Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/3e6f96-0cf8-4d66-84ba-b41335b00587/1/mp_GHNV3oXauSfYTml7M5-B_SzE.roa
File:                     mp_GHNV3oXauSfYTml7M5-B_SzE.roa (raw, json)
Hash identifier:          o6TxNWrAQ4DmV0/jzWqCauUXKEHG2x6UUHTMIwvWqGs=
Subject key identifier:   9A:9F:C6:1C:D5:77:A1:76:AE:49:F6:13:9A:5E:CC:E7:E0:7F:4B:31
Certificate issuer:       /CN=13edf4be313ae1c1be69881e2e4447ef2bf0b196
Certificate serial:       01992873875CA7C4626CC8AB4E7A8B887983
Authority key identifier: 13:ED:F4:BE:31:3A:E1:C1:BE:69:88:1E:2E:44:47:EF:2B:F0:B1:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-30vjE64cG-aYgeLkRH7yvwsZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/3e6f96-0cf8-4d66-84ba-b41335b00587/1/mp_GHNV3oXauSfYTml7M5-B_SzE.roa
Signing time:             Mon 08 Sep 2025 08:31:23 +0000
ROA not before:           Mon 08 Sep 2025 08:31:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202376
IP address blocks:        2.59.166.0/24 maxlen: 24
                          2.59.167.0/24 maxlen: 24
                          2a09:f540::/32 maxlen: 48
                          2a09:f541::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/3e6f96-0cf8-4d66-84ba-b41335b00587/1/E-30vjE64cG-aYgeLkRH7yvwsZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/3e6f96-0cf8-4d66-84ba-b41335b00587/1/E-30vjE64cG-aYgeLkRH7yvwsZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-30vjE64cG-aYgeLkRH7yvwsZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:73:87:5c:a7:c4:62:6c:c8:ab:4e:7a:8b:88:79:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13edf4be313ae1c1be69881e2e4447ef2bf0b196
        Validity
            Not Before: Sep  8 08:31:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a9fc61cd577a176ae49f6139a5ecce7e07f4b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4a:ba:47:5f:61:55:65:27:de:9d:ed:d5:d8:
                    d1:db:fd:95:ed:92:3a:00:85:6e:c2:80:52:57:f5:
                    b3:5c:e3:d1:00:37:a8:a7:f3:39:ac:8a:74:3c:70:
                    92:f9:15:53:cf:cf:1a:91:14:22:75:75:98:d4:26:
                    52:47:35:70:32:ad:67:63:17:44:f7:9a:74:31:cf:
                    f0:41:f0:0c:56:b3:d9:b7:e9:e3:86:67:e6:44:bf:
                    ff:23:8b:5a:3f:37:b3:28:57:80:e6:34:06:08:78:
                    e7:ab:04:21:89:dc:38:c4:23:b6:7d:32:32:00:cf:
                    5b:38:10:d7:ec:96:ee:22:ff:6a:5e:65:73:7c:e1:
                    56:09:62:c2:6a:bb:f8:c0:71:d0:9f:e8:0f:b0:9f:
                    9e:53:98:97:2d:ff:01:62:1d:f6:bb:8f:36:72:bb:
                    88:66:f2:81:54:2d:c4:3c:cf:22:0b:d5:db:db:8d:
                    57:44:8c:b7:67:a7:4a:61:a4:31:5b:d7:8b:c5:e9:
                    0a:03:b9:e9:07:5d:de:b9:92:80:cb:e5:1a:46:8c:
                    58:41:0c:e9:67:c1:ac:13:47:2b:ea:1a:0b:ca:fc:
                    60:b0:4d:7a:61:88:0d:c8:7f:40:90:c1:72:da:40:
                    52:e3:54:05:09:30:47:a5:d5:16:f7:a5:ae:3b:db:
                    f0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:9F:C6:1C:D5:77:A1:76:AE:49:F6:13:9A:5E:CC:E7:E0:7F:4B:31
            X509v3 Authority Key Identifier:
                keyid:13:ED:F4:BE:31:3A:E1:C1:BE:69:88:1E:2E:44:47:EF:2B:F0:B1:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-30vjE64cG-aYgeLkRH7yvwsZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/3e6f96-0cf8-4d66-84ba-b41335b00587/1/mp_GHNV3oXauSfYTml7M5-B_SzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/3e6f96-0cf8-4d66-84ba-b41335b00587/1/E-30vjE64cG-aYgeLkRH7yvwsZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.166.0/23
                IPv6:
                  2a09:f540::/31

    Signature Algorithm: sha256WithRSAEncryption
         5c:b8:ed:24:25:bd:d6:ea:48:a8:e2:e0:aa:96:37:b3:c2:cc:
         ef:bf:a0:9a:f8:77:4b:2f:d3:5d:db:77:dd:96:bf:dc:6b:b7:
         eb:6c:77:00:f4:e1:bc:19:aa:64:06:b6:14:0c:7b:8d:10:12:
         cb:c6:8b:a2:83:e3:ee:26:fe:d3:f1:e9:b8:2d:6d:b7:bb:38:
         e7:72:c6:57:f5:91:92:87:21:b2:d1:31:27:38:50:38:b6:8e:
         1a:b6:99:ba:f4:83:38:e5:23:17:90:6f:d7:fe:a4:37:bd:bb:
         5f:fb:54:0e:b7:ab:90:4e:82:16:39:48:d5:be:57:6f:69:ab:
         43:97:75:0b:f0:bc:43:4a:d2:10:ba:5b:c4:df:74:82:fb:3c:
         c8:90:71:42:a0:be:7d:65:a6:37:1f:84:76:69:0c:fc:cf:ee:
         96:19:57:82:95:2d:77:ba:ec:8a:31:3b:de:32:11:42:da:86:
         6e:f4:9f:f5:0a:c0:35:c8:26:9b:70:3b:fd:d5:39:27:59:18:
         88:bd:fe:a5:4e:9b:27:2c:6e:53:0c:41:1e:e3:f6:fa:f9:dd:
         cf:dc:73:db:ae:db:f4:e0:b3:d7:e5:bc:d7:c9:11:da:5a:75:
         09:32:b4:28:f9:db:33:c9:dc:87:5a:5d:75:92:25:64:38:ac:
         e1:4c:73:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkoc4dcp8RibMirTnqLiHmDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWRmNGJlMzEzYWUxYzFiZTY5ODgxZTJlNDQ0N2VmMmJm
MGIxOTYwHhcNMjUwOTA4MDgzMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTlmYzYxY2Q1NzdhMTc2YWU0OWY2MTM5YTVlY2NlN2UwN2Y0YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Eq6R19hVWUn3p3t1djR2/2V7ZI6
AIVuwoBSV/WzXOPRADeop/M5rIp0PHCS+RVTz88akRQidXWY1CZSRzVwMq1nYxdE
95p0Mc/wQfAMVrPZt+njhmfmRL//I4taPzezKFeA5jQGCHjnqwQhidw4xCO2fTIy
AM9bOBDX7JbuIv9qXmVzfOFWCWLCarv4wHHQn+gPsJ+eU5iXLf8BYh32u482cruI
ZvKBVC3EPM8iC9Xb241XRIy3Z6dKYaQxW9eLxekKA7npB13euZKAy+UaRoxYQQzp
Z8GsE0cr6hoLyvxgsE16YYgNyH9AkMFy2kBS41QFCTBHpdUW96WuO9vw3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJqfxhzVd6F2rkn2E5pezOfgf0sxMB8GA1UdIwQY
MBaAFBPt9L4xOuHBvmmIHi5ER+8r8LGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS0zMHZqRTY0Y0ctYVlnZUxrUkg3eXZ3c1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8zZTZmOTYtMGNmOC00ZDY2LTg0YmEt
YjQxMzM1YjAwNTg3LzEvbXBfR0hOVjNvWGF1U2ZZVG1sN001LUJfU3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8zZTZmOTYtMGNmOC00ZDY2LTg0YmEtYjQxMzM1YjAwNTg3
LzEvRS0zMHZqRTY0Y0ctYVlnZUxrUkg3eXZ3c1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBAjumMA0E
AgACMAcDBQEqCfVAMA0GCSqGSIb3DQEBCwUAA4IBAQBcuO0kJb3W6kio4uCqljez
wszvv6Ca+HdLL9Nd23fdlr/ca7frbHcA9OG8GapkBrYUDHuNEBLLxouig+PuJv7T
8em4LW23uzjncsZX9ZGShyGy0TEnOFA4to4atpm69IM45SMXkG/X/qQ3vbtf+1QO
t6uQToIWOUjVvldvaatDl3UL8LxDStIQulvE33SC+zzIkHFCoL59ZaY3H4R2aQz8
z+6WGVeClS13uuyKMTveMhFC2oZu9J/1CsA1yCabcDv91TknWRiIvf6lTpsnLG5T
DEEe4/b6+d3P3HPbrtv04LPX5bzXyRHaWnUJMrQo+dszydyHWl11kiVkOKzhTHOl
-----END CERTIFICATE-----