Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/mjqJ3g2QA7YGBuB3_fEWinx88EI.roa
File:                     mjqJ3g2QA7YGBuB3_fEWinx88EI.roa (raw, json)
Hash identifier:          ZV8Dbxu7Ule/9HsB7eV4+HvXXntdxcf8AVxanr9AWlk=
Subject key identifier:   9A:3A:89:DE:0D:90:03:B6:06:06:E0:77:FD:F1:16:8A:7C:7C:F0:42
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0199FC6D33E3B4B2F5A24FAE445774CA89EC
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/mjqJ3g2QA7YGBuB3_fEWinx88EI.roa
Signing time:             Sun 19 Oct 2025 12:23:59 +0000
ROA not before:           Sun 19 Oct 2025 12:23:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216078
IP address blocks:        146.19.21.0/24 maxlen: 24
                          212.46.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:6d:33:e3:b4:b2:f5:a2:4f:ae:44:57:74:ca:89:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Oct 19 12:23:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a3a89de0d9003b60606e077fdf1168a7c7cf042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:71:1a:84:2a:79:9a:0f:2f:1d:e9:31:07:a1:
                    05:1e:67:60:fb:bc:bc:b9:8a:a7:8e:fd:92:b4:37:
                    81:fc:25:93:2c:67:4b:55:8c:6f:c2:58:9b:8c:d3:
                    5b:f2:cc:71:b3:94:6a:bd:8a:3b:76:ba:f4:3a:b8:
                    56:16:b9:74:26:ed:74:60:ff:8c:76:9d:8f:11:c9:
                    71:de:13:45:91:f8:0a:18:b3:02:ce:0d:e6:fe:24:
                    e0:72:40:35:94:03:5a:58:de:9a:b8:20:9a:31:74:
                    3c:f0:a8:66:4c:27:14:5c:1b:ae:74:10:7f:f7:7a:
                    c7:fa:59:f6:fb:f0:60:1c:5e:7c:40:83:54:0c:84:
                    81:0d:ac:8b:df:c8:20:98:88:05:f2:1d:f0:d3:8a:
                    2d:ea:f4:38:0c:b6:b8:10:35:82:e8:d9:cf:99:9e:
                    9f:04:bd:3f:b8:fc:18:17:a6:cb:5b:1f:17:e1:fa:
                    4c:9c:55:25:04:ac:b8:fe:30:67:bb:1c:40:de:99:
                    8e:23:26:c0:52:b6:a5:36:66:3c:b9:78:5a:db:e1:
                    ae:ae:c6:63:38:0f:ac:29:28:3b:a5:d5:9c:f8:5f:
                    df:46:9f:86:d9:54:e4:73:21:38:9a:49:ca:15:d3:
                    11:ae:cc:8b:4d:34:da:65:06:6a:61:0a:bc:b9:52:
                    ca:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:3A:89:DE:0D:90:03:B6:06:06:E0:77:FD:F1:16:8A:7C:7C:F0:42
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/mjqJ3g2QA7YGBuB3_fEWinx88EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.21.0/24
                  212.46.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:4e:bb:28:85:b9:75:c4:9f:b0:dd:ac:4e:93:a6:fd:72:14:
         66:98:4e:5b:50:4d:47:02:05:f4:1b:b8:db:65:74:92:a6:7c:
         15:58:3c:11:fe:87:53:ae:17:2e:31:97:1b:3a:e1:5a:a6:3d:
         db:be:71:e5:d5:63:53:f6:5d:80:31:50:3d:bb:64:38:d3:83:
         f0:7f:8d:a8:bb:62:9d:27:1f:dd:56:15:6b:e4:d0:b8:5f:9e:
         05:76:87:52:fd:46:af:a0:ca:4b:45:b5:09:84:cd:af:0d:f1:
         d5:5d:cf:c6:57:f6:b4:79:d5:27:e2:2b:df:85:27:db:7a:da:
         3b:5e:5a:e2:bb:4f:06:b2:1d:6e:5e:9c:10:0b:5a:af:ab:dd:
         09:df:d8:4c:f8:93:09:55:58:a9:30:66:af:de:2e:7a:f8:66:
         89:30:85:4b:ab:b4:d8:79:dd:df:c8:a8:88:e3:39:53:81:ea:
         a9:5b:b9:46:e6:2a:20:fc:70:fe:f9:3f:70:34:a2:b6:77:c1:
         fb:09:2c:41:fb:36:b1:3f:8c:64:b6:05:d5:37:07:3e:6a:6e:
         39:ed:1c:da:b2:53:48:e4:e9:b3:9a:83:03:80:76:16:35:d1:
         7c:5b:47:25:8d:8e:fc:bd:06:8a:b4:68:0d:bc:74:a5:7c:dd:
         df:6c:ad:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZn8bTPjtLL1ok+uRFd0yonsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUxMDE5MTIyMzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTNhODlkZTBkOTAwM2I2MDYwNmUwNzdmZGYxMTY4YTdjN2NmMDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHEahCp5mg8vHekxB6EFHmdg+7y8
uYqnjv2StDeB/CWTLGdLVYxvwlibjNNb8sxxs5RqvYo7drr0OrhWFrl0Ju10YP+M
dp2PEclx3hNFkfgKGLMCzg3m/iTgckA1lANaWN6auCCaMXQ88KhmTCcUXBuudBB/
93rH+ln2+/BgHF58QINUDISBDayL38ggmIgF8h3w04ot6vQ4DLa4EDWC6NnPmZ6f
BL0/uPwYF6bLWx8X4fpMnFUlBKy4/jBnuxxA3pmOIybAUralNmY8uXha2+GursZj
OA+sKSg7pdWc+F/fRp+G2VTkcyE4mknKFdMRrsyLTTTaZQZqYQq8uVLKOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJo6id4NkAO2Bgbgd/3xFop8fPBCMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvbWpxSjNnMlFBN1lHQnVCM19mRVdpbng4OEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhMVAwQA
1C4lMA0GCSqGSIb3DQEBCwUAA4IBAQCYTrsohbl1xJ+w3axOk6b9chRmmE5bUE1H
AgX0G7jbZXSSpnwVWDwR/odTrhcuMZcbOuFapj3bvnHl1WNT9l2AMVA9u2Q404Pw
f42ou2KdJx/dVhVr5NC4X54FdodS/UavoMpLRbUJhM2vDfHVXc/GV/a0edUn4ivf
hSfbeto7Xlriu08Gsh1uXpwQC1qvq90J39hM+JMJVVipMGav3i56+GaJMIVLq7TY
ed3fyKiI4zlTgeqpW7lG5iog/HD++T9wNKK2d8H7CSxB+zaxP4xktgXVNwc+am45
7RzaslNI5OmzmoMDgHYWNdF8W0cljY78vQaKtGgNvHSlfN3fbK3Z
-----END CERTIFICATE-----