Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/831cec-d965-400a-9899-fdbc5c6ae5aa/1/MQtI7yBtmsDk4DKqPSGfWKdKyAo.roa
File:                     MQtI7yBtmsDk4DKqPSGfWKdKyAo.roa (raw, json)
Hash identifier:          +iNt+U/ElAwJwno5xdY5orBbnGETU96olMUGY0otCFs=
Subject key identifier:   31:0B:48:EF:20:6D:9A:C0:E4:E0:32:AA:3D:21:9F:58:A7:4A:C8:0A
Certificate issuer:       /CN=a71ac23a4d3ecfcbca4513896b17ae4e89682a78
Certificate serial:       0198A7E429766C37BAC95FB64787C3C145BC
Authority key identifier: A7:1A:C2:3A:4D:3E:CF:CB:CA:45:13:89:6B:17:AE:4E:89:68:2A:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pxrCOk0-z8vKRROJaxeuToloKng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/831cec-d965-400a-9899-fdbc5c6ae5aa/1/MQtI7yBtmsDk4DKqPSGfWKdKyAo.roa
Signing time:             Thu 14 Aug 2025 09:23:24 +0000
ROA not before:           Thu 14 Aug 2025 09:23:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204319
IP address blocks:        185.228.208.0/22 maxlen: 24
                          2a0d:4600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/831cec-d965-400a-9899-fdbc5c6ae5aa/1/pxrCOk0-z8vKRROJaxeuToloKng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/831cec-d965-400a-9899-fdbc5c6ae5aa/1/pxrCOk0-z8vKRROJaxeuToloKng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pxrCOk0-z8vKRROJaxeuToloKng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:e4:29:76:6c:37:ba:c9:5f:b6:47:87:c3:c1:45:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a71ac23a4d3ecfcbca4513896b17ae4e89682a78
        Validity
            Not Before: Aug 14 09:23:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=310b48ef206d9ac0e4e032aa3d219f58a74ac80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:21:ac:db:d0:d2:23:30:10:57:9d:1f:4f:bf:
                    e1:38:3f:7f:0e:92:2e:0f:5a:ff:1b:e9:5e:22:32:
                    6d:bb:d6:a0:91:03:9b:64:60:a1:8b:46:ae:e1:fd:
                    07:bb:03:0a:64:76:a0:0d:a3:86:3f:ab:b1:ce:62:
                    e5:b7:c8:f6:3a:6f:fd:54:56:13:e6:e7:87:ba:15:
                    97:1d:bb:4a:7f:21:30:b9:c4:f9:67:15:66:48:83:
                    ca:1e:56:39:59:01:11:fe:37:4d:da:78:09:17:6f:
                    40:28:2b:03:c0:42:fa:03:d0:59:ea:a2:60:62:ef:
                    bf:2b:97:8f:a4:9a:b8:b2:ed:e4:b2:74:d6:e8:69:
                    fe:f3:6d:52:1f:47:45:2c:ad:87:c2:c1:fb:96:88:
                    3f:ca:be:8d:a6:f3:6e:c6:59:12:25:42:d4:40:de:
                    89:87:6b:c9:84:54:0f:b9:1f:b5:5d:4c:93:9e:93:
                    1d:8c:4e:57:d4:6b:45:d6:fc:96:ec:23:69:e8:8a:
                    83:09:59:b9:48:b8:85:6d:da:72:12:57:fc:a4:75:
                    7d:62:3f:75:d3:8b:22:50:28:0e:e0:0a:64:21:92:
                    bd:7a:8f:37:41:cf:73:84:ef:49:b4:e8:0b:52:a3:
                    19:73:45:38:0e:88:4d:61:32:21:eb:df:af:3c:31:
                    54:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0B:48:EF:20:6D:9A:C0:E4:E0:32:AA:3D:21:9F:58:A7:4A:C8:0A
            X509v3 Authority Key Identifier:
                keyid:A7:1A:C2:3A:4D:3E:CF:CB:CA:45:13:89:6B:17:AE:4E:89:68:2A:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pxrCOk0-z8vKRROJaxeuToloKng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/831cec-d965-400a-9899-fdbc5c6ae5aa/1/MQtI7yBtmsDk4DKqPSGfWKdKyAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/831cec-d965-400a-9899-fdbc5c6ae5aa/1/pxrCOk0-z8vKRROJaxeuToloKng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.208.0/22
                IPv6:
                  2a0d:4600::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:89:1c:64:cf:76:11:bc:26:6b:63:74:7e:03:3e:1d:08:63:
         7f:95:01:96:6e:d6:ea:8e:dd:3c:33:dc:be:62:9c:4e:9d:b0:
         f2:7b:b6:4e:c1:f6:3a:26:a4:ec:78:27:50:ae:23:ca:2c:a5:
         f7:eb:31:32:cd:19:f7:5c:bd:b3:33:77:a9:23:8b:a3:87:25:
         37:ea:53:4a:1f:d2:f1:71:d5:5f:92:ce:31:36:a8:ec:da:b2:
         e1:8d:1f:ce:f7:5d:f4:84:62:98:c1:b3:e3:25:56:d9:4c:df:
         2d:10:2d:4e:37:2d:b8:15:89:82:38:94:32:9e:46:fe:b4:30:
         af:9a:2d:5e:fd:2f:57:28:22:06:fb:51:d6:26:88:dc:a7:5d:
         c0:cf:e5:8b:66:73:6c:b8:5e:ce:99:81:d4:d5:1f:ab:67:a4:
         f1:b3:1b:3f:b3:cd:3e:24:83:4a:20:d8:d5:22:a2:b8:4f:40:
         c1:2e:6c:e0:4f:d7:7b:c8:f4:39:9d:15:a5:f3:39:ef:8b:8e:
         56:d4:27:ab:08:65:81:b1:67:53:64:30:ff:32:a7:73:fc:c7:
         6a:6a:0b:e3:84:64:72:6e:70:37:6e:d8:da:0b:a1:cc:1e:a0:
         9c:4a:1c:8b:66:f9:a8:6d:2b:1d:d0:d7:e0:c0:39:3c:93:4f:
         23:8f:ca:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZin5Cl2bDe6yV+2R4fDwUW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MWFjMjNhNGQzZWNmY2JjYTQ1MTM4OTZiMTdhZTRlODk2
ODJhNzgwHhcNMjUwODE0MDkyMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBiNDhlZjIwNmQ5YWMwZTRlMDMyYWEzZDIxOWY1OGE3NGFjODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiGs29DSIzAQV50fT7/hOD9/DpIu
D1r/G+leIjJtu9agkQObZGChi0au4f0HuwMKZHagDaOGP6uxzmLlt8j2Om/9VFYT
5ueHuhWXHbtKfyEwucT5ZxVmSIPKHlY5WQER/jdN2ngJF29AKCsDwEL6A9BZ6qJg
Yu+/K5ePpJq4su3ksnTW6Gn+821SH0dFLK2HwsH7log/yr6NpvNuxlkSJULUQN6J
h2vJhFQPuR+1XUyTnpMdjE5X1GtF1vyW7CNp6IqDCVm5SLiFbdpyElf8pHV9Yj91
04siUCgO4ApkIZK9eo83Qc9zhO9JtOgLUqMZc0U4DohNYTIh69+vPDFU1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDELSO8gbZrA5OAyqj0hn1inSsgKMB8GA1UdIwQY
MBaAFKcawjpNPs/LykUTiWsXrk6JaCp4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHhyQ09rMC16OHZLUlJPSmF4ZXVUb2xvS25nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84MzFjZWMtZDk2NS00MDBhLTk4OTkt
ZmRiYzVjNmFlNWFhLzEvTVF0STd5QnRtc0RrNERLcVBTR2ZXS2RLeUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84MzFjZWMtZDk2NS00MDBhLTk4OTktZmRiYzVjNmFlNWFh
LzEvcHhyQ09rMC16OHZLUlJPSmF4ZXVUb2xvS25nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueTQMA0E
AgACMAcDBQMqDUYAMA0GCSqGSIb3DQEBCwUAA4IBAQCCiRxkz3YRvCZrY3R+Az4d
CGN/lQGWbtbqjt08M9y+YpxOnbDye7ZOwfY6JqTseCdQriPKLKX36zEyzRn3XL2z
M3epI4ujhyU36lNKH9LxcdVfks4xNqjs2rLhjR/O9130hGKYwbPjJVbZTN8tEC1O
Ny24FYmCOJQynkb+tDCvmi1e/S9XKCIG+1HWJojcp13Az+WLZnNsuF7OmYHU1R+r
Z6Txsxs/s80+JINKINjVIqK4T0DBLmzgT9d7yPQ5nRWl8znvi45W1CerCGWBsWdT
ZDD/Mqdz/MdqagvjhGRybnA3btjaC6HMHqCcShyLZvmobSsd0NfgwDk8k08jj8qW
-----END CERTIFICATE-----