIOw_5GE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:d8:fa:47:23:c6:c9:2b:d8:25:f8:d4:a8:bd:17:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=724ea41878ee9137e7c93d6dcd31d020ec3fe461
        Validity
            Not Before: Sep 16 14:06:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98d5a157d1ef69fdb25e99e13926d8dc429b3a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:68:69:2b:7f:12:6d:4f:07:c9:df:89:16:42:
                    47:b7:8e:6e:95:e9:84:d9:e3:a4:9a:12:05:82:4e:
                    84:49:2e:01:6c:ac:f6:ba:86:9a:50:65:72:59:e1:
                    6a:2d:e4:23:af:91:00:3e:20:47:14:ca:5b:66:e6:
                    6d:51:4e:67:df:6e:c8:c4:6a:ab:1f:cc:e3:b7:f2:
                    dd:fb:c3:ed:bb:4b:2b:fd:14:12:65:8d:0b:0b:a4:
                    02:e4:fd:6c:78:77:1d:e8:98:e0:1e:fe:e6:4f:a0:
                    09:31:3d:24:9f:5f:a5:12:b5:07:ab:84:ad:4c:95:
                    7c:b0:79:cd:69:4a:32:42:cd:54:b0:dc:a0:f9:56:
                    ec:fc:a8:d6:be:e6:c7:54:b8:40:b1:3e:c2:a6:77:
                    85:38:53:58:28:f5:a7:a4:94:56:15:9c:db:9d:a1:
                    0f:27:c2:70:1a:14:e9:c5:80:ba:81:bf:4f:14:01:
                    6f:ad:ba:66:b9:5a:b6:f6:a6:80:1c:4b:7d:33:94:
                    1b:2c:ce:dd:0b:f7:13:64:42:5f:14:04:ab:63:a6:
                    0e:23:c3:4d:bc:60:54:ed:8f:15:e5:53:27:6b:39:
                    1d:39:fd:3d:5a:0e:15:31:68:15:83:82:71:f0:cc:
                    4b:1a:ae:18:06:3f:30:bd:e0:7d:ce:2f:9c:3a:1e:
                    76:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D5:A1:57:D1:EF:69:FD:B2:5E:99:E1:39:26:D8:DC:42:9B:3A:25
            X509v3 Authority Key Identifier:
                keyid:72:4E:A4:18:78:EE:91:37:E7:C9:3D:6D:CD:31:D0:20:EC:3F:E4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ck6kGHjukTfnyT1tzTHQIOw_5GE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/mNWhV9Hvaf2yXpnhOSbY3EKbOiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/ck6kGHjukTfnyT1tzTHQIOw_5GE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.17.0/24
                  194.32.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:75:3a:34:e3:de:8c:a5:3c:55:9d:34:b0:ce:31:04:ad:49:
         b5:34:17:c1:ec:3e:1f:1d:18:97:00:98:d7:91:18:80:5c:3d:
         c0:89:fb:a8:e8:82:aa:f6:85:f0:5b:28:fb:09:e8:80:99:cd:
         31:a3:2e:8a:72:c8:dc:0a:cd:2e:1a:18:85:2c:26:e9:82:94:
         2b:6c:a1:01:79:10:88:82:48:91:57:09:e4:4f:da:31:98:92:
         4c:4a:0a:2b:4f:fa:75:90:90:13:fa:bb:16:16:8c:b3:50:f9:
         07:a7:31:ec:77:c3:60:6e:17:e0:84:50:65:49:9c:da:0d:0f:
         d2:85:eb:f8:4b:1c:2a:13:58:6d:7c:b6:ed:7b:1a:b7:0f:87:
         89:82:c9:cd:fc:79:55:e6:02:b7:34:c2:44:3e:50:cc:06:ae:
         d8:0b:97:3a:f7:1e:4d:e8:7c:c4:10:31:6e:cd:c2:50:17:e5:
         8c:71:4e:ce:8c:e8:cd:dd:f8:01:04:b2:30:72:92:91:df:f7:
         2c:af:42:1f:3d:4c:65:0d:90:b2:de:cc:31:9c:ef:15:a0:9e:
         e8:ba:9b:de:ca:65:79:e6:56:11:da:ad:a5:33:00:b9:20:ce:
         03:c0:25:03:c9:0e:26:f2:12:e9:5d:8d:a9:3c:e1:64:33:a3:
         2a:a1:6c:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlS2PpHI8bJK9gl+NSovRcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNGVhNDE4NzhlZTkxMzdlN2M5M2Q2ZGNkMzFkMDIwZWMz
ZmU0NjEwHhcNMjUwOTE2MTQwNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQ1YTE1N2QxZWY2OWZkYjI1ZTk5ZTEzOTI2ZDhkYzQyOWIzYTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGhpK38SbU8Hyd+JFkJHt45ulemE
2eOkmhIFgk6ESS4BbKz2uoaaUGVyWeFqLeQjr5EAPiBHFMpbZuZtUU5n327IxGqr
H8zjt/Ld+8Ptu0sr/RQSZY0LC6QC5P1seHcd6JjgHv7mT6AJMT0kn1+lErUHq4St
TJV8sHnNaUoyQs1UsNyg+Vbs/KjWvubHVLhAsT7CpneFOFNYKPWnpJRWFZzbnaEP
J8JwGhTpxYC6gb9PFAFvrbpmuVq29qaAHEt9M5QbLM7dC/cTZEJfFASrY6YOI8NN
vGBU7Y8V5VMnazkdOf09Wg4VMWgVg4Jx8MxLGq4YBj8wveB9zi+cOh52OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJjVoVfR72n9sl6Z4Tkm2NxCmzolMB8GA1UdIwQY
MBaAFHJOpBh47pE358k9bc0x0CDsP+RhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2s2a0dIanVrVGZueVQxdHpUSFFJT3dfNUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jMjU0ZWYtMzRlNi00OGNkLTk2MjAt
OGQzM2IyYTJmZGU4LzEvbU5XaFY5SHZhZjJ5WHBuaE9TYlkzRUtiT2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jMjU0ZWYtMzRlNi00OGNkLTk2MjAtOGQzM2IyYTJmZGU4
LzEvY2s2a0dIanVrVGZueVQxdHpUSFFJT3dfNUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTQRAwQB
wiByMA0GCSqGSIb3DQEBCwUAA4IBAQB6dTo0496MpTxVnTSwzjEErUm1NBfB7D4f
HRiXAJjXkRiAXD3Aifuo6IKq9oXwWyj7CeiAmc0xoy6KcsjcCs0uGhiFLCbpgpQr
bKEBeRCIgkiRVwnkT9oxmJJMSgorT/p1kJAT+rsWFoyzUPkHpzHsd8NgbhfghFBl
SZzaDQ/Shev4SxwqE1htfLbtexq3D4eJgsnN/HlV5gK3NMJEPlDMBq7YC5c69x5N
6HzEEDFuzcJQF+WMcU7OjOjN3fgBBLIwcpKR3/csr0IfPUxlDZCy3swxnO8VoJ7o
upveymV55lYR2q2lMwC5IM4DwCUDyQ4m8hLpXY2pPOFkM6MqoWyw
-----END CERTIFICATE-----