Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/MamPa9eWXXv16Pq_PQPhm2jANdQ.roa
File:                     MamPa9eWXXv16Pq_PQPhm2jANdQ.roa (raw, json)
Hash identifier:          /Xj0uh4hP5hzI09A/uvBTgwPodoBTxb8R7Jv7s78qJA=
Subject key identifier:   31:A9:8F:6B:D7:96:5D:7B:F5:E8:FA:BF:3D:03:E1:9B:68:C0:35:D4
Certificate issuer:       /CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
Certificate serial:       0198CBB30549F200EDB81977EBF147DB37A7
Authority key identifier: D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/MamPa9eWXXv16Pq_PQPhm2jANdQ.roa
Signing time:             Thu 21 Aug 2025 08:16:03 +0000
ROA not before:           Thu 21 Aug 2025 08:16:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        78.153.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:b3:05:49:f2:00:ed:b8:19:77:eb:f1:47:db:37:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
        Validity
            Not Before: Aug 21 08:16:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31a98f6bd7965d7bf5e8fabf3d03e19b68c035d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:63:ab:d7:b0:54:8c:c8:9b:45:e6:fd:e2:ea:
                    bc:9d:10:89:23:93:f8:b7:75:a1:95:f5:45:a9:05:
                    cc:0d:e6:83:76:f9:fc:91:2e:3a:a5:90:45:bc:81:
                    14:4b:93:79:bd:ed:fe:25:8a:5a:1b:39:a7:fa:0d:
                    59:74:40:c2:9f:63:11:ae:d0:61:5b:e2:54:6a:98:
                    53:45:8d:f7:ee:4b:77:ad:e5:f3:cd:a2:04:52:a9:
                    89:51:aa:cd:a6:1b:4f:3b:97:6d:d9:54:2f:e3:7a:
                    51:fc:be:a2:0e:25:da:f8:5e:65:55:17:ff:24:ac:
                    23:39:9e:1e:96:9f:af:03:fa:67:57:3b:dc:c8:0a:
                    2b:79:29:04:ff:bc:1c:a2:fc:d2:1b:ee:40:85:f2:
                    a8:dd:74:10:ab:8f:07:e3:49:4e:5d:5e:88:b4:f7:
                    1b:1e:dc:d2:07:30:ac:38:6d:7b:9f:54:03:35:12:
                    2c:ed:11:9d:ce:80:ad:7d:4a:10:87:91:69:58:bc:
                    02:22:10:d1:db:00:68:aa:38:19:b7:d1:be:e5:5d:
                    14:f4:d4:45:5a:0a:af:e2:4e:38:bf:ae:85:51:20:
                    52:8d:80:ce:a0:97:e5:c7:b9:0a:69:dc:78:f8:31:
                    8c:96:95:96:13:f0:a9:ed:9b:0a:f1:3e:3d:9c:d0:
                    81:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A9:8F:6B:D7:96:5D:7B:F5:E8:FA:BF:3D:03:E1:9B:68:C0:35:D4
            X509v3 Authority Key Identifier:
                keyid:D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/MamPa9eWXXv16Pq_PQPhm2jANdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         98:b4:6c:3d:a9:3b:65:53:ee:fb:7c:fd:24:6c:18:4c:72:bd:
         fc:3d:b7:eb:e8:58:24:2f:73:a6:1f:6d:8c:71:66:cd:f6:4e:
         bd:e8:f4:e0:62:64:fd:be:67:4b:3b:61:96:fe:aa:fc:c3:65:
         4b:25:d6:32:05:d9:40:9c:ab:bd:0f:30:da:fe:ff:b7:e7:f3:
         4e:f4:7e:c0:d2:d4:8c:a7:27:5b:f2:cc:36:32:9d:b8:2b:68:
         8e:a0:f3:13:ef:74:25:b3:3f:fc:61:f8:da:ab:00:8d:32:af:
         d5:2b:de:81:a9:4f:7d:96:40:bf:39:40:5c:b9:ae:5e:27:f8:
         4a:55:ce:eb:e9:5c:6e:74:16:1d:de:20:d5:aa:28:44:be:fe:
         23:d3:e4:f8:1e:a2:58:a8:bc:8a:36:56:f4:3a:ef:2d:e3:12:
         63:8f:a3:93:94:1d:32:42:9a:28:3c:ed:76:fe:36:4d:63:be:
         17:46:21:4d:5f:ce:8b:c4:d4:b7:ff:cd:c1:3e:6c:93:77:54:
         a1:ee:56:39:4f:2a:c2:a9:11:5a:f7:82:4a:91:4c:3b:2d:a7:
         6e:9b:94:8a:98:8e:9f:08:c1:0a:c4:bc:f4:37:82:68:59:82:
         c4:60:ed:7a:a5:de:a7:99:f6:5b:e3:42:02:8a:9f:cc:12:71:
         d9:45:23:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjLswVJ8gDtuBl36/FH2zenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNzFlYTA2YjFhNzU2Y2JmNDZhZTA0NjQ4NGJiZDNlNGZj
ZTRjYTUwHhcNMjUwODIxMDgxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWE5OGY2YmQ3OTY1ZDdiZjVlOGZhYmYzZDAzZTE5YjY4YzAzNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumOr17BUjMibReb94uq8nRCJI5P4
t3WhlfVFqQXMDeaDdvn8kS46pZBFvIEUS5N5ve3+JYpaGzmn+g1ZdEDCn2MRrtBh
W+JUaphTRY337kt3reXzzaIEUqmJUarNphtPO5dt2VQv43pR/L6iDiXa+F5lVRf/
JKwjOZ4elp+vA/pnVzvcyAoreSkE/7wcovzSG+5AhfKo3XQQq48H40lOXV6ItPcb
HtzSBzCsOG17n1QDNRIs7RGdzoCtfUoQh5FpWLwCIhDR2wBoqjgZt9G+5V0U9NRF
Wgqv4k44v66FUSBSjYDOoJflx7kKadx4+DGMlpWWE/Cp7ZsK8T49nNCBLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGpj2vXll179ej6vz0D4ZtowDXUMB8GA1UdIwQY
MBaAFNJx6gaxp1bL9GrgRkhLvT5PzkylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMt
ZmMzZDVjMjIzMGIyLzEvTWFtUGE5ZVdYWHYxNlBxX1BRUGhtMmpBTmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMtZmMzZDVjMjIzMGIy
LzEvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETplgMA0G
CSqGSIb3DQEBCwUAA4IBAQCYtGw9qTtlU+77fP0kbBhMcr38Pbfr6FgkL3OmH22M
cWbN9k696PTgYmT9vmdLO2GW/qr8w2VLJdYyBdlAnKu9DzDa/v+35/NO9H7A0tSM
pydb8sw2Mp24K2iOoPMT73Qlsz/8YfjaqwCNMq/VK96BqU99lkC/OUBcua5eJ/hK
Vc7r6VxudBYd3iDVqihEvv4j0+T4HqJYqLyKNlb0Ou8t4xJjj6OTlB0yQpooPO12
/jZNY74XRiFNX86LxNS3/83BPmyTd1Sh7lY5TyrCqRFa94JKkUw7Ladum5SKmI6f
CMEKxLz0N4JoWYLEYO16pd6nmfZb40ICip/MEnHZRSOD
-----END CERTIFICATE-----