Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/f197d0-a540-4882-a67a-b8a232eff2f6/1/MZ1NK3H1SSDYucpTLwo3IW5W5kQ.roa
File:                     MZ1NK3H1SSDYucpTLwo3IW5W5kQ.roa (raw, json)
Hash identifier:          SOv3KGJVuUaSms8BnGiLxniqNTKZVNDGof266hKwxIQ=
Subject key identifier:   31:9D:4D:2B:71:F5:49:20:D8:B9:CA:53:2F:0A:37:21:6E:56:E6:44
Certificate issuer:       /CN=7c16e9d57efdacd3f7bc7e98496b719fadc5ae48
Certificate serial:       0197A21F76306F008C4C77FCEE06911C10BD
Authority key identifier: 7C:16:E9:D5:7E:FD:AC:D3:F7:BC:7E:98:49:6B:71:9F:AD:C5:AE:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fBbp1X79rNP3vH6YSWtxn63Frkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/f197d0-a540-4882-a67a-b8a232eff2f6/1/MZ1NK3H1SSDYucpTLwo3IW5W5kQ.roa
Signing time:             Tue 24 Jun 2025 13:27:40 +0000
ROA not before:           Tue 24 Jun 2025 13:27:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8823
IP address blocks:        94.154.2.0/24 maxlen: 24
                          185.240.72.0/22 maxlen: 22
                          193.35.80.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/f197d0-a540-4882-a67a-b8a232eff2f6/1/fBbp1X79rNP3vH6YSWtxn63Frkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/f197d0-a540-4882-a67a-b8a232eff2f6/1/fBbp1X79rNP3vH6YSWtxn63Frkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fBbp1X79rNP3vH6YSWtxn63Frkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a2:1f:76:30:6f:00:8c:4c:77:fc:ee:06:91:1c:10:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c16e9d57efdacd3f7bc7e98496b719fadc5ae48
        Validity
            Not Before: Jun 24 13:27:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=319d4d2b71f54920d8b9ca532f0a37216e56e644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:af:f4:1e:d6:60:85:cf:27:ff:cb:0f:60:61:
                    7e:ce:f4:8a:4d:0f:f4:60:1c:6f:c6:43:76:54:10:
                    11:ef:fb:5a:bf:b6:9f:c7:ac:31:04:6e:4e:cb:4d:
                    1f:c3:23:64:55:fa:0e:1d:6a:78:88:93:0b:64:31:
                    e3:55:7f:0e:4b:5f:92:43:7b:95:2c:fa:2e:92:c2:
                    b4:2e:bb:05:48:37:d7:b4:1a:af:4e:a8:77:5d:a6:
                    f8:85:de:d9:4a:25:9f:41:5c:ff:1f:71:bf:75:10:
                    1b:3d:9e:fa:9f:ac:14:b9:f9:50:44:e7:d8:3b:6f:
                    31:fd:80:77:25:8a:29:9c:e3:66:f9:36:b3:5d:63:
                    19:3e:cf:3a:39:09:e7:e4:da:81:b9:bf:70:17:2d:
                    30:c1:16:f5:49:6e:b6:a6:8b:ff:df:cd:3b:84:fb:
                    16:4e:49:03:8e:13:16:de:a1:26:c5:67:18:bc:26:
                    61:b0:d0:b1:ef:1e:23:99:9e:af:0c:23:75:15:e7:
                    8c:e1:d2:a9:11:a7:50:f5:77:f0:40:21:00:08:c0:
                    67:0c:47:a1:f0:0e:7e:0a:07:33:b3:83:03:52:2f:
                    b0:a5:9c:9b:af:29:54:e6:e4:66:bf:3f:2f:94:b3:
                    16:00:ac:21:c8:1e:f9:8d:c6:23:60:21:73:56:1f:
                    90:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:9D:4D:2B:71:F5:49:20:D8:B9:CA:53:2F:0A:37:21:6E:56:E6:44
            X509v3 Authority Key Identifier:
                keyid:7C:16:E9:D5:7E:FD:AC:D3:F7:BC:7E:98:49:6B:71:9F:AD:C5:AE:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fBbp1X79rNP3vH6YSWtxn63Frkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/f197d0-a540-4882-a67a-b8a232eff2f6/1/MZ1NK3H1SSDYucpTLwo3IW5W5kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/f197d0-a540-4882-a67a-b8a232eff2f6/1/fBbp1X79rNP3vH6YSWtxn63Frkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.2.0/24
                  185.240.72.0/22
                  193.35.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:43:5d:7f:1a:19:c3:81:75:11:29:11:5c:fa:6f:a7:93:7b:
         e6:48:ad:87:1d:0b:b3:d9:a5:b5:b6:7a:08:f1:d9:08:50:d7:
         b8:ee:ea:31:b8:01:5e:a3:32:b7:10:ac:74:77:cd:24:09:83:
         8e:64:8d:9f:fc:76:e9:0f:d0:7e:f7:fe:ff:98:d0:ee:a1:15:
         be:72:98:54:23:3f:de:53:cc:9d:de:cb:6c:ed:d5:93:b6:32:
         37:e1:6d:c5:90:3d:51:fe:66:b1:d1:97:7c:89:e3:07:5c:0a:
         54:ac:e5:5e:e5:bb:5c:b6:b1:b9:07:2c:cc:65:9d:51:ad:b2:
         53:b4:55:23:d8:6b:d6:c7:e5:e5:d0:d8:2a:52:a9:23:a3:8a:
         8e:9b:75:6a:0e:07:89:ae:d0:6e:0d:ce:86:52:e3:d3:b1:65:
         72:f4:27:5a:0e:57:d5:99:c1:d7:29:41:e8:0c:d1:8a:cd:9c:
         c2:aa:00:f4:b2:b0:ff:d2:aa:48:06:f4:22:a0:83:07:3a:43:
         59:18:e1:02:7f:49:5c:0b:1e:7e:8a:ea:20:b6:58:1b:20:95:
         ae:10:b5:9f:c5:c2:7a:f4:77:9d:00:49:13:08:92:ab:06:18:
         53:8f:7a:f4:db:a8:4f:18:d6:52:86:85:68:d2:b9:2a:a0:f3:
         b4:0e:87:c8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZeiH3YwbwCMTHf87gaRHBC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMTZlOWQ1N2VmZGFjZDNmN2JjN2U5ODQ5NmI3MTlmYWRj
NWFlNDgwHhcNMjUwNjI0MTMyNzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTlkNGQyYjcxZjU0OTIwZDhiOWNhNTMyZjBhMzcyMTZlNTZlNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6/0HtZghc8n/8sPYGF+zvSKTQ/0
YBxvxkN2VBAR7/tav7afx6wxBG5Oy00fwyNkVfoOHWp4iJMLZDHjVX8OS1+SQ3uV
LPouksK0LrsFSDfXtBqvTqh3Xab4hd7ZSiWfQVz/H3G/dRAbPZ76n6wUuflQROfY
O28x/YB3JYopnONm+TazXWMZPs86OQnn5NqBub9wFy0wwRb1SW62pov/3807hPsW
TkkDjhMW3qEmxWcYvCZhsNCx7x4jmZ6vDCN1FeeM4dKpEadQ9XfwQCEACMBnDEeh
8A5+Cgczs4MDUi+wpZybrylU5uRmvz8vlLMWAKwhyB75jcYjYCFzVh+QJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDGdTStx9Ukg2LnKUy8KNyFuVuZEMB8GA1UdIwQY
MBaAFHwW6dV+/azT97x+mElrcZ+txa5IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkJicDFYNzlyTlAzdkg2WVNXdHhuNjNGcmtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9mMTk3ZDAtYTU0MC00ODgyLWE2N2Et
YjhhMjMyZWZmMmY2LzEvTVoxTkszSDFTU0RZdWNwVEx3bzNJVzVXNWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9mMTk3ZDAtYTU0MC00ODgyLWE2N2EtYjhhMjMyZWZmMmY2
LzEvZkJicDFYNzlyTlAzdkg2WVNXdHhuNjNGcmtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXpoCAwQC
ufBIAwQCwSNQMA0GCSqGSIb3DQEBCwUAA4IBAQArQ11/GhnDgXURKRFc+m+nk3vm
SK2HHQuz2aW1tnoI8dkIUNe47uoxuAFeozK3EKx0d80kCYOOZI2f/HbpD9B+9/7/
mNDuoRW+cphUIz/eU8yd3sts7dWTtjI34W3FkD1R/max0Zd8ieMHXApUrOVe5btc
trG5ByzMZZ1RrbJTtFUj2GvWx+Xl0NgqUqkjo4qOm3VqDgeJrtBuDc6GUuPTsWVy
9CdaDlfVmcHXKUHoDNGKzZzCqgD0srD/0qpIBvQioIMHOkNZGOECf0lcCx5+iuog
tlgbIJWuELWfxcJ69HedAEkTCJKrBhhTj3r026hPGNZShoVo0rkqoPO0DofI
-----END CERTIFICATE-----