Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/mn_AZLEAiiU2qaQy6aQbNLhTx3M.roa
File:                     mn_AZLEAiiU2qaQy6aQbNLhTx3M.roa (raw, json)
Hash identifier:          tI/D+AW7xVeXQ1wV3rmgIy+tmP/yt57p+h1QtJmdkzA=
Subject key identifier:   9A:7F:C0:64:B1:00:8A:25:36:A9:A4:32:E9:A4:1B:34:B8:53:C7:73
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0198A3A1C54F71DD8EA8467811D92123AB2D
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/mn_AZLEAiiU2qaQy6aQbNLhTx3M.roa
Signing time:             Wed 13 Aug 2025 13:32:24 +0000
ROA not before:           Wed 13 Aug 2025 13:32:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210705
IP address blocks:        178.239.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:a1:c5:4f:71:dd:8e:a8:46:78:11:d9:21:23:ab:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Aug 13 13:32:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a7fc064b1008a2536a9a432e9a41b34b853c773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:2c:bf:3a:ca:74:a6:ca:0b:59:7a:65:c2:40:
                    aa:3b:e1:b3:b0:3d:7c:14:3c:1f:5f:4e:a6:fe:d3:
                    6d:3b:2d:e9:3f:5f:b4:67:a5:d9:4a:1a:98:27:ae:
                    cb:3f:5a:24:2a:26:b6:46:87:d3:3d:3b:a6:6e:d9:
                    eb:3a:9e:c2:fb:f9:ef:32:28:21:1b:bb:95:84:7d:
                    94:7d:12:e8:ff:0c:90:24:49:94:ff:44:25:dc:62:
                    71:8e:29:18:1b:61:1e:7b:de:11:9e:a8:15:7f:db:
                    7a:72:13:b5:07:45:b5:bf:f3:7e:aa:8e:04:f0:35:
                    2e:45:64:98:2c:d9:26:53:d1:89:eb:c3:1f:10:d9:
                    ee:e9:c1:f9:34:e8:4f:c3:65:14:dd:9e:c9:a8:7b:
                    7f:e9:76:e1:ba:01:73:91:a9:59:2c:1e:76:19:73:
                    a0:86:05:6b:18:eb:34:84:b0:86:c7:61:67:15:1b:
                    ed:07:22:34:17:cd:1f:a6:13:fa:9b:00:4d:13:5c:
                    ce:ed:7f:8c:ec:b5:20:4d:a9:04:03:72:f7:74:f2:
                    2c:28:89:83:bc:a0:6e:35:6b:e8:09:24:21:e4:55:
                    2e:3e:cc:1b:2e:08:9c:b6:9d:98:84:f5:e8:3a:b1:
                    f7:35:70:ff:1e:50:8c:7d:39:9b:c1:04:f0:6e:0f:
                    c7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:7F:C0:64:B1:00:8A:25:36:A9:A4:32:E9:A4:1B:34:B8:53:C7:73
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/mn_AZLEAiiU2qaQy6aQbNLhTx3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:7c:4c:6e:e8:fa:b4:b8:8d:a2:b2:15:f8:fb:1c:53:d0:16:
         44:23:29:58:80:a2:6c:76:e0:c9:2c:42:60:a5:e2:98:9a:f6:
         47:6e:ec:e1:ef:11:f8:8a:68:83:dd:5a:f3:fa:39:64:38:d1:
         89:70:95:20:d4:d7:fc:0e:5d:3e:1b:14:89:08:9b:5c:c0:1a:
         69:f6:8f:e7:5b:c8:a0:a8:e5:8e:b8:e0:12:cf:ee:1d:86:d6:
         0d:08:55:34:c7:3d:e1:61:a6:66:94:fa:3d:37:0a:cf:07:19:
         e8:dd:e4:c6:16:35:1e:bf:8e:88:8b:ea:20:b6:76:e0:ff:b8:
         b3:d4:00:33:fd:1e:8a:1d:b8:72:bc:7f:20:ed:eb:ac:19:63:
         57:ca:a3:4f:47:af:ea:41:fe:3d:25:f2:75:62:18:90:71:58:
         f8:ee:94:cc:91:7e:ed:db:51:3a:22:b5:fd:9b:ae:91:a7:0a:
         79:1f:85:bb:1c:c4:aa:6f:90:5f:5f:48:0b:33:0a:cc:18:cd:
         0f:2c:c4:39:45:8a:a9:d2:d8:b0:7f:40:37:e0:97:82:71:62:
         de:48:8f:e2:c7:93:6f:16:e6:d9:4e:99:11:b9:e6:fa:69:da:
         78:97:56:7c:b6:4d:e2:67:ce:48:b7:62:58:81:92:50:52:5e:
         39:b5:41:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZijocVPcd2OqEZ4EdkhI6stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwODEzMTMzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTdmYzA2NGIxMDA4YTI1MzZhOWE0MzJlOWE0MWIzNGI4NTNjNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Sy/Osp0psoLWXplwkCqO+GzsD18
FDwfX06m/tNtOy3pP1+0Z6XZShqYJ67LP1okKia2RofTPTumbtnrOp7C+/nvMigh
G7uVhH2UfRLo/wyQJEmU/0Ql3GJxjikYG2Eee94RnqgVf9t6chO1B0W1v/N+qo4E
8DUuRWSYLNkmU9GJ68MfENnu6cH5NOhPw2UU3Z7JqHt/6XbhugFzkalZLB52GXOg
hgVrGOs0hLCGx2FnFRvtByI0F80fphP6mwBNE1zO7X+M7LUgTakEA3L3dPIsKImD
vKBuNWvoCSQh5FUuPswbLgictp2YhPXoOrH3NXD/HlCMfTmbwQTwbg/HtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJp/wGSxAIolNqmkMumkGzS4U8dzMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvbW5fQVpMRUFpaVUycWFReTZhUWJOTGhUeDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+VMA0G
CSqGSIb3DQEBCwUAA4IBAQBPfExu6Pq0uI2ishX4+xxT0BZEIylYgKJsduDJLEJg
peKYmvZHbuzh7xH4imiD3Vrz+jlkONGJcJUg1Nf8Dl0+GxSJCJtcwBpp9o/nW8ig
qOWOuOASz+4dhtYNCFU0xz3hYaZmlPo9NwrPBxno3eTGFjUev46Ii+ogtnbg/7iz
1AAz/R6KHbhyvH8g7eusGWNXyqNPR6/qQf49JfJ1YhiQcVj47pTMkX7t21E6IrX9
m66Rpwp5H4W7HMSqb5BfX0gLMwrMGM0PLMQ5RYqp0tiwf0A34JeCcWLeSI/ix5Nv
FubZTpkRueb6adp4l1Z8tk3iZ85It2JYgZJQUl45tUEK
-----END CERTIFICATE-----