Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/bade83-7a84-4c42-9d26-fce9e2bf4ef9/1/MXRadGpzqEbp0mkxJfqHUigmWBA.roa
File:                     MXRadGpzqEbp0mkxJfqHUigmWBA.roa (raw, json)
Hash identifier:          wm6CRKGDQ4Q1PS4u4levZbaZ8tcUlI9RmOi9JQKCpTM=
Subject key identifier:   31:74:5A:74:6A:73:A8:46:E9:D2:69:31:25:FA:87:52:28:26:58:10
Certificate issuer:       /CN=7cd1bc700905d1ac6d7733aebc3263e6ae76fa97
Certificate serial:       0198797CEBA2C76022C41A859EEC64E89FD3
Authority key identifier: 7C:D1:BC:70:09:05:D1:AC:6D:77:33:AE:BC:32:63:E6:AE:76:FA:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNG8cAkF0axtdzOuvDJj5q52-pc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/bade83-7a84-4c42-9d26-fce9e2bf4ef9/1/MXRadGpzqEbp0mkxJfqHUigmWBA.roa
Signing time:             Tue 05 Aug 2025 09:08:06 +0000
ROA not before:           Tue 05 Aug 2025 09:08:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1103
IP address blocks:        194.53.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/bade83-7a84-4c42-9d26-fce9e2bf4ef9/1/fNG8cAkF0axtdzOuvDJj5q52-pc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/bade83-7a84-4c42-9d26-fce9e2bf4ef9/1/fNG8cAkF0axtdzOuvDJj5q52-pc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fNG8cAkF0axtdzOuvDJj5q52-pc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:79:7c:eb:a2:c7:60:22:c4:1a:85:9e:ec:64:e8:9f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cd1bc700905d1ac6d7733aebc3263e6ae76fa97
        Validity
            Not Before: Aug  5 09:08:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31745a746a73a846e9d2693125fa875228265810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:45:6b:ad:26:84:44:4a:d9:d8:57:31:59:46:
                    d2:35:f2:fb:c4:c8:9e:6a:a8:11:20:03:7e:4d:e1:
                    f7:78:f1:1e:04:5c:f3:1b:80:bd:9a:33:3c:ce:61:
                    bb:b4:52:b0:68:f5:88:50:e7:de:b4:6a:4f:a0:88:
                    88:17:ac:d2:b8:5c:8c:28:62:03:4a:00:53:6f:9e:
                    29:c4:11:36:99:28:9d:0f:df:c2:a0:c0:18:2f:8f:
                    5a:7a:b4:0c:e7:e9:4b:62:47:67:5f:fa:a4:23:00:
                    e7:27:d8:20:7f:e1:05:59:10:c5:3d:32:a9:ae:f7:
                    cf:06:fb:45:c5:2b:72:d6:39:9b:83:fd:71:df:35:
                    20:b2:64:bb:b9:af:82:64:a7:7c:86:e4:ff:41:91:
                    e7:41:04:4b:83:87:ed:4f:99:0b:e7:c8:e9:be:ae:
                    46:13:f6:7b:ac:01:7e:72:b6:08:4e:1c:23:a7:e4:
                    bb:ae:49:46:c4:9c:ae:1f:cf:40:ad:a3:8d:21:1c:
                    c0:b5:52:d9:ca:7b:39:10:26:69:5f:ab:d1:a0:e2:
                    af:18:44:21:86:eb:b3:e5:ed:d1:60:44:8c:3e:f1:
                    3d:e4:aa:dc:21:7b:54:57:79:4b:99:3e:3e:a6:74:
                    ed:88:4f:bd:2f:6d:bf:b5:02:b3:bd:1d:e0:12:51:
                    0d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:74:5A:74:6A:73:A8:46:E9:D2:69:31:25:FA:87:52:28:26:58:10
            X509v3 Authority Key Identifier:
                keyid:7C:D1:BC:70:09:05:D1:AC:6D:77:33:AE:BC:32:63:E6:AE:76:FA:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNG8cAkF0axtdzOuvDJj5q52-pc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/bade83-7a84-4c42-9d26-fce9e2bf4ef9/1/MXRadGpzqEbp0mkxJfqHUigmWBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/bade83-7a84-4c42-9d26-fce9e2bf4ef9/1/fNG8cAkF0axtdzOuvDJj5q52-pc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:ac:c3:fe:b8:86:d1:dd:97:6d:08:10:bc:b0:3b:df:67:61:
         36:ef:c3:f7:a4:7a:b6:1c:d4:a1:c1:ce:27:87:4d:20:82:08:
         03:c3:99:96:54:03:1a:54:62:74:85:6c:8f:33:dc:f5:b8:3d:
         e8:bd:01:71:20:f8:12:46:11:17:ed:89:71:a1:7f:35:3f:1c:
         ce:35:48:9c:e7:ad:ac:5d:7b:b1:38:7a:51:5a:ef:99:a9:8b:
         30:58:66:37:ff:e1:50:b0:12:ce:45:e9:9b:37:df:d3:c5:08:
         04:1b:c5:03:bb:a2:08:e3:a5:22:b4:72:43:5b:00:de:aa:5c:
         3f:66:85:21:21:09:73:99:8d:a4:a6:c4:fb:ab:83:02:0f:48:
         48:ca:27:58:32:e9:69:b3:3a:32:f0:5e:bd:e0:cc:40:ef:b3:
         f2:ce:d4:5b:0e:56:40:14:85:bc:a3:1a:f6:76:a0:9d:02:5c:
         a1:df:0f:1a:13:41:1d:f8:29:05:03:92:16:7c:e5:ae:5b:93:
         88:ec:a5:91:0e:f0:28:61:8d:b1:34:7c:8c:5a:5f:f0:cc:2a:
         d3:e2:91:d3:46:39:e2:0a:00:43:82:38:f8:e6:47:25:61:ac:
         cc:14:32:31:d5:51:84:fe:e5:fc:45:35:79:cb:bc:a8:e9:f0:
         42:a7:9a:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh5fOuix2AixBqFnuxk6J/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDFiYzcwMDkwNWQxYWM2ZDc3MzNhZWJjMzI2M2U2YWU3
NmZhOTcwHhcNMjUwODA1MDkwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc0NWE3NDZhNzNhODQ2ZTlkMjY5MzEyNWZhODc1MjI4MjY1ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kVrrSaERErZ2FcxWUbSNfL7xMie
aqgRIAN+TeH3ePEeBFzzG4C9mjM8zmG7tFKwaPWIUOfetGpPoIiIF6zSuFyMKGID
SgBTb54pxBE2mSidD9/CoMAYL49aerQM5+lLYkdnX/qkIwDnJ9ggf+EFWRDFPTKp
rvfPBvtFxSty1jmbg/1x3zUgsmS7ua+CZKd8huT/QZHnQQRLg4ftT5kL58jpvq5G
E/Z7rAF+crYIThwjp+S7rklGxJyuH89AraONIRzAtVLZyns5ECZpX6vRoOKvGEQh
huuz5e3RYESMPvE95KrcIXtUV3lLmT4+pnTtiE+9L22/tQKzvR3gElENOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDF0WnRqc6hG6dJpMSX6h1IoJlgQMB8GA1UdIwQY
MBaAFHzRvHAJBdGsbXczrrwyY+audvqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5HOGNBa0YwYXh0ZHpPdXZESmo1cTUyLXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9iYWRlODMtN2E4NC00YzQyLTlkMjYt
ZmNlOWUyYmY0ZWY5LzEvTVhSYWRHcHpxRWJwMG1reEpmcUhVaWdtV0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9iYWRlODMtN2E4NC00YzQyLTlkMjYtZmNlOWUyYmY0ZWY5
LzEvZk5HOGNBa0YwYXh0ZHpPdXZESmo1cTUyLXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjVcMA0G
CSqGSIb3DQEBCwUAA4IBAQCdrMP+uIbR3ZdtCBC8sDvfZ2E278P3pHq2HNShwc4n
h00ggggDw5mWVAMaVGJ0hWyPM9z1uD3ovQFxIPgSRhEX7YlxoX81PxzONUic562s
XXuxOHpRWu+ZqYswWGY3/+FQsBLORembN9/TxQgEG8UDu6II46UitHJDWwDeqlw/
ZoUhIQlzmY2kpsT7q4MCD0hIyidYMulpszoy8F694MxA77PyztRbDlZAFIW8oxr2
dqCdAlyh3w8aE0Ed+CkFA5IWfOWuW5OI7KWRDvAoYY2xNHyMWl/wzCrT4pHTRjni
CgBDgjj45kclYazMFDIx1VGE/uX8RTV5y7yo6fBCp5rq
-----END CERTIFICATE-----