Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/MhT_ic0uhnvyZeHmGUuSvJeWPpk.roa
File:                     MhT_ic0uhnvyZeHmGUuSvJeWPpk.roa (raw, json)
Hash identifier:          wzWvYEFygdswmUnUlDOzRDuit/r9AHiuR6372yT7GYk=
Subject key identifier:   32:14:FF:89:CD:2E:86:7B:F2:65:E1:E6:19:4B:92:BC:97:96:3E:99
Certificate issuer:       /CN=2fba003756d1013b943eb4f507fb4e7c74778269
Certificate serial:       0199F2B145FD626942DFD8C346F69ABD1286
Authority key identifier: 2F:BA:00:37:56:D1:01:3B:94:3E:B4:F5:07:FB:4E:7C:74:77:82:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L7oAN1bRATuUPrT1B_tOfHR3gmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/MhT_ic0uhnvyZeHmGUuSvJeWPpk.roa
Signing time:             Fri 17 Oct 2025 15:02:07 +0000
ROA not before:           Fri 17 Oct 2025 15:02:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48644
IP address blocks:        45.83.176.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/L7oAN1bRATuUPrT1B_tOfHR3gmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/L7oAN1bRATuUPrT1B_tOfHR3gmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L7oAN1bRATuUPrT1B_tOfHR3gmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:b1:45:fd:62:69:42:df:d8:c3:46:f6:9a:bd:12:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fba003756d1013b943eb4f507fb4e7c74778269
        Validity
            Not Before: Oct 17 15:02:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3214ff89cd2e867bf265e1e6194b92bc97963e99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:05:15:23:fa:4e:e3:39:4e:73:cb:fc:a8:28:
                    c2:93:7f:6c:18:63:70:00:dd:4b:11:34:4d:74:40:
                    eb:3c:ea:d6:15:59:fe:6c:de:52:76:dd:e0:fe:b0:
                    11:48:11:52:b7:86:f7:63:f1:a0:e9:84:46:cf:34:
                    77:b2:8a:b2:6e:f1:eb:db:64:c8:ae:bd:1e:f8:ea:
                    5c:45:ce:a5:a2:d6:43:de:2f:91:15:f1:a4:70:e7:
                    6a:7d:32:b5:16:27:b5:51:65:14:04:91:6f:cf:bb:
                    1e:f1:3e:b6:bd:25:55:42:5c:46:31:3a:3b:21:f6:
                    3a:7f:b0:3a:3d:5a:29:99:cf:67:56:77:4d:58:7b:
                    e0:86:e1:2a:79:9e:5e:05:ba:5f:22:05:90:43:27:
                    01:58:d7:9b:08:0f:5f:b0:7d:a3:8b:97:1b:34:74:
                    92:0c:be:b1:b5:c8:d9:90:59:31:46:21:9e:6e:51:
                    a9:b2:5b:12:fc:4d:08:d7:95:99:ee:73:7b:58:aa:
                    54:21:0c:e0:ae:ca:e4:95:c2:68:90:c7:b0:5f:44:
                    25:07:ee:d8:e0:4e:f2:bf:43:6e:18:ac:f5:61:0e:
                    ec:e1:ee:f9:7d:3c:63:57:83:6c:f0:f7:a7:83:14:
                    ec:ac:7c:0a:53:5c:5f:2a:7d:8c:68:ef:7e:d0:3f:
                    23:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:14:FF:89:CD:2E:86:7B:F2:65:E1:E6:19:4B:92:BC:97:96:3E:99
            X509v3 Authority Key Identifier:
                keyid:2F:BA:00:37:56:D1:01:3B:94:3E:B4:F5:07:FB:4E:7C:74:77:82:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7oAN1bRATuUPrT1B_tOfHR3gmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/MhT_ic0uhnvyZeHmGUuSvJeWPpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/L7oAN1bRATuUPrT1B_tOfHR3gmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:f2:8f:f7:1c:2b:47:e2:c7:0f:7f:5c:b2:3a:fd:48:e2:fa:
         f8:9f:e4:28:e2:e6:e4:83:b1:09:8e:02:c4:73:98:a6:f6:5f:
         86:c8:3e:83:d7:7a:78:96:50:4b:cf:c7:01:41:4f:77:58:8d:
         02:e7:65:8c:6d:b8:6d:84:d3:df:8d:b1:1c:19:c1:a4:b5:52:
         e9:05:99:98:e5:f1:65:78:cf:33:88:bf:92:50:c0:2a:33:4f:
         ef:65:78:d2:d4:48:7f:a3:0e:e5:6f:a2:e6:20:ec:64:46:de:
         60:ff:35:f7:a3:78:05:4a:50:04:9a:5c:0a:8a:8f:ad:23:c7:
         e1:19:b3:7a:3a:08:a9:63:03:e7:4c:5b:92:df:8d:53:30:40:
         76:0e:fb:27:ad:07:1d:f7:74:32:75:f4:92:c9:bb:80:f8:b6:
         e3:52:56:1a:97:fe:de:b8:f8:ce:4f:a7:90:95:09:4a:f7:36:
         80:d0:eb:60:f7:b9:75:8c:09:6c:12:07:98:64:38:3f:04:e5:
         61:d6:c9:97:ea:e1:51:ef:7a:4a:1c:2f:cd:bf:74:9a:ad:e5:
         44:1e:02:90:fe:66:cd:44:13:fa:11:8b:b5:76:c3:c6:3a:50:
         e3:1d:a6:9f:41:e5:53:73:fd:66:7a:bc:68:75:ae:11:e5:0c:
         05:78:1d:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnysUX9YmlC39jDRvaavRKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYmEwMDM3NTZkMTAxM2I5NDNlYjRmNTA3ZmI0ZTdjNzQ3
NzgyNjkwHhcNMjUxMDE3MTUwMjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjE0ZmY4OWNkMmU4NjdiZjI2NWUxZTYxOTRiOTJiYzk3OTYzZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugUVI/pO4zlOc8v8qCjCk39sGGNw
AN1LETRNdEDrPOrWFVn+bN5Sdt3g/rARSBFSt4b3Y/Gg6YRGzzR3soqybvHr22TI
rr0e+OpcRc6lotZD3i+RFfGkcOdqfTK1Fie1UWUUBJFvz7se8T62vSVVQlxGMTo7
IfY6f7A6PVopmc9nVndNWHvghuEqeZ5eBbpfIgWQQycBWNebCA9fsH2ji5cbNHSS
DL6xtcjZkFkxRiGeblGpslsS/E0I15WZ7nN7WKpUIQzgrsrklcJokMewX0QlB+7Y
4E7yv0NuGKz1YQ7s4e75fTxjV4Ns8PengxTsrHwKU1xfKn2MaO9+0D8j4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIU/4nNLoZ78mXh5hlLkryXlj6ZMB8GA1UdIwQY
MBaAFC+6ADdW0QE7lD609Qf7Tnx0d4JpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDdvQU4xYlJBVHVVUHJUMUJfdE9mSFIzZ21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy82MjJmZGItMGU1Ni00Yzg3LTg2NmIt
YjMxZjI1MmYxOTY5LzEvTWhUX2ljMHVobnZ5WmVIbUdVdVN2SmVXUHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy82MjJmZGItMGU1Ni00Yzg3LTg2NmItYjMxZjI1MmYxOTY5
LzEvTDdvQU4xYlJBVHVVUHJUMUJfdE9mSFIzZ21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVOwMA0G
CSqGSIb3DQEBCwUAA4IBAQAq8o/3HCtH4scPf1yyOv1I4vr4n+Qo4ubkg7EJjgLE
c5im9l+GyD6D13p4llBLz8cBQU93WI0C52WMbbhthNPfjbEcGcGktVLpBZmY5fFl
eM8ziL+SUMAqM0/vZXjS1Eh/ow7lb6LmIOxkRt5g/zX3o3gFSlAEmlwKio+tI8fh
GbN6OgipYwPnTFuS341TMEB2DvsnrQcd93QydfSSybuA+LbjUlYal/7euPjOT6eQ
lQlK9zaA0Otg97l1jAlsEgeYZDg/BOVh1smX6uFR73pKHC/Nv3SareVEHgKQ/mbN
RBP6EYu1dsPGOlDjHaafQeVTc/1merxoda4R5QwFeB1b
-----END CERTIFICATE-----