Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/mnp_uzPNuPiUK3TrUmFNgiNmNY8.roa
File:                     mnp_uzPNuPiUK3TrUmFNgiNmNY8.roa (raw, json)
Hash identifier:          9S7aILwvPQVBbceAkPURmV9yU8Bufrpsa3/9WSfefOI=
Subject key identifier:   9A:7A:7F:BB:33:CD:B8:F8:94:2B:74:EB:52:61:4D:82:23:66:35:8F
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D0DCDE271F1B29212E123ABA2A87B72B9
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/mnp_uzPNuPiUK3TrUmFNgiNmNY8.roa
Signing time:             Sat 21 Mar 2026 00:31:29 +0000
ROA not before:           Sat 21 Mar 2026 00:31:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213845
IP address blocks:        77.93.88.0/24 maxlen: 24
                          91.221.40.0/24 maxlen: 24
                          2a14:7dc0:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0d:cd:e2:71:f1:b2:92:12:e1:23:ab:a2:a8:7b:72:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Mar 21 00:31:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a7a7fbb33cdb8f8942b74eb52614d822366358f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5b:18:70:81:63:99:bc:2d:e3:d3:14:b1:5f:
                    3a:62:40:32:1f:2a:c3:67:f6:0b:fa:f1:c1:42:ce:
                    b5:ed:38:64:42:4c:ca:01:6e:cd:a0:c3:5b:ec:0c:
                    45:79:9c:a0:b4:ff:4b:e6:99:7f:7e:06:44:24:25:
                    7f:3a:50:c0:50:9d:a4:0b:e1:ae:0d:e9:4c:a7:43:
                    fe:60:ea:92:98:2d:67:eb:d1:49:81:a4:b1:96:75:
                    c3:19:a0:e2:0f:3e:4a:52:24:d0:f5:bb:4d:6f:bc:
                    32:e1:ca:67:74:10:fb:55:67:cc:19:ab:38:d6:99:
                    01:64:10:94:f4:bb:0c:5c:a8:7c:9d:1e:85:b5:71:
                    dc:91:cc:b1:f0:a4:2d:f6:c9:0c:f0:f5:27:dd:8e:
                    0a:36:b0:3a:c8:70:f7:b9:09:35:1b:c3:5a:ff:d1:
                    ca:f8:c1:e1:4b:a2:9d:f6:21:00:77:df:ca:af:27:
                    ea:60:01:dd:9d:e8:03:03:55:d8:16:33:0d:8a:b5:
                    8b:c0:45:db:96:ee:5f:d4:3f:b8:c2:ec:62:4e:f4:
                    6c:ae:52:47:25:4e:eb:fa:ac:b4:53:fd:c3:04:26:
                    d6:10:ce:b9:64:b7:54:73:b7:63:d5:b8:d9:3c:24:
                    d8:03:5f:1c:27:ba:2a:a0:86:9d:3e:97:24:14:3e:
                    35:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:7A:7F:BB:33:CD:B8:F8:94:2B:74:EB:52:61:4D:82:23:66:35:8F
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/mnp_uzPNuPiUK3TrUmFNgiNmNY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.88.0/24
                  91.221.40.0/24
                IPv6:
                  2a14:7dc0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         bb:8d:60:fa:77:ab:03:27:36:0f:95:61:c7:93:b3:e6:99:9c:
         aa:77:77:c4:2e:08:1e:19:a8:f0:c1:69:85:8c:0f:72:58:e4:
         01:f9:a4:1e:98:e9:0b:68:84:07:92:b0:20:5b:3c:62:fb:34:
         99:22:12:84:4a:01:35:f0:0f:e2:40:42:09:b9:79:b4:a1:d8:
         c9:ce:6f:23:4f:8f:56:36:a8:cc:b0:91:14:13:62:6f:3d:38:
         49:a3:6d:b5:c6:d6:25:71:f4:47:62:e8:3e:26:79:57:e8:80:
         b6:ac:2a:ea:7c:31:c3:4f:a8:ba:8b:a1:c0:df:8b:b9:c8:5c:
         7c:4d:14:ae:71:c2:d4:f6:52:03:c8:32:3b:37:94:ca:6f:cd:
         7c:5c:4a:76:6b:78:b1:cf:65:9a:03:d2:ce:70:c7:5f:53:d1:
         4d:bf:a9:90:52:72:1c:27:52:f7:29:ef:36:91:71:e9:d2:5c:
         10:4f:24:35:87:91:da:be:ac:2e:24:47:38:71:26:94:df:67:
         91:10:12:95:b1:e5:c8:5b:00:5b:dd:6f:97:e6:28:a4:09:7f:
         e2:9b:c2:07:26:6f:ac:de:f9:be:ab:41:23:36:c3:60:08:ab:
         fe:b5:e2:d7:1b:23:5f:0c:78:84:47:24:47:87:bf:a2:04:4b:
         74:6f:8d:62
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZ0NzeJx8bKSEuEjq6Koe3K5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwMzIxMDAzMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTdhN2ZiYjMzY2RiOGY4OTQyYjc0ZWI1MjYxNGQ4MjIzNjYzNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lsYcIFjmbwt49MUsV86YkAyHyrD
Z/YL+vHBQs617ThkQkzKAW7NoMNb7AxFeZygtP9L5pl/fgZEJCV/OlDAUJ2kC+Gu
DelMp0P+YOqSmC1n69FJgaSxlnXDGaDiDz5KUiTQ9btNb7wy4cpndBD7VWfMGas4
1pkBZBCU9LsMXKh8nR6FtXHckcyx8KQt9skM8PUn3Y4KNrA6yHD3uQk1G8Na/9HK
+MHhS6Kd9iEAd9/KryfqYAHdnegDA1XYFjMNirWLwEXblu5f1D+4wuxiTvRsrlJH
JU7r+qy0U/3DBCbWEM65ZLdUc7dj1bjZPCTYA18cJ7oqoIadPpckFD41yQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJp6f7szzbj4lCt061JhTYIjZjWPMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvbW5wX3V6UE51UGlVSzNUclVtRk5naU5tTlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQATV1YAwQA
W90oMA4EAgACMAgDBgAqFH3AATANBgkqhkiG9w0BAQsFAAOCAQEAu41g+nerAyc2
D5Vhx5Oz5pmcqnd3xC4IHhmo8MFphYwPcljkAfmkHpjpC2iEB5KwIFs8Yvs0mSIS
hEoBNfAP4kBCCbl5tKHYyc5vI0+PVjaozLCRFBNibz04SaNttcbWJXH0R2LoPiZ5
V+iAtqwq6nwxw0+ououhwN+LuchcfE0UrnHC1PZSA8gyOzeUym/NfFxKdmt4sc9l
mgPSznDHX1PRTb+pkFJyHCdS9ynvNpFx6dJcEE8kNYeR2r6sLiRHOHEmlN9nkRAS
lbHlyFsAW91vl+YopAl/4pvCByZvrN75vqtBIzbDYAir/rXi1xsjXwx4hEckR4e/
ogRLdG+NYg==
-----END CERTIFICATE-----