Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/mlu6XIXNKNHqGWfvXZrW1IO6Mng.roa
File:                     mlu6XIXNKNHqGWfvXZrW1IO6Mng.roa (raw, json)
Hash identifier:          q1iBqwACk42VM5awfXg78+LQaSKbxFwEqGdC0JqAxjQ=
Subject key identifier:   9A:5B:BA:5C:85:CD:28:D1:EA:19:67:EF:5D:9A:D6:D4:83:BA:32:78
Certificate issuer:       /CN=f5fde72bf5a00bdec4d1efdd7d02029ee79e4720
Certificate serial:       01994C588D1E96DC3E01D1CE13CA8D731621
Authority key identifier: F5:FD:E7:2B:F5:A0:0B:DE:C4:D1:EF:DD:7D:02:02:9E:E7:9E:47:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9f3nK_WgC97E0e_dfQICnueeRyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/mlu6XIXNKNHqGWfvXZrW1IO6Mng.roa
Signing time:             Mon 15 Sep 2025 07:48:15 +0000
ROA not before:           Mon 15 Sep 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        195.254.170.0/24 maxlen: 24
                          195.254.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/9f3nK_WgC97E0e_dfQICnueeRyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/9f3nK_WgC97E0e_dfQICnueeRyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9f3nK_WgC97E0e_dfQICnueeRyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4c:58:8d:1e:96:dc:3e:01:d1:ce:13:ca:8d:73:16:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fde72bf5a00bdec4d1efdd7d02029ee79e4720
        Validity
            Not Before: Sep 15 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a5bba5c85cd28d1ea1967ef5d9ad6d483ba3278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:85:75:8f:50:85:17:ee:40:65:eb:b7:cc:67:
                    b9:dd:05:9d:bb:7e:41:53:17:70:1a:73:32:3d:1a:
                    05:d2:b6:d4:71:75:6b:9c:a4:4c:97:cf:f2:40:33:
                    14:33:ec:a1:91:c3:e9:23:fb:e3:3c:2e:c4:0e:80:
                    9a:82:09:cd:4d:be:4f:b2:83:d6:60:2e:af:5c:52:
                    62:3c:09:f2:10:0f:c8:fd:02:20:7b:5d:be:2e:81:
                    12:f5:ff:c4:89:60:eb:a6:be:bb:f1:c5:0b:32:c0:
                    be:8c:2d:c4:e0:1b:7e:80:91:e1:0b:70:5e:6a:5f:
                    a4:70:01:e2:f0:7f:2f:ff:72:67:6a:c6:a6:b1:01:
                    f0:13:2e:86:98:2c:fd:63:bf:88:9b:82:07:2f:42:
                    f6:8a:08:83:32:29:95:80:f2:07:b9:1f:09:5c:0d:
                    36:c9:22:9c:79:a9:3f:a3:ed:b2:c5:6c:e5:ca:c3:
                    17:50:6b:c6:8b:7e:38:a1:95:a8:eb:86:b2:e5:5d:
                    a8:b6:01:2d:a3:85:9c:e1:aa:b4:77:1e:d7:c6:3b:
                    70:9d:b8:0b:ef:04:c7:d1:fc:67:3b:d6:24:67:06:
                    bd:4a:d7:71:84:5b:52:29:30:f9:fe:64:f6:f3:85:
                    12:07:c3:91:2a:cc:88:2c:b8:5a:f4:50:f7:85:57:
                    b1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:5B:BA:5C:85:CD:28:D1:EA:19:67:EF:5D:9A:D6:D4:83:BA:32:78
            X509v3 Authority Key Identifier:
                keyid:F5:FD:E7:2B:F5:A0:0B:DE:C4:D1:EF:DD:7D:02:02:9E:E7:9E:47:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f3nK_WgC97E0e_dfQICnueeRyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/mlu6XIXNKNHqGWfvXZrW1IO6Mng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/34c2e4-4e9b-4847-a8ef-0838f78c0259/1/9f3nK_WgC97E0e_dfQICnueeRyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:4b:47:84:48:d4:cf:33:5d:6d:6d:c0:ab:38:05:e2:7e:0f:
         8b:b0:4a:54:92:e3:d1:d5:57:eb:0f:c0:05:e3:08:ee:6f:e7:
         81:80:4e:01:83:b7:e1:aa:94:78:f4:35:31:e6:19:a3:3a:27:
         97:73:dc:b6:22:b4:3a:0a:e8:ad:46:07:64:96:4b:d6:a5:04:
         bb:09:51:e0:2d:9b:3f:34:7a:9a:28:ce:7c:58:be:9b:95:d7:
         d8:98:7c:9c:ee:e6:a2:dc:33:15:70:1e:cc:ed:19:54:96:da:
         48:a0:9e:67:63:16:8b:1d:67:6b:87:92:fe:3b:c0:7c:88:10:
         83:27:8c:d4:74:05:9c:0e:54:de:1f:2f:9d:c9:b3:e2:4c:94:
         e9:0e:d4:af:7b:f5:6b:cc:74:7b:c9:92:39:1f:b7:06:19:5f:
         74:b0:f2:f8:32:bd:24:4c:7f:f0:86:39:86:73:ba:c4:2a:91:
         1c:7f:05:92:00:c7:d6:38:d5:c5:05:5d:79:6b:45:ed:bb:b4:
         88:90:5b:6f:1c:dd:be:37:f3:48:21:c1:58:5d:4e:08:2d:ae:
         f9:5d:7e:c5:b0:8b:f9:45:82:20:c8:4e:39:24:48:76:ce:79:
         78:ed:92:0c:05:3b:d2:c8:a3:b1:e0:77:64:02:32:34:61:3a:
         44:4c:cd:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlMWI0eltw+AdHOE8qNcxYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmRlNzJiZjVhMDBiZGVjNGQxZWZkZDdkMDIwMjllZTc5
ZTQ3MjAwHhcNMjUwOTE1MDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTViYmE1Yzg1Y2QyOGQxZWExOTY3ZWY1ZDlhZDZkNDgzYmEzMjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4V1j1CFF+5AZeu3zGe53QWdu35B
UxdwGnMyPRoF0rbUcXVrnKRMl8/yQDMUM+yhkcPpI/vjPC7EDoCaggnNTb5PsoPW
YC6vXFJiPAnyEA/I/QIge12+LoES9f/EiWDrpr678cULMsC+jC3E4Bt+gJHhC3Be
al+kcAHi8H8v/3JnasamsQHwEy6GmCz9Y7+Im4IHL0L2igiDMimVgPIHuR8JXA02
ySKceak/o+2yxWzlysMXUGvGi344oZWo64ay5V2otgEto4Wc4aq0dx7XxjtwnbgL
7wTH0fxnO9YkZwa9StdxhFtSKTD5/mT284USB8ORKsyILLha9FD3hVexRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpbulyFzSjR6hln712a1tSDujJ4MB8GA1UdIwQY
MBaAFPX95yv1oAvexNHv3X0CAp7nnkcgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWYzbktfV2dDOTdFMGVfZGZRSUNudWVlUnlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8zNGMyZTQtNGU5Yi00ODQ3LWE4ZWYt
MDgzOGY3OGMwMjU5LzEvbWx1NlhJWE5LTkhxR1dmdlhaclcxSU82TW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8zNGMyZTQtNGU5Yi00ODQ3LWE4ZWYtMDgzOGY3OGMwMjU5
LzEvOWYzbktfV2dDOTdFMGVfZGZRSUNudWVlUnlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/6qMA0G
CSqGSIb3DQEBCwUAA4IBAQALS0eESNTPM11tbcCrOAXifg+LsEpUkuPR1VfrD8AF
4wjub+eBgE4Bg7fhqpR49DUx5hmjOieXc9y2IrQ6CuitRgdklkvWpQS7CVHgLZs/
NHqaKM58WL6bldfYmHyc7uai3DMVcB7M7RlUltpIoJ5nYxaLHWdrh5L+O8B8iBCD
J4zUdAWcDlTeHy+dybPiTJTpDtSve/VrzHR7yZI5H7cGGV90sPL4Mr0kTH/whjmG
c7rEKpEcfwWSAMfWONXFBV15a0Xtu7SIkFtvHN2+N/NIIcFYXU4ILa75XX7FsIv5
RYIgyE45JEh2znl47ZIMBTvSyKOx4HdkAjI0YTpETM3e
-----END CERTIFICATE-----