Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mKrzl5sArdONx80ZF97SrlHsbB8.roa
File:                     mKrzl5sArdONx80ZF97SrlHsbB8.roa (raw, json)
Hash identifier:          1jeGCEGGcSOxeieXRQy5TCyKfWKIDWG5KHM77Uz6hlQ=
Subject key identifier:   98:AA:F3:97:9B:00:AD:D3:8D:C7:CD:19:17:DE:D2:AE:51:EC:6C:1F
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019D191574F2951A53D7D8C99B6732BAF94F
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mKrzl5sArdONx80ZF97SrlHsbB8.roa
Signing time:             Mon 23 Mar 2026 05:05:29 +0000
ROA not before:           Mon 23 Mar 2026 05:05:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213787
IP address blocks:        46.8.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:15:74:f2:95:1a:53:d7:d8:c9:9b:67:32:ba:f9:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Mar 23 05:05:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98aaf3979b00add38dc7cd1917ded2ae51ec6c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:78:40:98:53:86:70:89:47:c7:91:2e:08:96:
                    02:40:6b:f8:29:75:b3:a6:4f:19:c2:4f:c5:e5:b4:
                    a7:b5:d8:fe:9b:b8:f3:72:d2:d1:47:77:b4:dc:33:
                    00:63:4a:ba:61:81:9f:20:9f:70:a5:32:5b:85:1a:
                    d6:3c:8d:21:f3:f4:87:18:09:95:7c:73:8f:9d:75:
                    47:b7:6f:47:6b:0c:38:9f:d7:5c:2c:07:d1:68:e1:
                    fe:8b:85:db:9a:5f:2c:aa:d4:47:de:20:06:a7:c9:
                    bd:d6:f1:35:25:7d:6e:43:3d:15:69:f6:3d:c1:33:
                    41:8c:0c:d9:42:3f:71:f1:d7:cd:4f:80:04:e3:a4:
                    c5:c0:e4:05:19:8c:40:42:df:6b:eb:e6:35:3e:43:
                    8a:b1:32:a6:c2:9a:ac:c5:ae:77:95:e0:12:e9:6b:
                    0f:f4:b8:02:e6:90:de:40:2f:63:2b:66:36:bc:e7:
                    fd:67:fc:00:8d:00:fa:08:1d:1b:33:40:e3:4a:ca:
                    a8:c2:51:5a:6e:3a:b4:75:e6:cb:13:9e:e7:1f:4e:
                    1a:e4:9e:9b:1a:6c:d1:bb:90:7a:26:83:0f:e2:60:
                    2e:89:2b:97:60:fc:13:7a:34:4d:18:53:9b:cd:db:
                    3f:98:b0:3b:04:25:ba:f2:e9:c5:34:17:e6:da:94:
                    0e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:AA:F3:97:9B:00:AD:D3:8D:C7:CD:19:17:DE:D2:AE:51:EC:6C:1F
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mKrzl5sArdONx80ZF97SrlHsbB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ec:41:d2:9e:22:1b:15:aa:51:e6:0f:af:35:82:76:67:c4:
         1f:1b:92:48:47:82:8d:e5:71:0c:48:2a:f9:2f:f2:de:71:16:
         e6:4d:9f:9d:05:e4:e7:36:b3:a4:01:61:cf:4c:37:3f:7c:53:
         a5:79:a0:8f:9f:fe:ef:8b:7e:db:a7:57:68:a5:ab:5b:07:21:
         d4:1b:4a:dd:d6:e2:a8:03:14:63:76:db:72:45:28:96:01:e0:
         43:b5:94:a7:91:71:96:0a:cd:4b:ea:19:39:0f:09:7a:59:26:
         32:63:a4:8d:4c:7e:0a:79:40:34:38:c4:97:03:d6:0e:dc:5e:
         10:b7:02:91:ac:39:91:c5:c8:48:91:6a:70:af:ce:78:a1:4a:
         df:e9:c6:02:24:68:b8:3f:07:33:d7:a4:78:52:84:5d:91:b1:
         fa:bc:a4:74:e6:88:ff:9a:d9:fc:d0:33:32:1a:f9:4c:97:a6:
         8d:06:70:21:3c:0f:42:3a:a5:ca:19:c2:51:2f:05:94:ad:65:
         8c:5a:cf:81:9b:47:b2:32:30:05:42:40:62:df:84:91:25:8f:
         1a:b2:ce:fe:68:8e:3f:36:19:e1:ca:51:02:5b:0a:a0:f5:86:
         db:35:83:0d:9f:ee:c4:e1:f3:0f:db:4e:47:b0:85:05:38:85:
         25:0b:10:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ZFXTylRpT19jJm2cyuvlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMzIzMDUwNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGFhZjM5NzliMDBhZGQzOGRjN2NkMTkxN2RlZDJhZTUxZWM2YzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHhAmFOGcIlHx5EuCJYCQGv4KXWz
pk8Zwk/F5bSntdj+m7jzctLRR3e03DMAY0q6YYGfIJ9wpTJbhRrWPI0h8/SHGAmV
fHOPnXVHt29Haww4n9dcLAfRaOH+i4Xbml8sqtRH3iAGp8m91vE1JX1uQz0VafY9
wTNBjAzZQj9x8dfNT4AE46TFwOQFGYxAQt9r6+Y1PkOKsTKmwpqsxa53leAS6WsP
9LgC5pDeQC9jK2Y2vOf9Z/wAjQD6CB0bM0DjSsqowlFabjq0debLE57nH04a5J6b
GmzRu5B6JoMP4mAuiSuXYPwTejRNGFObzds/mLA7BCW68unFNBfm2pQOFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiq85ebAK3TjcfNGRfe0q5R7GwfMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvbUtyemw1c0FyZE9OeDgwWkY5N1NybEhzYkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgjKMA0G
CSqGSIb3DQEBCwUAA4IBAQAK7EHSniIbFapR5g+vNYJ2Z8QfG5JIR4KN5XEMSCr5
L/LecRbmTZ+dBeTnNrOkAWHPTDc/fFOleaCPn/7vi37bp1dopatbByHUG0rd1uKo
AxRjdttyRSiWAeBDtZSnkXGWCs1L6hk5Dwl6WSYyY6SNTH4KeUA0OMSXA9YO3F4Q
twKRrDmRxchIkWpwr854oUrf6cYCJGi4Pwcz16R4UoRdkbH6vKR05oj/mtn80DMy
GvlMl6aNBnAhPA9COqXKGcJRLwWUrWWMWs+Bm0eyMjAFQkBi34SRJY8ass7+aI4/
NhnhylECWwqg9YbbNYMNn+7E4fMP205HsIUFOIUlCxAY
-----END CERTIFICATE-----