Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/MKMxfWvmz2LhPfN0AO6kIjx4_i4.roa
File:                     MKMxfWvmz2LhPfN0AO6kIjx4_i4.roa (raw, json)
Hash identifier:          RBO8o15DgznSyTBOVtLWyg+YfWl1Xfsv3AO7LGd0yBE=
Subject key identifier:   30:A3:31:7D:6B:E6:CF:62:E1:3D:F3:74:00:EE:A4:22:3C:78:FE:2E
Certificate issuer:       /CN=a2ae3569689ff542a911d7098b82466e6ea9fc85
Certificate serial:       019898941581923BC34CF8E8BFDEDC6D9D84
Authority key identifier: A2:AE:35:69:68:9F:F5:42:A9:11:D7:09:8B:82:46:6E:6E:A9:FC:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oq41aWif9UKpEdcJi4JGbm6p_IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/MKMxfWvmz2LhPfN0AO6kIjx4_i4.roa
Signing time:             Mon 11 Aug 2025 10:01:38 +0000
ROA not before:           Mon 11 Aug 2025 10:01:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        80.249.132.0/24 maxlen: 24
                          2a10:b5c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/oq41aWif9UKpEdcJi4JGbm6p_IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/oq41aWif9UKpEdcJi4JGbm6p_IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oq41aWif9UKpEdcJi4JGbm6p_IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:94:15:81:92:3b:c3:4c:f8:e8:bf:de:dc:6d:9d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2ae3569689ff542a911d7098b82466e6ea9fc85
        Validity
            Not Before: Aug 11 10:01:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30a3317d6be6cf62e13df37400eea4223c78fe2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:01:4d:7d:d8:96:5b:0f:09:2d:f5:39:5b:02:
                    2b:08:84:c2:97:01:33:57:51:61:6a:ab:8b:5d:15:
                    6a:a8:15:1c:fc:3c:43:91:61:ac:95:af:d7:c4:cc:
                    19:f9:a9:b0:aa:1c:54:f9:4f:66:01:c4:d2:69:f2:
                    bd:e4:15:1c:2d:7f:56:34:a6:95:9e:d8:74:70:b1:
                    33:a2:63:a5:98:4e:3b:6b:53:89:9a:93:53:c3:18:
                    5b:b6:cb:33:88:7a:8f:f2:4a:31:47:0b:33:2f:00:
                    ac:fe:91:e1:7c:2b:f5:06:04:00:69:88:5a:de:b1:
                    95:c0:27:9f:ca:c3:e3:1b:22:3d:ce:37:ac:cd:a7:
                    2d:51:e4:58:8a:e1:b8:34:d0:07:48:ee:b9:b8:3c:
                    7e:87:38:f8:d0:1c:43:a5:84:3c:f7:d7:6e:56:27:
                    77:c8:54:16:b0:da:fa:2f:50:b3:d4:76:79:ac:9e:
                    50:0a:80:3a:ed:f8:31:61:8f:11:85:63:30:f8:33:
                    90:c1:26:50:48:d2:0f:91:aa:47:53:9d:b4:ae:cb:
                    d1:ec:bc:c5:ed:8c:ae:b1:09:95:28:4c:02:40:bc:
                    31:d6:cc:55:18:9c:df:8a:2e:74:0a:b8:9a:35:69:
                    dc:81:b4:8c:04:5d:f8:b1:6b:cc:2b:be:a7:12:b6:
                    3e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A3:31:7D:6B:E6:CF:62:E1:3D:F3:74:00:EE:A4:22:3C:78:FE:2E
            X509v3 Authority Key Identifier:
                keyid:A2:AE:35:69:68:9F:F5:42:A9:11:D7:09:8B:82:46:6E:6E:A9:FC:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oq41aWif9UKpEdcJi4JGbm6p_IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/MKMxfWvmz2LhPfN0AO6kIjx4_i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/98867c-856e-46c9-8925-6ea5d8b75411/1/oq41aWif9UKpEdcJi4JGbm6p_IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.132.0/24
                IPv6:
                  2a10:b5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:62:b1:b7:10:22:e9:ce:c9:9f:30:51:d6:71:25:2f:ce:51:
         8f:99:73:1e:72:da:5b:72:9d:b7:f4:59:03:83:47:2e:89:33:
         72:7e:1d:3b:82:50:3d:e3:c7:7a:76:5c:9f:bc:2d:48:44:c1:
         0b:a3:74:9d:e0:81:f1:7a:0e:78:dc:15:d2:01:60:05:c5:b9:
         03:c8:fd:1f:72:ea:43:0e:d1:b7:45:e1:ee:81:e2:0f:7b:83:
         e3:1a:3d:bd:d0:91:75:7f:95:40:2c:8c:e0:cf:9d:64:dc:97:
         d5:fe:5b:f5:8f:bb:d6:5c:55:3d:ae:08:c3:0b:d7:39:97:d1:
         d5:51:57:b6:c9:8f:28:3b:d8:42:cb:80:bb:b6:5d:30:4e:6a:
         41:cf:19:15:7d:e7:6c:20:cf:ed:c3:5e:eb:78:ee:69:2b:7e:
         07:da:7b:3d:93:60:71:c3:4b:14:c4:f5:6c:8f:2c:7c:18:32:
         f6:4d:04:c5:19:6d:b2:ef:ce:a2:eb:b3:c0:73:0f:37:0d:cb:
         5a:93:1f:79:1a:44:a4:8a:90:45:7c:63:96:84:8b:67:cf:e4:
         c1:3d:46:26:70:47:8f:bf:a3:b7:2c:36:64:42:21:47:bf:b5:
         a4:a7:45:af:71:87:c2:7d:b2:86:46:0d:27:cb:a1:92:83:41:
         2f:d5:81:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZiYlBWBkjvDTPjov97cbZ2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYWUzNTY5Njg5ZmY1NDJhOTExZDcwOThiODI0NjZlNmVh
OWZjODUwHhcNMjUwODExMTAwMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGEzMzE3ZDZiZTZjZjYyZTEzZGYzNzQwMGVlYTQyMjNjNzhmZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5gFNfdiWWw8JLfU5WwIrCITClwEz
V1FhaquLXRVqqBUc/DxDkWGsla/XxMwZ+amwqhxU+U9mAcTSafK95BUcLX9WNKaV
nth0cLEzomOlmE47a1OJmpNTwxhbtssziHqP8koxRwszLwCs/pHhfCv1BgQAaYha
3rGVwCefysPjGyI9zjeszactUeRYiuG4NNAHSO65uDx+hzj40BxDpYQ899duVid3
yFQWsNr6L1Cz1HZ5rJ5QCoA67fgxYY8RhWMw+DOQwSZQSNIPkapHU520rsvR7LzF
7YyusQmVKEwCQLwx1sxVGJzfii50CriaNWncgbSMBF34sWvMK76nErY+cQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDCjMX1r5s9i4T3zdADupCI8eP4uMB8GA1UdIwQY
MBaAFKKuNWlon/VCqRHXCYuCRm5uqfyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3E0MWFXaWY5VUtwRWRjSmk0SkdibTZwX0lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85ODg2N2MtODU2ZS00NmM5LTg5MjUt
NmVhNWQ4Yjc1NDExLzEvTUtNeGZXdm16MkxoUGZOMEFPNmtJang0X2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85ODg2N2MtODU2ZS00NmM5LTg5MjUtNmVhNWQ4Yjc1NDEx
LzEvb3E0MWFXaWY5VUtwRWRjSmk0SkdibTZwX0lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUPmEMA0E
AgACMAcDBQMqELXAMA0GCSqGSIb3DQEBCwUAA4IBAQBcYrG3ECLpzsmfMFHWcSUv
zlGPmXMectpbcp239FkDg0cuiTNyfh07glA948d6dlyfvC1IRMELo3Sd4IHxeg54
3BXSAWAFxbkDyP0fcupDDtG3ReHugeIPe4PjGj290JF1f5VALIzgz51k3JfV/lv1
j7vWXFU9rgjDC9c5l9HVUVe2yY8oO9hCy4C7tl0wTmpBzxkVfedsIM/tw17reO5p
K34H2ns9k2Bxw0sUxPVsjyx8GDL2TQTFGW2y786i67PAcw83Dctakx95GkSkipBF
fGOWhItnz+TBPUYmcEePv6O3LDZkQiFHv7Wkp0WvcYfCfbKGRg0ny6GSg0Ev1YFs
-----END CERTIFICATE-----