Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/mccO93c7K5NtlXGtNCpYDCBgqEo.roa
File:                     mccO93c7K5NtlXGtNCpYDCBgqEo.roa (raw, json)
Hash identifier:          DZ0UFzP9xfuYksTTPV2SFmxQJ2jKhIpRMqx1kEHoKiQ=
Subject key identifier:   99:C7:0E:F7:77:3B:2B:93:6D:95:71:AD:34:2A:58:0C:20:60:A8:4A
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019D1B4328AD9DC3465584E83E6802264A16
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/mccO93c7K5NtlXGtNCpYDCBgqEo.roa
Signing time:             Mon 23 Mar 2026 15:14:39 +0000
ROA not before:           Mon 23 Mar 2026 15:14:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395374
IP address blocks:        95.155.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:43:28:ad:9d:c3:46:55:84:e8:3e:68:02:26:4a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Mar 23 15:14:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99c70ef7773b2b936d9571ad342a580c2060a84a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:44:41:2c:86:34:77:42:a9:d3:d3:9f:0c:0c:
                    d9:8a:46:49:33:0c:eb:77:5e:c0:03:06:23:16:2d:
                    cd:dc:45:68:60:85:8e:14:7a:b7:fc:67:07:c8:f9:
                    5f:7c:01:34:a2:78:5d:55:d7:3c:af:d9:31:2c:22:
                    36:da:bf:bb:58:26:6e:0e:3c:ef:16:f9:6d:e0:f4:
                    87:0d:e7:e9:7a:08:b5:80:94:a8:bb:f4:c3:af:5f:
                    b0:41:75:09:ec:86:85:b5:95:c1:a4:a3:17:f8:d9:
                    a1:4d:1c:92:78:46:6d:77:b3:af:bd:49:aa:15:d8:
                    4d:cb:b0:54:8f:21:ba:b8:07:f2:d9:31:3d:00:dd:
                    78:b7:cd:a1:60:17:41:66:2a:7d:c2:51:5c:11:a0:
                    bb:eb:52:27:3d:17:ef:8b:81:62:55:10:a7:49:34:
                    77:80:13:9e:5c:a1:58:a0:44:37:77:c8:ec:ab:6e:
                    fb:a9:44:0e:9d:5e:10:95:6a:15:7e:e1:db:64:94:
                    22:83:a9:3a:61:a5:13:6a:c9:e7:0c:c8:b0:3d:3d:
                    9a:6e:d5:70:6d:13:c1:46:15:69:10:c5:db:9a:cd:
                    15:54:91:14:7d:15:5b:b7:10:95:0a:5e:a4:ca:87:
                    9c:ed:14:1c:1f:a7:f0:d5:e9:c2:58:d9:7c:eb:bf:
                    97:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C7:0E:F7:77:3B:2B:93:6D:95:71:AD:34:2A:58:0C:20:60:A8:4A
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/mccO93c7K5NtlXGtNCpYDCBgqEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.155.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:86:23:7f:43:95:3e:76:33:03:0f:a8:75:ff:3f:c9:8b:ed:
         26:6c:df:9b:05:ee:38:b9:0f:77:31:a6:1a:25:4e:54:27:cc:
         c0:a4:9c:e8:48:4e:a6:53:59:d8:49:2b:cb:7f:fc:fe:c6:10:
         7f:10:cb:9a:53:b2:51:7b:c3:9a:38:cf:99:26:3c:d2:b0:37:
         9f:18:1a:a1:df:59:2e:23:9d:28:39:f7:cf:b0:12:1a:27:39:
         da:67:e5:0f:8a:3e:e3:ec:5d:06:b0:d8:40:48:9d:0f:06:3b:
         d4:29:4b:e8:c8:cf:31:93:70:d5:58:c3:16:ff:c2:41:43:76:
         eb:81:f2:6f:e5:2f:55:e1:06:d4:ed:0b:45:af:ca:ba:c7:72:
         e9:58:d0:62:97:e7:c8:0e:d2:1f:af:67:d7:9f:d1:88:be:5e:
         80:98:55:13:b3:e3:e8:2f:6d:63:1d:2f:46:61:eb:d9:9d:be:
         3f:6c:8b:35:c0:ac:86:5d:10:7c:77:98:e7:74:5e:7b:96:2a:
         52:8a:58:d2:87:27:56:a2:5c:99:17:15:a3:b9:37:0a:bb:ff:
         44:97:92:39:c8:f7:ab:e5:72:91:71:e1:20:98:61:e0:b0:20:
         b0:49:2d:97:51:a8:fc:ee:82:51:6d:a3:b5:81:89:ca:27:26:
         07:15:fe:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bQyitncNGVYToPmgCJkoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjYwMzIzMTUxNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWM3MGVmNzc3M2IyYjkzNmQ5NTcxYWQzNDJhNTgwYzIwNjBhODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30RBLIY0d0Kp09OfDAzZikZJMwzr
d17AAwYjFi3N3EVoYIWOFHq3/GcHyPlffAE0onhdVdc8r9kxLCI22r+7WCZuDjzv
Fvlt4PSHDefpegi1gJSou/TDr1+wQXUJ7IaFtZXBpKMX+NmhTRySeEZtd7OvvUmq
FdhNy7BUjyG6uAfy2TE9AN14t82hYBdBZip9wlFcEaC761InPRfvi4FiVRCnSTR3
gBOeXKFYoEQ3d8jsq277qUQOnV4QlWoVfuHbZJQig6k6YaUTasnnDMiwPT2abtVw
bRPBRhVpEMXbms0VVJEUfRVbtxCVCl6kyoec7RQcH6fw1enCWNl867+X6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnHDvd3OyuTbZVxrTQqWAwgYKhKMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvbWNjTzkzYzdLNU50bFhHdE5DcFlEQ0JncUVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX5uMMA0G
CSqGSIb3DQEBCwUAA4IBAQBwhiN/Q5U+djMDD6h1/z/Ji+0mbN+bBe44uQ93MaYa
JU5UJ8zApJzoSE6mU1nYSSvLf/z+xhB/EMuaU7JRe8OaOM+ZJjzSsDefGBqh31ku
I50oOffPsBIaJznaZ+UPij7j7F0GsNhASJ0PBjvUKUvoyM8xk3DVWMMW/8JBQ3br
gfJv5S9V4QbU7QtFr8q6x3LpWNBil+fIDtIfr2fXn9GIvl6AmFUTs+PoL21jHS9G
YevZnb4/bIs1wKyGXRB8d5jndF57lipSiljShydWolyZFxWjuTcKu/9El5I5yPer
5XKRceEgmGHgsCCwSS2XUaj87oJRbaO1gYnKJyYHFf4B
-----END CERTIFICATE-----