Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/MVpNxMXoCCGfz_NduHqLutcC6UU.roa
File:                     MVpNxMXoCCGfz_NduHqLutcC6UU.roa (raw, json)
Hash identifier:          6E5MEfPjb4ZLJs83oF/uVT6PzLoz3GgRI78kuiwyI/s=
Subject key identifier:   31:5A:4D:C4:C5:E8:08:21:9F:CF:F3:5D:B8:7A:8B:BA:D7:02:E9:45
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019DCA0D5E983D79F95082119395573DEABC
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/MVpNxMXoCCGfz_NduHqLutcC6UU.roa
Signing time:             Sun 26 Apr 2026 13:49:26 +0000
ROA not before:           Sun 26 Apr 2026 13:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        91.200.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ca:0d:5e:98:3d:79:f9:50:82:11:93:95:57:3d:ea:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Apr 26 13:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=315a4dc4c5e808219fcff35db87a8bbad702e945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:64:8a:ff:91:b1:26:75:d5:9d:56:5f:48:17:
                    e5:6f:28:01:a4:ef:32:48:e9:78:b4:50:39:9d:bc:
                    f7:dc:01:60:a3:ba:9f:8b:6a:ae:98:77:0d:a3:3c:
                    70:fe:43:17:8d:3b:c7:49:f4:5d:b8:dc:69:a9:fc:
                    ad:aa:b9:34:42:56:03:3a:77:05:fd:3d:98:66:ce:
                    65:c9:f8:be:ba:cf:a6:8b:88:76:96:64:3a:bf:d6:
                    5e:d5:c9:dc:98:d8:29:fa:75:69:f4:96:87:9d:c2:
                    69:96:6c:bb:8a:bd:ef:af:89:33:38:5c:52:ad:86:
                    34:e6:e0:ee:1e:61:db:c7:fa:17:43:b1:c3:f9:c2:
                    65:11:df:58:6c:87:a1:8d:26:af:9f:0f:ac:02:e4:
                    c4:2a:90:2e:22:46:ce:e3:92:6e:c4:c8:11:de:4f:
                    f6:ee:69:d8:a1:ba:91:a3:25:bd:da:98:3e:b4:25:
                    d0:3f:25:2f:bf:4a:a1:cc:18:1a:52:71:78:86:20:
                    18:4a:f3:56:fe:dd:2a:69:e5:b3:cd:22:35:83:6b:
                    5c:d0:e9:69:3d:03:54:a0:f5:93:66:0b:7a:f5:7d:
                    2f:6c:40:0d:74:1b:99:fd:c6:94:1e:d9:69:4f:9d:
                    af:b5:14:e3:4d:1b:97:58:a5:b2:c4:e1:e8:29:3c:
                    e5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:5A:4D:C4:C5:E8:08:21:9F:CF:F3:5D:B8:7A:8B:BA:D7:02:E9:45
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/MVpNxMXoCCGfz_NduHqLutcC6UU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:1a:c8:db:a7:09:59:17:0b:56:02:10:5e:aa:40:32:30:ee:
         17:93:4d:13:79:b1:8f:dd:2c:96:42:1a:5b:48:df:80:98:7a:
         fb:09:49:cb:66:ab:bc:43:54:15:c5:64:1b:82:64:f8:50:2a:
         a4:49:19:0a:be:09:2e:30:12:72:a5:8a:d1:2b:74:83:af:ce:
         af:9b:02:cd:a7:2b:71:d0:83:a3:5d:a0:a7:9b:84:30:18:67:
         44:7b:ca:62:31:7a:b9:09:77:79:75:4c:d8:09:29:86:2f:29:
         1c:3e:ef:01:6a:65:d4:4d:c4:ad:07:ae:84:e7:53:97:75:74:
         36:3c:fb:69:e9:53:54:29:36:1b:e2:8d:de:b5:14:33:1f:0c:
         c8:75:de:56:95:d1:ec:ea:42:eb:d1:be:f0:45:8f:b6:e4:ee:
         71:2a:9a:3f:f2:c5:fe:5f:2f:76:4b:00:5c:25:d5:b5:fd:a1:
         47:92:3b:03:9a:e9:8a:b5:bd:a4:16:d2:e1:84:a1:a0:3c:e3:
         ad:4d:ef:5c:70:68:2f:af:13:9d:47:38:4d:9e:ed:5f:53:2a:
         88:47:ae:81:f2:ba:b5:51:61:97:85:30:cd:71:de:ff:97:03:
         94:ce:45:53:f6:2a:9d:09:4c:ed:9e:45:32:29:44:2f:95:12:
         bf:bb:16:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3KDV6YPXn5UIIRk5VXPeq8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNDI2MTM0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTVhNGRjNGM1ZTgwODIxOWZjZmYzNWRiODdhOGJiYWQ3MDJlOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomSK/5GxJnXVnVZfSBflbygBpO8y
SOl4tFA5nbz33AFgo7qfi2qumHcNozxw/kMXjTvHSfRduNxpqfytqrk0QlYDOncF
/T2YZs5lyfi+us+mi4h2lmQ6v9Ze1cncmNgp+nVp9JaHncJplmy7ir3vr4kzOFxS
rYY05uDuHmHbx/oXQ7HD+cJlEd9YbIehjSavnw+sAuTEKpAuIkbO45JuxMgR3k/2
7mnYobqRoyW92pg+tCXQPyUvv0qhzBgaUnF4hiAYSvNW/t0qaeWzzSI1g2tc0Olp
PQNUoPWTZgt69X0vbEANdBuZ/caUHtlpT52vtRTjTRuXWKWyxOHoKTzlCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFaTcTF6Aghn8/zXbh6i7rXAulFMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvTVZwTnhNWG9DQ0dmel9OZHVIcUx1dGNDNlVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8jfMA0G
CSqGSIb3DQEBCwUAA4IBAQBkGsjbpwlZFwtWAhBeqkAyMO4Xk00TebGP3SyWQhpb
SN+AmHr7CUnLZqu8Q1QVxWQbgmT4UCqkSRkKvgkuMBJypYrRK3SDr86vmwLNpytx
0IOjXaCnm4QwGGdEe8piMXq5CXd5dUzYCSmGLykcPu8BamXUTcStB66E51OXdXQ2
PPtp6VNUKTYb4o3etRQzHwzIdd5WldHs6kLr0b7wRY+25O5xKpo/8sX+Xy92SwBc
JdW1/aFHkjsDmumKtb2kFtLhhKGgPOOtTe9ccGgvrxOdRzhNnu1fUyqIR66B8rq1
UWGXhTDNcd7/lwOUzkVT9iqdCUztnkUyKUQvlRK/uxaO
-----END CERTIFICATE-----