Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/MHWEBb8RKZSn4dy7qA_izu7w91w.roa
File:                     MHWEBb8RKZSn4dy7qA_izu7w91w.roa (raw, json)
Hash identifier:          44oBBFXwCkfSDHIkUc46ZuGmSEo2ss8zLAgd2waANh8=
Subject key identifier:   30:75:84:05:BF:11:29:94:A7:E1:DC:BB:A8:0F:E2:CE:EE:F0:F7:5C
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       0199D9BE18E00578279EA572E5484CB0539E
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/MHWEBb8RKZSn4dy7qA_izu7w91w.roa
Signing time:             Sun 12 Oct 2025 18:45:38 +0000
ROA not before:           Sun 12 Oct 2025 18:45:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19318
IP address blocks:        91.199.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d9:be:18:e0:05:78:27:9e:a5:72:e5:48:4c:b0:53:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Oct 12 18:45:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30758405bf112994a7e1dcbba80fe2ceeef0f75c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4b:2a:10:08:b4:73:d4:da:0e:71:cf:01:7a:
                    54:7f:dd:a3:b8:94:14:e5:7e:cd:5e:d9:4e:72:ef:
                    59:49:2d:29:0b:24:e8:5f:e2:aa:10:f0:ff:de:2f:
                    9e:1b:b9:c1:82:7a:15:57:e8:ec:d5:4e:5f:95:63:
                    99:b2:cc:44:47:dc:7d:c6:fd:cf:1b:17:a0:a8:d6:
                    d9:13:16:e6:53:89:23:e8:01:56:94:85:69:18:b9:
                    69:24:d1:a9:10:f3:33:e5:0c:5c:93:54:0e:fd:46:
                    27:21:35:e5:db:2e:c6:f8:58:34:03:91:3b:5a:fb:
                    40:0b:3e:cc:9f:59:d7:e7:a4:eb:e4:6d:37:67:ad:
                    86:4c:d0:6b:43:2e:e0:4a:bf:2b:9a:af:12:28:bb:
                    db:48:a5:69:ee:9e:0a:c6:f0:0a:1e:af:39:4f:d3:
                    a6:8d:5c:47:c2:69:89:ba:99:9b:6b:3d:cd:45:8a:
                    4e:88:c2:e0:2d:27:16:57:1e:5f:0c:1c:6a:f9:d8:
                    59:4a:80:41:d7:e1:f1:fd:61:6c:dc:1a:2b:16:85:
                    33:5d:54:af:36:75:8c:37:eb:3f:c3:03:dc:29:04:
                    ca:99:c3:11:57:24:21:f8:3f:88:78:f5:4e:3e:41:
                    ef:42:55:27:a1:da:64:f6:32:38:33:17:9a:1f:c0:
                    09:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:75:84:05:BF:11:29:94:A7:E1:DC:BB:A8:0F:E2:CE:EE:F0:F7:5C
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/MHWEBb8RKZSn4dy7qA_izu7w91w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:92:77:5c:0a:fe:c3:92:60:25:f1:64:11:a1:83:4d:46:0b:
         95:ac:34:ea:4d:0b:05:8f:c6:ba:65:f0:5c:70:ac:9d:45:84:
         af:e3:c6:64:db:51:9a:20:55:55:69:f3:fc:f8:e1:c6:10:56:
         ba:ec:66:dd:2f:81:13:b8:f5:a8:07:46:23:68:f8:a3:b8:4b:
         0b:de:56:33:bd:04:69:cb:da:13:48:6e:01:e0:b4:ce:6d:5e:
         15:5b:77:09:95:f4:f5:f4:2d:1f:f9:c1:55:1f:36:42:bb:3f:
         98:1b:fc:b7:95:e5:b1:16:c8:f9:ca:68:24:dd:19:ec:2e:88:
         d4:be:5b:9a:32:42:43:27:6c:d1:e3:20:98:8d:b3:8b:ff:55:
         57:0a:b5:34:c7:b9:38:7b:77:57:60:41:62:36:06:96:12:20:
         57:a4:fb:e5:5e:34:5c:b7:38:1d:7b:7f:3a:01:ac:b1:e2:9e:
         03:c9:ca:0d:8f:05:28:53:6c:f7:4c:c6:c2:31:d8:e2:8c:f6:
         ae:ad:bf:56:93:9b:0b:24:fa:dc:69:d9:78:44:2a:dc:0c:f3:
         f2:23:cb:b8:41:2a:54:c3:60:20:46:49:4b:15:4d:c3:08:41:
         b0:02:bd:ad:8a:ff:70:09:78:4f:ac:af:37:f3:17:ab:a0:4e:
         3f:31:33:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnZvhjgBXgnnqVy5UhMsFOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjUxMDEyMTg0NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDc1ODQwNWJmMTEyOTk0YTdlMWRjYmJhODBmZTJjZWVlZjBmNzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0sqEAi0c9TaDnHPAXpUf92juJQU
5X7NXtlOcu9ZSS0pCyToX+KqEPD/3i+eG7nBgnoVV+js1U5flWOZssxER9x9xv3P
GxegqNbZExbmU4kj6AFWlIVpGLlpJNGpEPMz5Qxck1QO/UYnITXl2y7G+Fg0A5E7
WvtACz7Mn1nX56Tr5G03Z62GTNBrQy7gSr8rmq8SKLvbSKVp7p4KxvAKHq85T9Om
jVxHwmmJupmbaz3NRYpOiMLgLScWVx5fDBxq+dhZSoBB1+Hx/WFs3BorFoUzXVSv
NnWMN+s/wwPcKQTKmcMRVyQh+D+IePVOPkHvQlUnodpk9jI4MxeaH8AJuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDB1hAW/ESmUp+Hcu6gP4s7u8PdcMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvTUhXRUJiOFJLWlNuNGR5N3FBX2l6dTd3OTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cqMA0G
CSqGSIb3DQEBCwUAA4IBAQAOkndcCv7DkmAl8WQRoYNNRguVrDTqTQsFj8a6ZfBc
cKydRYSv48Zk21GaIFVVafP8+OHGEFa67GbdL4ETuPWoB0YjaPijuEsL3lYzvQRp
y9oTSG4B4LTObV4VW3cJlfT19C0f+cFVHzZCuz+YG/y3leWxFsj5ymgk3RnsLojU
vluaMkJDJ2zR4yCYjbOL/1VXCrU0x7k4e3dXYEFiNgaWEiBXpPvlXjRctzgde386
Aayx4p4DycoNjwUoU2z3TMbCMdjijPaurb9Wk5sLJPrcadl4RCrcDPPyI8u4QSpU
w2AgRklLFU3DCEGwAr2tiv9wCXhPrK838xeroE4/MTN3
-----END CERTIFICATE-----