Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/MS4QM8pTgNvck47LJGrNRRzcx5k.roa
File:                     MS4QM8pTgNvck47LJGrNRRzcx5k.roa (raw, json)
Hash identifier:          /i8c7H0MjJPPqLbe4N1XbPH1LlsyGlITf8EjUGqqAxs=
Subject key identifier:   31:2E:10:33:CA:53:80:DB:DC:93:8E:CB:24:6A:CD:45:1C:DC:C7:99
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       0199E3015115E0A7CD2A47F77686B8DF9A4E
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/MS4QM8pTgNvck47LJGrNRRzcx5k.roa
Signing time:             Tue 14 Oct 2025 13:55:38 +0000
ROA not before:           Tue 14 Oct 2025 13:55:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216256
IP address blocks:        2a13:a5c7:3400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e3:01:51:15:e0:a7:cd:2a:47:f7:76:86:b8:df:9a:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Oct 14 13:55:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=312e1033ca5380dbdc938ecb246acd451cdcc799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c9:8c:36:63:b8:de:66:23:ff:d5:85:9d:a6:
                    da:81:fc:b2:c9:f4:af:6b:05:37:45:8e:b7:ac:07:
                    4f:68:cc:f0:3f:3f:48:6c:89:78:ac:aa:84:d7:af:
                    46:24:85:b7:0c:2e:05:a3:fa:dc:c9:34:53:7a:b0:
                    2e:41:5b:f3:1b:ea:f9:31:14:90:c7:5e:b6:d5:c8:
                    56:d2:29:3f:e4:cf:9f:dd:b8:22:2e:2b:ca:c2:52:
                    24:88:0f:a0:01:38:74:d5:cf:de:a8:37:d3:9b:71:
                    51:43:99:f1:83:29:ec:ee:e9:0c:1f:f9:bd:61:68:
                    48:c5:9a:f3:ef:16:fa:3e:4d:12:d7:ca:43:eb:55:
                    b4:71:24:54:21:9e:c3:be:b6:7a:ff:f9:3d:d3:fe:
                    7f:4f:6a:2a:63:67:a5:9d:35:4d:8c:e4:e3:e7:84:
                    d4:34:d7:96:34:c1:9e:40:93:51:af:c9:76:24:15:
                    9c:6f:56:6b:cc:be:2a:9b:ae:56:da:22:cd:07:2e:
                    df:4c:5a:79:27:b0:56:ea:9b:62:b8:ce:76:b7:36:
                    f4:b7:f3:0e:b8:fe:12:57:75:32:2b:e7:76:66:66:
                    f2:69:2b:10:0a:3d:f6:92:61:f4:60:cb:c6:38:e1:
                    aa:92:82:7b:63:bf:ea:93:3d:5f:a1:38:9b:25:24:
                    ea:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:2E:10:33:CA:53:80:DB:DC:93:8E:CB:24:6A:CD:45:1C:DC:C7:99
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/MS4QM8pTgNvck47LJGrNRRzcx5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         26:6b:bf:36:0e:fb:7b:51:04:19:ba:82:3f:83:89:ff:d2:fe:
         43:04:bb:ef:1c:35:4d:2f:c0:b0:5f:69:f1:3e:83:39:ee:c7:
         df:0c:70:5d:93:2c:1a:81:00:45:d3:23:d9:25:9a:4d:d5:97:
         11:e2:69:54:b5:86:37:1d:6e:3c:cb:00:c7:05:97:25:a9:51:
         49:32:88:47:21:b4:47:ca:6b:38:01:ad:af:c0:c4:f9:56:a3:
         85:b0:5b:bd:00:e8:c3:e5:2f:f9:2c:00:fe:e5:60:8f:22:af:
         c4:37:84:e3:8e:4c:a2:53:ac:b3:18:2e:10:86:22:a7:b9:10:
         c2:9c:99:95:fe:8a:3b:a7:d7:18:52:71:d3:54:b7:d7:27:8b:
         b2:55:87:96:87:2f:c6:f0:29:fd:22:c8:04:49:7e:3b:77:42:
         c8:4b:8f:ab:33:1c:2a:12:c5:5e:f2:d6:37:9b:94:44:19:0b:
         5e:e4:ae:cf:67:7e:fe:b8:60:af:7a:bc:70:5b:f1:2c:6e:f2:
         20:da:82:f8:f2:e8:a0:60:ed:50:e3:70:42:50:b4:c4:65:29:
         66:35:ce:88:41:fe:ee:27:1d:c1:54:f0:a7:d7:1a:a1:44:37:
         c8:e7:ec:5f:27:44:d9:c0:39:f8:99:e8:11:33:57:21:fc:07:
         9a:9f:cf:68
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZnjAVEV4KfNKkf3doa435pOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUxMDE0MTM1NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTJlMTAzM2NhNTM4MGRiZGM5MzhlY2IyNDZhY2Q0NTFjZGNjNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcmMNmO43mYj/9WFnabagfyyyfSv
awU3RY63rAdPaMzwPz9IbIl4rKqE169GJIW3DC4Fo/rcyTRTerAuQVvzG+r5MRSQ
x1621chW0ik/5M+f3bgiLivKwlIkiA+gATh01c/eqDfTm3FRQ5nxgyns7ukMH/m9
YWhIxZrz7xb6Pk0S18pD61W0cSRUIZ7DvrZ6//k90/5/T2oqY2elnTVNjOTj54TU
NNeWNMGeQJNRr8l2JBWcb1ZrzL4qm65W2iLNBy7fTFp5J7BW6ptiuM52tzb0t/MO
uP4SV3UyK+d2ZmbyaSsQCj32kmH0YMvGOOGqkoJ7Y7/qkz1foTibJSTqUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDEuEDPKU4Db3JOOyyRqzUUc3MeZMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvTVM0UU04cFRnTnZjazQ3TEpHck5SUnpjeDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxzQw
DQYJKoZIhvcNAQELBQADggEBACZrvzYO+3tRBBm6gj+Dif/S/kMEu+8cNU0vwLBf
afE+gznux98McF2TLBqBAEXTI9klmk3VlxHiaVS1hjcdbjzLAMcFlyWpUUkyiEch
tEfKazgBra/AxPlWo4WwW70A6MPlL/ksAP7lYI8ir8Q3hOOOTKJTrLMYLhCGIqe5
EMKcmZX+ijun1xhScdNUt9cni7JVh5aHL8bwKf0iyARJfjt3QshLj6szHCoSxV7y
1jeblEQZC17krs9nfv64YK96vHBb8Sxu8iDagvjy6KBg7VDjcEJQtMRlKWY1zohB
/u4nHcFU8KfXGqFEN8jn7F8nRNnAOfiZ6BEzVyH8B5qfz2g=
-----END CERTIFICATE-----