Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/MJtCVVy7xxJhXUWGWWZ2lNCGj1k.roa
File:                     MJtCVVy7xxJhXUWGWWZ2lNCGj1k.roa (raw, json)
Hash identifier:          HdvJHKbNcNPfl/JOSdnPb5pLI2El/VPr+80cW88sPD4=
Subject key identifier:   30:9B:42:55:5C:BB:C7:12:61:5D:45:86:59:66:76:94:D0:86:8F:59
Certificate issuer:       /CN=6d7b79604af1f3908f4817956626353ee6ffc1f4
Certificate serial:       019CE68BDAB2CFD1B520248F88631E21FF4D
Authority key identifier: 6D:7B:79:60:4A:F1:F3:90:8F:48:17:95:66:26:35:3E:E6:FF:C1:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXt5YErx85CPSBeVZiY1Pub_wfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/MJtCVVy7xxJhXUWGWWZ2lNCGj1k.roa
Signing time:             Fri 13 Mar 2026 09:34:11 +0000
ROA not before:           Fri 13 Mar 2026 09:34:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44558
IP address blocks:        185.37.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/bXt5YErx85CPSBeVZiY1Pub_wfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/bXt5YErx85CPSBeVZiY1Pub_wfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXt5YErx85CPSBeVZiY1Pub_wfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:8b:da:b2:cf:d1:b5:20:24:8f:88:63:1e:21:ff:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7b79604af1f3908f4817956626353ee6ffc1f4
        Validity
            Not Before: Mar 13 09:34:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=309b42555cbbc712615d458659667694d0868f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8c:d4:88:5b:45:75:df:87:76:34:a3:51:d0:
                    23:e6:b7:51:2d:b3:c6:7d:49:53:07:3a:28:91:85:
                    74:aa:10:ea:ad:d2:c5:bf:77:9b:43:2e:2d:3d:bf:
                    6a:ad:b4:9a:ec:13:f1:70:1c:64:a6:4b:58:18:4a:
                    a8:77:65:42:58:32:fa:33:8e:65:f5:0c:9b:29:f9:
                    a2:d4:a1:78:32:55:11:ff:21:43:c7:27:85:b1:3c:
                    98:dc:d8:7d:56:a9:85:83:d3:5f:0a:2d:62:fc:1f:
                    1e:e7:0e:df:ff:66:4e:12:43:67:c2:20:ec:90:bd:
                    4b:1c:f1:5d:34:ca:21:4d:72:75:22:03:5f:3b:07:
                    38:8a:20:a8:8d:e1:d6:75:9d:91:d2:09:28:29:6c:
                    da:12:7b:65:04:2b:80:78:26:d1:50:4c:be:17:b0:
                    8f:1a:3a:c1:5b:2c:c4:e3:e5:bb:ce:65:39:f6:ec:
                    c0:74:99:9a:34:0b:9c:d7:6b:7d:21:63:b5:d5:c1:
                    db:7e:b4:f2:60:55:d4:ac:88:71:74:33:b1:2d:99:
                    8a:a5:dc:49:89:0f:ae:b3:4d:f8:c5:3c:77:62:66:
                    6c:2a:6b:b5:9d:a2:c6:46:d4:80:b7:82:0e:36:81:
                    f3:a6:d2:19:7a:66:65:ae:c9:79:64:a8:60:34:57:
                    02:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:9B:42:55:5C:BB:C7:12:61:5D:45:86:59:66:76:94:D0:86:8F:59
            X509v3 Authority Key Identifier:
                keyid:6D:7B:79:60:4A:F1:F3:90:8F:48:17:95:66:26:35:3E:E6:FF:C1:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXt5YErx85CPSBeVZiY1Pub_wfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/MJtCVVy7xxJhXUWGWWZ2lNCGj1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/93a734-3cb7-412c-b45f-275b6e9fbc63/1/bXt5YErx85CPSBeVZiY1Pub_wfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:b5:34:d7:c6:96:e2:45:b9:77:a0:06:33:04:f9:f8:d5:d5:
         f7:77:7f:28:b6:20:f7:01:ab:d8:d2:4b:ba:c7:bb:43:3e:ec:
         be:66:19:ec:4e:cb:4e:71:e2:85:b2:70:8f:17:a9:2a:54:96:
         33:c4:0b:81:e8:4f:a9:6a:c8:fb:74:45:d1:ce:88:20:5a:2c:
         29:b5:87:71:d7:4e:49:92:4b:d0:04:6f:23:3b:0f:c2:71:22:
         13:f2:b1:74:40:8b:5a:95:e8:71:a7:dc:31:0b:77:8b:90:0c:
         3f:3d:d3:c6:5a:db:bc:c7:f8:63:2e:f1:26:ef:bc:8d:8a:5e:
         61:ab:61:d7:88:09:99:5d:53:78:79:65:d2:93:a8:5d:e6:35:
         fa:16:96:29:32:a2:d9:1b:08:d6:02:03:3d:1c:ac:9a:7e:45:
         12:70:9f:d7:85:1e:48:7a:e9:61:d5:56:9b:60:be:f4:1c:c0:
         dc:88:36:7b:7c:43:7a:9a:a4:cd:35:31:af:5e:e7:35:f1:0e:
         6b:fc:16:cf:cd:87:09:ce:c5:b2:0e:f0:23:10:3c:c6:7a:d5:
         bc:ee:02:76:36:05:9e:1b:2d:02:2b:7f:73:75:96:2e:d8:70:
         54:78:bd:e6:61:d8:eb:b4:5c:05:44:9c:d4:a6:06:bc:79:a2:
         2d:0e:19:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzmi9qyz9G1ICSPiGMeIf9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkN2I3OTYwNGFmMWYzOTA4ZjQ4MTc5NTY2MjYzNTNlZTZm
ZmMxZjQwHhcNMjYwMzEzMDkzNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDliNDI1NTVjYmJjNzEyNjE1ZDQ1ODY1OTY2NzY5NGQwODY4ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIzUiFtFdd+HdjSjUdAj5rdRLbPG
fUlTBzookYV0qhDqrdLFv3ebQy4tPb9qrbSa7BPxcBxkpktYGEqod2VCWDL6M45l
9QybKfmi1KF4MlUR/yFDxyeFsTyY3Nh9VqmFg9NfCi1i/B8e5w7f/2ZOEkNnwiDs
kL1LHPFdNMohTXJ1IgNfOwc4iiCojeHWdZ2R0gkoKWzaEntlBCuAeCbRUEy+F7CP
GjrBWyzE4+W7zmU59uzAdJmaNAuc12t9IWO11cHbfrTyYFXUrIhxdDOxLZmKpdxJ
iQ+us034xTx3YmZsKmu1naLGRtSAt4IONoHzptIZemZlrsl5ZKhgNFcCYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCbQlVcu8cSYV1FhllmdpTQho9ZMB8GA1UdIwQY
MBaAFG17eWBK8fOQj0gXlWYmNT7m/8H0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlh0NVlFcng4NUNQU0JlVlppWTFQdWJfd2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85M2E3MzQtM2NiNy00MTJjLWI0NWYt
Mjc1YjZlOWZiYzYzLzEvTUp0Q1ZWeTd4eEpoWFVXR1dXWjJsTkNHajFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85M2E3MzQtM2NiNy00MTJjLWI0NWYtMjc1YjZlOWZiYzYz
LzEvYlh0NVlFcng4NUNQU0JlVlppWTFQdWJfd2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSW4MA0G
CSqGSIb3DQEBCwUAA4IBAQCntTTXxpbiRbl3oAYzBPn41dX3d38otiD3AavY0ku6
x7tDPuy+ZhnsTstOceKFsnCPF6kqVJYzxAuB6E+pasj7dEXRzoggWiwptYdx105J
kkvQBG8jOw/CcSIT8rF0QItalehxp9wxC3eLkAw/PdPGWtu8x/hjLvEm77yNil5h
q2HXiAmZXVN4eWXSk6hd5jX6FpYpMqLZGwjWAgM9HKyafkUScJ/XhR5Ieulh1Vab
YL70HMDciDZ7fEN6mqTNNTGvXuc18Q5r/BbPzYcJzsWyDvAjEDzGetW87gJ2NgWe
Gy0CK39zdZYu2HBUeL3mYdjrtFwFRJzUpga8eaItDhmm
-----END CERTIFICATE-----