Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/a071aa-550b-4e18-99ed-0508a2bb47ac/1/MLxgcAFNN-a_n0hgMIOfT5C141o.roa
File:                     MLxgcAFNN-a_n0hgMIOfT5C141o.roa (raw, json)
Hash identifier:          ewiYdgPU3ZjjkZdT9FRRd/GKYeBkT/vZjdgs+F+3aZo=
Subject key identifier:   30:BC:60:70:01:4D:37:E6:BF:9F:48:60:30:83:9F:4F:90:B5:E3:5A
Certificate issuer:       /CN=b1f5bbaa051980bd4811b6655a0f95db36127809
Certificate serial:       019778FBCEC950433AB8575B0EBC2809D3F1
Authority key identifier: B1:F5:BB:AA:05:19:80:BD:48:11:B6:65:5A:0F:95:DB:36:12:78:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sfW7qgUZgL1IEbZlWg-V2zYSeAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/a071aa-550b-4e18-99ed-0508a2bb47ac/1/MLxgcAFNN-a_n0hgMIOfT5C141o.roa
Signing time:             Mon 16 Jun 2025 13:44:17 +0000
ROA not before:           Mon 16 Jun 2025 13:44:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207358
IP address blocks:        193.150.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/a071aa-550b-4e18-99ed-0508a2bb47ac/1/sfW7qgUZgL1IEbZlWg-V2zYSeAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/a071aa-550b-4e18-99ed-0508a2bb47ac/1/sfW7qgUZgL1IEbZlWg-V2zYSeAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sfW7qgUZgL1IEbZlWg-V2zYSeAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:fb:ce:c9:50:43:3a:b8:57:5b:0e:bc:28:09:d3:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1f5bbaa051980bd4811b6655a0f95db36127809
        Validity
            Not Before: Jun 16 13:44:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30bc6070014d37e6bf9f486030839f4f90b5e35a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:63:84:ee:af:1d:90:36:22:ef:94:70:4e:5a:
                    dd:9e:87:f0:76:4a:54:0a:93:a1:27:71:30:7c:54:
                    03:e9:1e:b9:4d:a3:4a:98:df:41:23:20:08:ce:ba:
                    9a:b1:d1:b1:11:df:45:05:77:36:f0:78:77:26:00:
                    66:de:58:c6:ab:a9:57:cb:90:77:09:75:db:de:70:
                    8c:32:d1:22:99:2f:2d:10:25:a4:3f:1a:b9:40:21:
                    6e:f0:19:f1:da:b6:68:0e:79:76:41:10:21:93:e5:
                    87:03:e3:cf:df:a9:dc:d1:47:e2:dc:e1:55:32:2b:
                    1d:cd:a4:b1:59:e8:6a:a0:4a:6d:11:23:26:2a:88:
                    b4:e7:9e:0f:26:e2:93:91:fc:a8:cb:0a:66:cd:fb:
                    23:1c:3c:e3:c0:91:11:db:90:a7:c7:4c:09:f8:f2:
                    97:a1:8e:e3:fb:7f:af:0d:9b:2e:56:72:ca:f7:92:
                    be:21:8a:f3:ba:e7:2f:cf:d0:16:3a:65:ed:fe:c0:
                    74:5c:cd:49:19:3b:0d:83:18:a1:74:a9:eb:4e:90:
                    b5:58:72:83:09:4a:4e:61:29:aa:d1:e6:55:20:ff:
                    ff:2a:2b:de:a5:f2:c5:78:78:d6:ad:73:f3:85:b7:
                    9e:75:ab:da:02:b6:93:54:f1:e2:5f:43:f8:65:03:
                    5f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:BC:60:70:01:4D:37:E6:BF:9F:48:60:30:83:9F:4F:90:B5:E3:5A
            X509v3 Authority Key Identifier:
                keyid:B1:F5:BB:AA:05:19:80:BD:48:11:B6:65:5A:0F:95:DB:36:12:78:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sfW7qgUZgL1IEbZlWg-V2zYSeAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/a071aa-550b-4e18-99ed-0508a2bb47ac/1/MLxgcAFNN-a_n0hgMIOfT5C141o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/a071aa-550b-4e18-99ed-0508a2bb47ac/1/sfW7qgUZgL1IEbZlWg-V2zYSeAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:7f:37:c8:59:ef:6b:2e:5b:1e:99:c9:a8:a7:d4:4f:0e:05:
         69:d4:2a:2c:45:0f:03:70:7c:b4:93:c9:02:0d:ce:3f:eb:60:
         58:5c:7b:21:6a:b8:42:1f:b0:9b:50:21:0c:2d:24:f4:07:79:
         52:89:48:52:f0:4b:65:28:ff:fc:69:6e:0f:ed:9d:a7:0e:2b:
         44:16:8b:9a:c7:fe:74:75:fc:d2:1a:70:28:68:93:e8:8a:dc:
         7f:33:cc:46:33:85:86:d5:ff:4f:03:82:af:49:de:6e:d4:c2:
         28:2f:2b:e6:04:46:9a:f0:a8:00:2a:bf:a5:3e:d3:a1:73:25:
         9f:3b:b9:73:83:99:38:b2:f4:75:cb:e3:c7:a0:35:a6:dc:02:
         2d:75:d5:49:b3:f1:78:ca:d4:56:d2:be:ae:7b:be:db:70:53:
         79:5f:89:d3:55:a7:53:74:8a:7a:bf:a8:47:95:df:31:f7:fc:
         7f:9f:57:23:0a:8e:c7:18:af:d1:4d:d5:a3:6a:90:31:83:be:
         76:cf:e4:ff:67:2c:35:97:c5:f8:c9:8c:0f:66:80:b0:d1:34:
         ef:5f:ed:50:41:16:06:73:20:fd:cc:54:c1:4e:dd:09:20:62:
         f1:c7:51:6f:9f:ba:0e:2e:fa:65:59:ac:00:c9:cd:31:19:7c:
         a2:96:ec:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd4+87JUEM6uFdbDrwoCdPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZjViYmFhMDUxOTgwYmQ0ODExYjY2NTVhMGY5NWRiMzYx
Mjc4MDkwHhcNMjUwNjE2MTM0NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGJjNjA3MDAxNGQzN2U2YmY5ZjQ4NjAzMDgzOWY0ZjkwYjVlMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GOE7q8dkDYi75RwTlrdnofwdkpU
CpOhJ3EwfFQD6R65TaNKmN9BIyAIzrqasdGxEd9FBXc28Hh3JgBm3ljGq6lXy5B3
CXXb3nCMMtEimS8tECWkPxq5QCFu8Bnx2rZoDnl2QRAhk+WHA+PP36nc0Ufi3OFV
MisdzaSxWehqoEptESMmKoi0554PJuKTkfyoywpmzfsjHDzjwJER25Cnx0wJ+PKX
oY7j+3+vDZsuVnLK95K+IYrzuucvz9AWOmXt/sB0XM1JGTsNgxihdKnrTpC1WHKD
CUpOYSmq0eZVIP//KivepfLFeHjWrXPzhbeedavaAraTVPHiX0P4ZQNfFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDC8YHABTTfmv59IYDCDn0+QteNaMB8GA1UdIwQY
MBaAFLH1u6oFGYC9SBG2ZVoPlds2EngJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2ZXN3FnVVpnTDFJRWJabFdnLVYyellTZUFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9hMDcxYWEtNTUwYi00ZTE4LTk5ZWQt
MDUwOGEyYmI0N2FjLzEvTUx4Z2NBRk5OLWFfbjBoZ01JT2ZUNUMxNDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9hMDcxYWEtNTUwYi00ZTE4LTk5ZWQtMDUwOGEyYmI0N2Fj
LzEvc2ZXN3FnVVpnTDFJRWJabFdnLVYyellTZUFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZapMA0G
CSqGSIb3DQEBCwUAA4IBAQCGfzfIWe9rLlsemcmop9RPDgVp1CosRQ8DcHy0k8kC
Dc4/62BYXHsharhCH7CbUCEMLST0B3lSiUhS8EtlKP/8aW4P7Z2nDitEFouax/50
dfzSGnAoaJPoitx/M8xGM4WG1f9PA4KvSd5u1MIoLyvmBEaa8KgAKr+lPtOhcyWf
O7lzg5k4svR1y+PHoDWm3AItddVJs/F4ytRW0r6ue77bcFN5X4nTVadTdIp6v6hH
ld8x9/x/n1cjCo7HGK/RTdWjapAxg752z+T/Zyw1l8X4yYwPZoCw0TTvX+1QQRYG
cyD9zFTBTt0JIGLxx1Fvn7oOLvplWawAyc0xGXyiluzM
-----END CERTIFICATE-----