Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/MGVL3PWcg672eUJnE3OmpM02shQ.roa
File:                     MGVL3PWcg672eUJnE3OmpM02shQ.roa (raw, json)
Hash identifier:          jaWN7PLFw0laWd8mU2a0x2xqPQpnAcAJ/82ZDzopnzE=
Subject key identifier:   30:65:4B:DC:F5:9C:83:AE:F6:79:42:67:13:73:A6:A4:CD:36:B2:14
Certificate issuer:       /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial:       0198A4126162B8B74CA328FC7087E2176E0C
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/MGVL3PWcg672eUJnE3OmpM02shQ.roa
Signing time:             Wed 13 Aug 2025 15:35:24 +0000
ROA not before:           Wed 13 Aug 2025 15:35:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139648
IP address blocks:        45.67.53.0/24 maxlen: 24
                          45.67.54.0/24 maxlen: 24
                          194.156.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:12:61:62:b8:b7:4c:a3:28:fc:70:87:e2:17:6e:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
        Validity
            Not Before: Aug 13 15:35:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30654bdcf59c83aef67942671373a6a4cd36b214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8e:35:36:3b:0a:a2:25:16:2d:bd:d1:0b:55:
                    ff:3f:e9:a2:11:79:49:28:53:b5:0a:be:e4:d0:9d:
                    da:71:f2:3b:53:00:da:d7:a9:25:e2:db:b5:1c:45:
                    0d:10:c8:5a:e3:d0:27:05:5b:72:c1:42:f9:39:33:
                    a4:65:a5:b9:f9:8e:c1:86:d3:05:e0:d7:f5:7c:4e:
                    7d:df:0a:3a:0a:02:4f:fb:2d:80:87:90:20:ce:0d:
                    a6:6c:12:59:21:fe:89:43:42:cc:cf:e6:2c:35:82:
                    42:ed:dd:f3:58:7f:2f:5f:97:ef:bd:2c:b8:01:6c:
                    5d:9c:1b:ef:34:e7:70:1d:29:b6:95:ce:37:75:66:
                    00:45:70:42:e7:66:ee:33:ac:20:8d:69:41:3e:c7:
                    b7:df:87:ca:7e:a1:56:4f:00:c2:a7:12:91:c2:4f:
                    45:d6:b3:6d:7a:dd:b6:80:0e:dd:ff:e9:fd:80:2f:
                    03:c2:45:79:03:05:76:19:6b:21:6c:cc:78:6f:31:
                    76:41:c9:9e:87:1f:0e:e4:f4:5d:c7:cc:56:55:f2:
                    02:da:82:c2:57:eb:59:68:8f:e6:d0:06:c6:0f:00:
                    cf:88:0a:89:e1:25:65:5f:c7:18:cc:4a:67:6a:e7:
                    13:fd:05:00:26:06:ab:ad:71:df:07:56:23:6b:ee:
                    4d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:65:4B:DC:F5:9C:83:AE:F6:79:42:67:13:73:A6:A4:CD:36:B2:14
            X509v3 Authority Key Identifier:
                keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/MGVL3PWcg672eUJnE3OmpM02shQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.53.0-45.67.54.255
                  194.156.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:5c:b6:38:f0:42:1f:a5:b8:d0:49:8d:03:f8:58:fa:38:1b:
         9f:5f:3d:52:45:1c:bf:b6:a2:23:db:f5:f1:8d:2e:ba:d6:41:
         a0:ce:59:68:ff:76:3a:df:65:f8:3e:19:75:cb:8f:84:42:91:
         7a:fc:ec:50:2f:db:79:7f:6c:06:dd:31:79:38:b3:ff:c5:cf:
         95:22:57:ef:55:81:66:c0:a1:a9:8f:4c:88:f9:51:e5:a5:74:
         19:e3:bb:75:ce:3f:08:df:88:02:8e:1b:8d:42:a0:c9:54:11:
         3d:d0:af:41:9c:da:91:f5:f9:c9:47:ae:d1:d2:cb:56:e1:8a:
         ae:26:45:32:8d:e5:e3:df:e7:64:9a:12:da:12:55:58:60:36:
         17:49:6a:66:35:42:b5:31:82:b7:b9:b6:75:97:2e:b0:7f:dc:
         4c:4a:5c:74:48:e1:95:60:a0:7e:a7:01:97:ba:0f:c7:51:14:
         ef:34:0d:0f:49:30:46:0f:07:76:1a:03:86:da:c2:bc:1b:9e:
         32:a2:31:60:10:4a:2b:79:f9:6a:f7:0f:83:e6:2a:fc:1d:48:
         6d:7d:f2:41:d2:4a:55:48:00:19:f2:ea:f2:d7:20:b7:f6:06:
         fc:39:93:4d:e2:3d:8f:58:0f:78:f7:4c:df:e0:f0:7c:62:a3:
         13:86:a2:6b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZikEmFiuLdMoyj8cIfiF24MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjUwODEzMTUzNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDY1NGJkY2Y1OWM4M2FlZjY3OTQyNjcxMzczYTZhNGNkMzZiMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuo41NjsKoiUWLb3RC1X/P+miEXlJ
KFO1Cr7k0J3acfI7UwDa16kl4tu1HEUNEMha49AnBVtywUL5OTOkZaW5+Y7BhtMF
4Nf1fE593wo6CgJP+y2Ah5Agzg2mbBJZIf6JQ0LMz+YsNYJC7d3zWH8vX5fvvSy4
AWxdnBvvNOdwHSm2lc43dWYARXBC52buM6wgjWlBPse334fKfqFWTwDCpxKRwk9F
1rNtet22gA7d/+n9gC8DwkV5AwV2GWshbMx4bzF2Qcmehx8O5PRdx8xWVfIC2oLC
V+tZaI/m0AbGDwDPiAqJ4SVlX8cYzEpnaucT/QUAJgarrXHfB1Yja+5N/wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDBlS9z1nIOu9nlCZxNzpqTNNrIUMB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvTUdWTDNQV2NnNjcyZVVKbkUzT21wTTAyc2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtQzUD
BAAtQzYDBADCnOcwDQYJKoZIhvcNAQELBQADggEBAA9ctjjwQh+luNBJjQP4WPo4
G59fPVJFHL+2oiPb9fGNLrrWQaDOWWj/djrfZfg+GXXLj4RCkXr87FAv23l/bAbd
MXk4s//Fz5UiV+9VgWbAoamPTIj5UeWldBnju3XOPwjfiAKOG41CoMlUET3Qr0Gc
2pH1+clHrtHSy1bhiq4mRTKN5ePf52SaEtoSVVhgNhdJamY1QrUxgre5tnWXLrB/
3ExKXHRI4ZVgoH6nAZe6D8dRFO80DQ9JMEYPB3YaA4bawrwbnjKiMWAQSit5+Wr3
D4PmKvwdSG198kHSSlVIABny6vLXILf2Bvw5k03iPY9YD3j3TN/g8HxioxOGoms=
-----END CERTIFICATE-----