Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/MPC4WGBwWzUKQ4MIf9vheq3ljf8.roa
File:                     MPC4WGBwWzUKQ4MIf9vheq3ljf8.roa (raw, json)
Hash identifier:          X1yT4PQqSCT8h7K1UyGvzdMze10lM3EBcX0jmIp7dhY=
Subject key identifier:   30:F0:B8:58:60:70:5B:35:0A:43:83:08:7F:DB:E1:7A:AD:E5:8D:FF
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       0199DC656DC76D4B8A6355F914A395111AF1
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/MPC4WGBwWzUKQ4MIf9vheq3ljf8.roa
Signing time:             Mon 13 Oct 2025 07:07:38 +0000
ROA not before:           Mon 13 Oct 2025 07:07:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        80.246.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:65:6d:c7:6d:4b:8a:63:55:f9:14:a3:95:11:1a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Oct 13 07:07:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30f0b85860705b350a4383087fdbe17aade58dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:04:71:ab:b5:d9:03:ed:bd:d1:9c:5c:17:1e:
                    d2:ed:b0:69:14:82:8e:47:37:80:d0:82:ef:fc:fc:
                    e7:6c:62:85:18:96:3e:06:3e:9e:95:84:d4:29:89:
                    a0:a8:6b:0f:d5:44:1b:bc:0e:f7:63:0c:63:81:46:
                    44:03:26:1a:71:fe:f3:65:70:88:92:a8:44:cc:21:
                    37:04:3c:e3:ae:d6:77:5a:5d:45:86:9a:7f:1d:37:
                    77:88:37:44:4a:f1:f7:68:93:45:ac:c5:76:14:15:
                    50:22:71:47:e5:0b:bb:e9:d9:49:08:7e:4d:cb:95:
                    c3:89:4b:13:39:a3:92:7d:3e:1b:56:09:02:50:97:
                    fa:83:ca:4e:32:62:82:4f:f2:e6:de:69:39:5b:2f:
                    9d:49:cd:72:b3:6f:22:ab:b4:64:26:54:a5:59:c5:
                    72:8b:7b:ac:61:e0:25:d9:fa:0c:34:4e:59:19:a9:
                    02:61:e0:41:ee:f1:ab:25:4f:d2:fd:f6:5b:bb:96:
                    64:08:9c:43:04:00:0d:3d:d0:07:3c:87:92:18:82:
                    c8:a3:12:cd:4e:52:51:e9:82:39:fb:95:2f:e9:2d:
                    79:ad:e5:f6:1e:aa:04:aa:e5:d3:b4:3e:89:af:40:
                    37:7b:07:cd:a6:ff:30:bf:02:fb:4b:a2:78:c6:c0:
                    e3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F0:B8:58:60:70:5B:35:0A:43:83:08:7F:DB:E1:7A:AD:E5:8D:FF
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/MPC4WGBwWzUKQ4MIf9vheq3ljf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:95:3e:7a:60:4a:9c:a1:81:04:b8:ee:5e:5b:52:b8:95:5c:
         91:dd:35:10:84:49:db:63:ec:59:6e:86:01:86:d2:7e:37:0c:
         51:cc:dd:22:90:16:b7:7a:2a:aa:a3:f6:18:c2:9b:e7:61:e2:
         39:37:ec:2b:c6:fa:05:af:65:a5:18:09:4b:03:a3:70:41:48:
         81:20:ea:39:9d:ca:27:5a:5a:0c:ed:c1:b9:80:17:63:6b:d5:
         c0:a1:8f:b1:40:ec:02:f8:cb:bd:ff:45:69:75:98:05:68:ad:
         fd:97:7b:24:16:60:1b:10:bf:ec:28:78:35:6b:30:ea:75:57:
         60:05:34:ae:c4:b6:99:8b:2a:7f:22:d0:01:aa:df:a3:25:d2:
         09:2b:24:f8:11:a9:98:a2:12:6c:2c:01:97:58:bf:0e:30:aa:
         e2:2b:05:d4:65:27:b0:98:a8:35:b5:07:9c:aa:c0:1a:c6:c3:
         25:63:ee:04:72:ca:23:05:94:45:4b:68:d6:8f:28:27:88:5a:
         07:21:de:af:ce:72:44:6a:a2:8d:6e:3e:75:08:15:a0:81:08:
         80:d6:d5:4b:18:6e:e4:08:97:c8:97:f4:74:fa:71:76:8d:db:
         3c:bd:03:e3:d7:6d:ee:a6:f5:f4:49:b5:01:82:b6:bd:16:e5:
         5d:78:fc:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZncZW3HbUuKY1X5FKOVERrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUxMDEzMDcwNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGYwYjg1ODYwNzA1YjM1MGE0MzgzMDg3ZmRiZTE3YWFkZTU4ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwRxq7XZA+290ZxcFx7S7bBpFIKO
RzeA0ILv/PznbGKFGJY+Bj6elYTUKYmgqGsP1UQbvA73YwxjgUZEAyYacf7zZXCI
kqhEzCE3BDzjrtZ3Wl1Fhpp/HTd3iDdESvH3aJNFrMV2FBVQInFH5Qu76dlJCH5N
y5XDiUsTOaOSfT4bVgkCUJf6g8pOMmKCT/Lm3mk5Wy+dSc1ys28iq7RkJlSlWcVy
i3usYeAl2foMNE5ZGakCYeBB7vGrJU/S/fZbu5ZkCJxDBAANPdAHPIeSGILIoxLN
TlJR6YI5+5Uv6S15reX2HqoEquXTtD6Jr0A3ewfNpv8wvwL7S6J4xsDjRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDwuFhgcFs1CkODCH/b4Xqt5Y3/MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvTVBDNFdHQndXelVLUTRNSWY5dmhlcTNsamY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUPboMA0G
CSqGSIb3DQEBCwUAA4IBAQCVlT56YEqcoYEEuO5eW1K4lVyR3TUQhEnbY+xZboYB
htJ+NwxRzN0ikBa3eiqqo/YYwpvnYeI5N+wrxvoFr2WlGAlLA6NwQUiBIOo5ncon
WloM7cG5gBdja9XAoY+xQOwC+Mu9/0VpdZgFaK39l3skFmAbEL/sKHg1azDqdVdg
BTSuxLaZiyp/ItABqt+jJdIJKyT4EamYohJsLAGXWL8OMKriKwXUZSewmKg1tQec
qsAaxsMlY+4EcsojBZRFS2jWjygniFoHId6vznJEaqKNbj51CBWggQiA1tVLGG7k
CJfIl/R0+nF2jds8vQPj123upvX0SbUBgra9FuVdePwA
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:16 2025 by rpki-client