Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/MbvNjpjECyRcmKYQMhKvn2-cFXk.roa
File:                     MbvNjpjECyRcmKYQMhKvn2-cFXk.roa (raw, json)
Hash identifier:          WtWJb8LrLp0RPiMsC1JWrlrKfuxYzc/X2LkXWsYnibQ=
Subject key identifier:   31:BB:CD:8E:98:C4:0B:24:5C:98:A6:10:32:12:AF:9F:6F:9C:15:79
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       019E0CD529DA52EE855A5D729180628691D2
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/MbvNjpjECyRcmKYQMhKvn2-cFXk.roa
Signing time:             Sat 09 May 2026 13:02:36 +0000
ROA not before:           Sat 09 May 2026 13:02:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215710
IP address blocks:        62.220.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0c:d5:29:da:52:ee:85:5a:5d:72:91:80:62:86:91:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: May  9 13:02:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31bbcd8e98c40b245c98a6103212af9f6f9c1579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8a:4f:a3:cb:09:5a:4d:77:83:55:60:73:a3:
                    4e:f3:c3:3e:a8:05:04:14:91:de:29:21:6d:fa:e4:
                    1e:fa:4f:e0:32:38:8e:9e:94:bf:98:f1:57:3a:6a:
                    4a:25:18:97:30:31:0f:d6:ec:a7:b2:71:a2:7e:46:
                    aa:43:72:9a:7e:a7:59:77:56:fd:3c:b9:52:d1:44:
                    38:cf:8d:73:59:99:78:0b:25:34:38:9d:cc:67:11:
                    aa:08:60:a3:b2:95:4b:ba:e9:20:b6:99:ad:53:bc:
                    52:0b:7b:67:12:21:d2:d0:fc:46:d4:cc:94:2f:c1:
                    9e:19:ab:98:8d:89:ee:dd:72:96:e4:91:30:ec:28:
                    25:5a:6e:f8:e1:d1:18:66:c7:2a:99:cf:6e:af:ec:
                    35:72:f8:83:be:f2:36:45:fc:bd:77:8c:de:cf:66:
                    d0:b0:35:b3:63:9f:16:04:0d:1a:ae:1a:83:31:c3:
                    f3:eb:50:2b:7e:d8:c9:36:a0:5a:e4:28:83:71:7a:
                    6a:e4:da:69:3b:f4:f0:3b:7a:3c:a9:91:70:eb:84:
                    b7:fc:d4:ad:a2:e2:8e:4f:3a:98:52:c3:e1:b5:30:
                    37:ba:1f:51:5d:9d:cf:a3:40:b6:1e:8f:3c:22:41:
                    20:2a:28:0d:90:6b:51:40:c5:cc:21:99:17:f3:58:
                    d6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:BB:CD:8E:98:C4:0B:24:5C:98:A6:10:32:12:AF:9F:6F:9C:15:79
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/MbvNjpjECyRcmKYQMhKvn2-cFXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:3b:84:7e:3d:55:11:3a:22:19:81:81:8e:55:2a:44:48:5a:
         e6:bf:70:ea:5b:d3:d5:d4:75:c1:de:3f:0f:7a:f6:6b:97:be:
         76:33:c4:38:17:f3:c0:66:39:bc:cb:6c:83:44:ed:f2:58:da:
         d2:75:ce:02:80:16:86:c6:28:f2:0e:10:8d:e0:86:1f:a3:e4:
         35:12:22:6b:f1:27:8d:27:5d:8d:0d:78:9d:9b:59:25:17:64:
         26:0a:12:5e:16:96:2d:18:48:76:ce:fe:b3:28:e4:24:c9:48:
         f6:c8:c5:a0:b6:3f:90:5f:fc:44:08:94:14:27:96:f2:4b:46:
         b9:c5:f6:9d:da:e4:ce:fc:7a:81:eb:62:c3:bb:95:ff:2c:4d:
         e1:c3:8c:1d:db:15:6a:85:d0:72:08:f8:69:88:bf:d5:41:68:
         8e:84:1b:54:6a:03:bc:dc:c8:79:68:bc:7e:96:1e:5f:dc:ed:
         0c:03:37:70:7c:fd:f2:6c:e8:c3:91:5b:e8:e9:8d:c2:f8:13:
         91:e7:62:3f:2b:e0:b8:7c:35:14:c0:ff:f0:b7:b6:b6:8d:64:
         62:dd:46:99:fb:d2:21:46:18:35:a8:c5:05:14:4e:6c:eb:bb:
         ae:55:7b:38:e7:8f:fc:50:98:21:31:6b:a6:a8:23:f7:55:8f:
         56:f7:a1:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4M1SnaUu6FWl1ykYBihpHSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjYwNTA5MTMwMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWJiY2Q4ZTk4YzQwYjI0NWM5OGE2MTAzMjEyYWY5ZjZmOWMxNTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5opPo8sJWk13g1Vgc6NO88M+qAUE
FJHeKSFt+uQe+k/gMjiOnpS/mPFXOmpKJRiXMDEP1uynsnGifkaqQ3KafqdZd1b9
PLlS0UQ4z41zWZl4CyU0OJ3MZxGqCGCjspVLuukgtpmtU7xSC3tnEiHS0PxG1MyU
L8GeGauYjYnu3XKW5JEw7CglWm744dEYZscqmc9ur+w1cviDvvI2Rfy9d4zez2bQ
sDWzY58WBA0arhqDMcPz61ArftjJNqBa5CiDcXpq5NppO/TwO3o8qZFw64S3/NSt
ouKOTzqYUsPhtTA3uh9RXZ3Po0C2Ho88IkEgKigNkGtRQMXMIZkX81jWTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDG7zY6YxAskXJimEDISr59vnBV5MB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvTWJ2TmpwakVDeVJjbUtZUU1oS3ZuMi1jRlhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPtx6MA0G
CSqGSIb3DQEBCwUAA4IBAQCUO4R+PVUROiIZgYGOVSpESFrmv3DqW9PV1HXB3j8P
evZrl752M8Q4F/PAZjm8y2yDRO3yWNrSdc4CgBaGxijyDhCN4IYfo+Q1EiJr8SeN
J12NDXidm1klF2QmChJeFpYtGEh2zv6zKOQkyUj2yMWgtj+QX/xECJQUJ5byS0a5
xfad2uTO/HqB62LDu5X/LE3hw4wd2xVqhdByCPhpiL/VQWiOhBtUagO83Mh5aLx+
lh5f3O0MAzdwfP3ybOjDkVvo6Y3C+BOR52I/K+C4fDUUwP/wt7a2jWRi3UaZ+9Ih
Rhg1qMUFFE5s67uuVXs454/8UJghMWumqCP3VY9W96Ep
-----END CERTIFICATE-----