Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/26e21e-db81-46c7-955a-77d315cc16aa/1/mbvBXE7Ze3cn1Ev3k2dL5On_YTs.roa
File:                     mbvBXE7Ze3cn1Ev3k2dL5On_YTs.roa (raw, json)
Hash identifier:          YK3JNqfED7VqhxPOSKGy2n6p5fg+7MEO42BqGf+EejI=
Subject key identifier:   99:BB:C1:5C:4E:D9:7B:77:27:D4:4B:F7:93:67:4B:E4:E9:FF:61:3B
Certificate issuer:       /CN=a63ff3b1accd8201a4116c98757339234289801e
Certificate serial:       0199967B3C1A864B9E0E2C069505708D2673
Authority key identifier: A6:3F:F3:B1:AC:CD:82:01:A4:11:6C:98:75:73:39:23:42:89:80:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pj_zsazNggGkEWyYdXM5I0KJgB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/26e21e-db81-46c7-955a-77d315cc16aa/1/mbvBXE7Ze3cn1Ev3k2dL5On_YTs.roa
Signing time:             Mon 29 Sep 2025 17:18:02 +0000
ROA not before:           Mon 29 Sep 2025 17:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215199
IP address blocks:        185.130.103.0/24 maxlen: 24
                          2a14:3140::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/26e21e-db81-46c7-955a-77d315cc16aa/1/pj_zsazNggGkEWyYdXM5I0KJgB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/26e21e-db81-46c7-955a-77d315cc16aa/1/pj_zsazNggGkEWyYdXM5I0KJgB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pj_zsazNggGkEWyYdXM5I0KJgB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:96:7b:3c:1a:86:4b:9e:0e:2c:06:95:05:70:8d:26:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63ff3b1accd8201a4116c98757339234289801e
        Validity
            Not Before: Sep 29 17:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99bbc15c4ed97b7727d44bf793674be4e9ff613b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:82:21:11:6d:30:14:55:1b:d4:96:91:db:f9:
                    f2:a1:dc:4d:4e:72:8b:79:4e:b8:a1:13:b2:4a:26:
                    bd:48:10:7e:ba:74:43:2b:f0:3b:8b:78:36:b4:22:
                    15:53:d4:2d:19:50:1d:6a:1e:0c:4d:95:98:c1:c6:
                    45:ff:f4:6a:24:f1:13:34:ad:c9:24:db:7b:25:51:
                    5d:f0:db:ed:66:39:d2:9a:3a:f3:1d:f3:cf:76:d9:
                    da:2f:75:e2:41:fd:1d:5e:9d:5d:e4:74:04:96:48:
                    fa:8d:3c:ea:b9:2d:61:a8:9d:db:52:ec:63:c3:4e:
                    12:fb:47:35:b1:fc:f2:7f:74:3a:8a:c8:b1:99:f2:
                    d8:4a:b6:c6:5a:04:9c:94:e2:40:8c:12:7f:91:5e:
                    e9:61:34:9f:95:95:00:73:a8:09:2e:f6:92:81:d0:
                    cf:75:a7:aa:7c:b9:8d:14:b9:48:a8:08:5d:de:c7:
                    d7:85:bd:32:a2:aa:0c:55:00:0e:62:30:3c:dc:77:
                    71:de:db:c4:c0:42:ab:72:bc:d7:e0:cb:68:64:40:
                    bb:21:cd:ce:b5:34:6d:f7:7b:bb:72:13:65:06:4e:
                    0d:15:6c:35:87:de:b2:b4:41:ce:0d:81:85:f0:c3:
                    96:a9:4e:27:c1:7a:3c:11:1f:5b:95:f7:da:8e:53:
                    de:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:BB:C1:5C:4E:D9:7B:77:27:D4:4B:F7:93:67:4B:E4:E9:FF:61:3B
            X509v3 Authority Key Identifier:
                keyid:A6:3F:F3:B1:AC:CD:82:01:A4:11:6C:98:75:73:39:23:42:89:80:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pj_zsazNggGkEWyYdXM5I0KJgB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/26e21e-db81-46c7-955a-77d315cc16aa/1/mbvBXE7Ze3cn1Ev3k2dL5On_YTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/26e21e-db81-46c7-955a-77d315cc16aa/1/pj_zsazNggGkEWyYdXM5I0KJgB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.103.0/24
                IPv6:
                  2a14:3140::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:86:f2:37:df:96:32:6a:2c:3b:a3:d4:4d:04:27:67:1d:32:
         52:f3:83:3f:f7:50:25:1d:a0:3a:d9:cf:08:21:4b:b7:20:b3:
         9c:fd:7f:bf:48:e3:41:b1:4b:dc:47:11:cf:47:cc:dd:d3:b0:
         3f:35:02:37:95:7c:12:1f:3c:ec:30:92:d5:fc:92:5a:ca:82:
         a2:f2:34:0b:a6:55:0c:e2:89:88:68:7a:91:70:4b:74:2d:08:
         4a:48:cb:04:b6:55:8d:51:cc:4c:7b:d6:12:42:72:ff:21:27:
         d0:a6:25:2a:9b:2a:43:ac:35:1e:c1:82:bb:af:bd:50:d9:33:
         6b:3a:6b:a7:7e:b4:4b:67:20:9b:5f:5a:de:37:66:60:04:62:
         a3:91:39:27:7f:a5:5d:ab:a1:3f:84:5d:e5:91:b8:c5:d1:f7:
         a7:f5:ea:df:2e:9e:a9:2d:b0:f7:99:7c:5a:d7:10:33:cd:ff:
         b9:b0:82:dc:d0:9c:cd:07:69:54:7d:3a:48:c0:2b:5d:31:b4:
         31:27:21:e4:68:b1:5e:1c:e6:ff:ff:d2:87:c8:2a:ff:78:e0:
         a1:11:96:67:26:bd:64:b0:9e:0d:f6:77:b7:47:5e:9e:94:5b:
         96:1e:a9:d8:43:05:b7:a4:f5:da:d9:af:3f:9e:bd:2e:bd:fc:
         43:a3:57:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmWezwahkueDiwGlQVwjSZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2ZmM2IxYWNjZDgyMDFhNDExNmM5ODc1NzMzOTIzNDI4
OTgwMWUwHhcNMjUwOTI5MTcxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWJiYzE1YzRlZDk3Yjc3MjdkNDRiZjc5MzY3NGJlNGU5ZmY2MTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYIhEW0wFFUb1JaR2/nyodxNTnKL
eU64oROySia9SBB+unRDK/A7i3g2tCIVU9QtGVAdah4MTZWYwcZF//RqJPETNK3J
JNt7JVFd8NvtZjnSmjrzHfPPdtnaL3XiQf0dXp1d5HQElkj6jTzquS1hqJ3bUuxj
w04S+0c1sfzyf3Q6isixmfLYSrbGWgSclOJAjBJ/kV7pYTSflZUAc6gJLvaSgdDP
daeqfLmNFLlIqAhd3sfXhb0yoqoMVQAOYjA83Hdx3tvEwEKrcrzX4MtoZEC7Ic3O
tTRt93u7chNlBk4NFWw1h96ytEHODYGF8MOWqU4nwXo8ER9blffajlPewwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJm7wVxO2Xt3J9RL95NnS+Tp/2E7MB8GA1UdIwQY
MBaAFKY/87GszYIBpBFsmHVzOSNCiYAeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpfenNhek5nZ0drRVd5WWRYTTVJMEtKZ0I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8yNmUyMWUtZGI4MS00NmM3LTk1NWEt
NzdkMzE1Y2MxNmFhLzEvbWJ2QlhFN1plM2NuMUV2M2syZEw1T25fWVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8yNmUyMWUtZGI4MS00NmM3LTk1NWEtNzdkMzE1Y2MxNmFh
LzEvcGpfenNhek5nZ0drRVd5WWRYTTVJMEtKZ0I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYJnMA0E
AgACMAcDBQMqFDFAMA0GCSqGSIb3DQEBCwUAA4IBAQCYhvI335Yyaiw7o9RNBCdn
HTJS84M/91AlHaA62c8IIUu3ILOc/X+/SONBsUvcRxHPR8zd07A/NQI3lXwSHzzs
MJLV/JJayoKi8jQLplUM4omIaHqRcEt0LQhKSMsEtlWNUcxMe9YSQnL/ISfQpiUq
mypDrDUewYK7r71Q2TNrOmunfrRLZyCbX1reN2ZgBGKjkTknf6Vdq6E/hF3lkbjF
0fen9erfLp6pLbD3mXxa1xAzzf+5sILc0JzNB2lUfTpIwCtdMbQxJyHkaLFeHOb/
/9KHyCr/eOChEZZnJr1ksJ4N9ne3R16elFuWHqnYQwW3pPXa2a8/nr0uvfxDo1ds
-----END CERTIFICATE-----