Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/MSnKv-V5f4ZhMSBkUowC4eAKwnc.roa
File:                     MSnKv-V5f4ZhMSBkUowC4eAKwnc.roa (raw, json)
Hash identifier:          GNpg734fprSqUaaC2JbrcVA6y9oknxkgNnhf9ZX5sJE=
Subject key identifier:   31:29:CA:BF:E5:79:7F:86:61:31:20:64:52:8C:02:E1:E0:0A:C2:77
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       0199CEE0B998F9CC2D2CD729859CB5B658EF
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/MSnKv-V5f4ZhMSBkUowC4eAKwnc.roa
Signing time:             Fri 10 Oct 2025 16:07:38 +0000
ROA not before:           Fri 10 Oct 2025 16:07:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53856
IP address blocks:        194.26.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:e0:b9:98:f9:cc:2d:2c:d7:29:85:9c:b5:b6:58:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Oct 10 16:07:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3129cabfe5797f8661312064528c02e1e00ac277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bb:78:bc:c9:15:46:eb:f9:8f:3d:34:50:4e:
                    ba:af:bf:ed:6b:5a:f9:f8:52:f2:4e:7c:08:97:cd:
                    9e:56:bc:19:c7:3b:63:e5:3f:bc:a2:07:36:87:96:
                    0d:28:de:4f:34:20:48:63:d0:0e:d6:f7:b7:c1:7a:
                    71:0d:13:30:4c:47:cf:f3:d9:ed:0d:a8:5a:ba:4c:
                    84:f1:f1:af:b4:6a:80:7d:1c:2c:a9:ce:e4:4e:6f:
                    74:e9:da:45:e4:60:e6:fd:67:28:5c:e9:76:ee:fa:
                    90:df:90:c6:b0:a3:1d:97:4e:62:e8:4c:d1:f5:54:
                    d3:39:1c:72:93:9c:ff:5b:cc:40:52:0b:d6:a3:88:
                    e1:44:da:7e:12:87:c0:5e:86:16:78:34:75:99:a4:
                    9a:7f:2f:68:e7:f9:75:b0:8d:71:03:1c:6f:c8:7b:
                    8a:87:2f:8b:96:df:7d:18:82:57:e6:00:7a:6e:03:
                    c7:e5:00:c0:69:23:7f:1c:47:87:d7:66:21:d6:18:
                    e1:17:af:a5:d0:88:10:7b:e9:bc:72:8d:fc:d8:12:
                    44:e2:0b:ed:af:ad:19:d8:74:8c:18:32:24:bb:ce:
                    f4:ac:ad:b1:bf:6a:6c:93:e0:62:87:b4:6d:bd:c9:
                    cc:0a:08:5a:29:ff:3c:0d:78:ac:bc:f9:80:d1:4f:
                    04:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:29:CA:BF:E5:79:7F:86:61:31:20:64:52:8C:02:E1:E0:0A:C2:77
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/MSnKv-V5f4ZhMSBkUowC4eAKwnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:1e:6f:ec:ed:d7:e8:b9:80:aa:4a:91:fb:66:f7:eb:04:fb:
         c6:4c:14:3a:1d:7c:a0:c0:b8:7c:ec:64:02:11:72:a2:fc:61:
         24:6d:8f:22:56:02:e4:4e:66:d8:f5:5d:ac:0f:33:e4:4f:dc:
         79:b3:5e:67:73:c0:c9:30:08:83:86:0a:c4:4e:fa:75:73:c0:
         8a:ca:4f:4d:8d:90:ca:02:75:37:96:da:ef:50:b2:4e:e6:1f:
         34:66:de:d7:7f:64:b2:c3:b3:d5:b1:23:7f:58:b7:54:33:06:
         f8:1c:01:fd:e4:c9:d4:d1:0c:f9:84:e0:76:fa:8a:c2:06:8d:
         7f:b3:15:2d:2c:a7:df:a7:23:1c:a6:67:84:47:e8:23:73:c9:
         6d:c9:b8:f6:0a:df:6e:9e:99:1a:02:b7:da:ef:0e:15:f0:9d:
         f1:8b:af:93:d2:0d:1f:b9:60:44:bf:57:de:56:08:ad:96:18:
         a7:7d:b1:15:f1:f4:9a:e7:0c:a8:cd:b4:bd:be:6c:d2:85:b5:
         74:b5:3b:60:98:fb:31:90:51:c0:66:8d:3c:1e:45:ad:fa:7d:
         21:88:44:64:ef:2e:84:79:5e:ed:a5:cf:6f:55:88:6e:85:9a:
         12:30:0e:6c:ff:e3:dc:08:e7:1e:40:45:82:19:a3:c5:01:89:
         e3:a5:2b:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnO4LmY+cwtLNcphZy1tljvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjUxMDEwMTYwNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI5Y2FiZmU1Nzk3Zjg2NjEzMTIwNjQ1MjhjMDJlMWUwMGFjMjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7t4vMkVRuv5jz00UE66r7/ta1r5
+FLyTnwIl82eVrwZxztj5T+8ogc2h5YNKN5PNCBIY9AO1ve3wXpxDRMwTEfP89nt
DahaukyE8fGvtGqAfRwsqc7kTm906dpF5GDm/WcoXOl27vqQ35DGsKMdl05i6EzR
9VTTORxyk5z/W8xAUgvWo4jhRNp+EofAXoYWeDR1maSafy9o5/l1sI1xAxxvyHuK
hy+Llt99GIJX5gB6bgPH5QDAaSN/HEeH12Yh1hjhF6+l0IgQe+m8co382BJE4gvt
r60Z2HSMGDIku870rK2xv2psk+Bih7RtvcnMCghaKf88DXisvPmA0U8EDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEpyr/leX+GYTEgZFKMAuHgCsJ3MB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvTVNuS3YtVjVmNFpoTVNCa1Vvd0M0ZUFLd25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhraMA0G
CSqGSIb3DQEBCwUAA4IBAQCsHm/s7dfouYCqSpH7ZvfrBPvGTBQ6HXygwLh87GQC
EXKi/GEkbY8iVgLkTmbY9V2sDzPkT9x5s15nc8DJMAiDhgrETvp1c8CKyk9NjZDK
AnU3ltrvULJO5h80Zt7Xf2Syw7PVsSN/WLdUMwb4HAH95MnU0Qz5hOB2+orCBo1/
sxUtLKffpyMcpmeER+gjc8ltybj2Ct9unpkaArfa7w4V8J3xi6+T0g0fuWBEv1fe
VgitlhinfbEV8fSa5wyozbS9vmzShbV0tTtgmPsxkFHAZo08HkWt+n0hiERk7y6E
eV7tpc9vVYhuhZoSMA5s/+PcCOceQEWCGaPFAYnjpSsv
-----END CERTIFICATE-----