Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/C-MSWSvm3OTDVE2duSkWpMXE84E.roa
File:                     C-MSWSvm3OTDVE2duSkWpMXE84E.roa (raw, json)
Hash identifier:          jsquoK9AtIVVBU3de8ie3Hiws/uN+v3GJ1XNGw6m0Ug=
Subject key identifier:   0B:E3:12:59:2B:E6:DC:E4:C3:54:4D:9D:B9:29:16:A4:C5:C4:F3:81
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       01988A0B2C48D890000FD1FBF80AA0F140CE
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/C-MSWSvm3OTDVE2duSkWpMXE84E.roa
Signing time:             Fri 08 Aug 2025 14:17:24 +0000
ROA not before:           Fri 08 Aug 2025 14:17:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210734
IP address blocks:        80.71.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8a:0b:2c:48:d8:90:00:0f:d1:fb:f8:0a:a0:f1:40:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Aug  8 14:17:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0be312592be6dce4c3544d9db92916a4c5c4f381
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:08:5d:3a:2b:ad:81:0e:8c:94:cf:af:34:bc:
                    c0:12:b3:00:8a:7e:72:aa:0d:9c:d2:e8:6d:f5:00:
                    ed:f4:d7:d9:4b:74:5a:ba:af:20:56:14:d9:13:9d:
                    dc:d9:a7:90:99:49:3f:b0:bf:c4:dd:39:4a:86:47:
                    0e:7c:bc:c7:93:84:25:a5:8a:4e:e3:03:a6:09:16:
                    85:0a:81:6d:e8:c3:08:e8:b5:bf:92:3c:75:86:1b:
                    7c:b5:74:e1:92:54:75:58:73:ca:01:f1:d6:6b:17:
                    b7:15:da:46:08:8f:3b:c2:19:70:c7:ca:4d:f2:ab:
                    b1:93:db:c4:de:54:31:52:c1:6b:04:6b:3a:3d:6a:
                    e2:04:ec:e5:6b:4f:8b:13:64:a9:22:82:6a:b4:77:
                    b8:d6:6a:37:92:ab:10:c1:6c:4a:23:89:cb:22:2d:
                    15:7b:b1:06:ef:89:f9:d8:97:33:59:e9:ff:2c:94:
                    db:5c:e3:34:5f:3e:02:e3:93:b7:9d:fb:cc:f6:53:
                    51:e7:76:af:b1:6a:3c:bb:5f:fa:f7:5f:b7:da:7d:
                    67:f8:39:36:5f:25:9b:ba:d4:55:9d:09:c6:8c:0a:
                    99:f9:81:65:ce:de:a2:11:51:f9:96:a6:f1:c4:e0:
                    be:25:6c:42:0c:79:d2:68:5a:2e:9b:60:17:0b:84:
                    58:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E3:12:59:2B:E6:DC:E4:C3:54:4D:9D:B9:29:16:A4:C5:C4:F3:81
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/C-MSWSvm3OTDVE2duSkWpMXE84E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:b0:f4:33:76:30:28:78:58:62:cf:9a:0f:16:0b:29:f5:91:
         ba:c5:58:6e:73:b5:e8:a4:c1:b0:f8:7f:53:b9:7f:52:a8:cf:
         d6:32:13:e2:7e:a7:a9:c1:2b:5a:20:3f:25:22:d4:3e:34:95:
         d2:74:a0:61:13:a6:0e:69:5e:ec:b3:8d:10:aa:a3:4f:ee:e3:
         a5:87:a4:87:c8:c4:04:f1:97:20:a2:61:c5:f1:b2:3c:a0:27:
         35:ce:aa:64:d3:1e:70:06:51:79:09:a0:c7:9d:cc:49:e1:64:
         0c:b9:7e:7f:67:76:26:4d:93:54:6e:fd:20:60:cb:74:5f:cc:
         31:6a:0f:9a:5f:d8:f6:ca:15:2d:4f:10:f8:84:c1:2d:09:d6:
         35:1b:9c:04:1a:73:39:b5:4b:3d:fa:73:a9:f4:9c:35:9f:cc:
         2b:25:fa:2a:93:ab:de:39:cf:e6:88:c9:31:93:a1:8f:c4:cf:
         d2:eb:89:13:9a:3f:f9:2c:06:d3:5a:ca:76:f4:10:3d:77:b0:
         53:6d:62:bd:72:a3:11:09:f7:b1:cf:9c:4f:2a:2d:58:b4:a8:
         98:4d:c8:fd:b5:03:7b:e1:57:1e:fa:fe:45:9b:cf:f0:c8:6e:
         0b:e5:ca:5d:05:c9:f1:b2:da:91:60:fb:37:f2:6d:8a:30:ba:
         ab:73:5e:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiKCyxI2JAAD9H7+Aqg8UDOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjUwODA4MTQxNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmUzMTI1OTJiZTZkY2U0YzM1NDRkOWRiOTI5MTZhNGM1YzRmMzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwhdOiutgQ6MlM+vNLzAErMAin5y
qg2c0uht9QDt9NfZS3Rauq8gVhTZE53c2aeQmUk/sL/E3TlKhkcOfLzHk4QlpYpO
4wOmCRaFCoFt6MMI6LW/kjx1hht8tXThklR1WHPKAfHWaxe3FdpGCI87whlwx8pN
8quxk9vE3lQxUsFrBGs6PWriBOzla0+LE2SpIoJqtHe41mo3kqsQwWxKI4nLIi0V
e7EG74n52JczWen/LJTbXOM0Xz4C45O3nfvM9lNR53avsWo8u1/691+32n1n+Dk2
XyWbutRVnQnGjAqZ+YFlzt6iEVH5lqbxxOC+JWxCDHnSaFoum2AXC4RYkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvjElkr5tzkw1RNnbkpFqTFxPOBMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvQy1NU1dTdm0zT1REVkUyZHVTa1dwTVhFODRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEflMA0G
CSqGSIb3DQEBCwUAA4IBAQAusPQzdjAoeFhiz5oPFgsp9ZG6xVhuc7XopMGw+H9T
uX9SqM/WMhPifqepwStaID8lItQ+NJXSdKBhE6YOaV7ss40QqqNP7uOlh6SHyMQE
8ZcgomHF8bI8oCc1zqpk0x5wBlF5CaDHncxJ4WQMuX5/Z3YmTZNUbv0gYMt0X8wx
ag+aX9j2yhUtTxD4hMEtCdY1G5wEGnM5tUs9+nOp9Jw1n8wrJfoqk6veOc/miMkx
k6GPxM/S64kTmj/5LAbTWsp29BA9d7BTbWK9cqMRCfexz5xPKi1YtKiYTcj9tQN7
4Vce+v5Fm8/wyG4L5cpdBcnxstqRYPs38m2KMLqrc14S
-----END CERTIFICATE-----