Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/MgObQ10wwnTwMpDOp8O8ZUg1GzY.roa
File:                     MgObQ10wwnTwMpDOp8O8ZUg1GzY.roa (raw, json)
Hash identifier:          zFtBDJVKy0069qgd24TCedcTigM24qIyeHl/OMqiw7g=
Subject key identifier:   32:03:9B:43:5D:30:C2:74:F0:32:90:CE:A7:C3:BC:65:48:35:1B:36
Certificate issuer:       /CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
Certificate serial:       019A49D230D1D4E25029728A713365F82E14
Authority key identifier: 23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/MgObQ10wwnTwMpDOp8O8ZUg1GzY.roa
Signing time:             Mon 03 Nov 2025 13:05:03 +0000
ROA not before:           Mon 03 Nov 2025 13:05:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60647
IP address blocks:        45.15.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:d2:30:d1:d4:e2:50:29:72:8a:71:33:65:f8:2e:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
        Validity
            Not Before: Nov  3 13:05:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32039b435d30c274f03290cea7c3bc6548351b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:90:79:01:d4:db:7e:bf:be:d1:80:9c:fb:5e:
                    c7:6a:e0:dc:a7:d7:d1:dc:bf:00:fe:c8:f3:cc:21:
                    8b:02:49:e1:34:2c:89:64:1a:99:56:99:b5:97:ed:
                    45:d3:0f:72:9d:97:e2:9a:13:cb:61:eb:b6:ea:ee:
                    32:5e:08:85:5d:e8:10:aa:29:c0:ee:79:39:e8:c8:
                    54:f6:56:db:0c:59:a4:99:46:98:2f:50:be:91:7a:
                    7a:67:e6:59:9f:56:88:f2:6d:32:60:74:e7:bc:1c:
                    59:43:1d:64:e3:04:86:08:b2:69:11:14:2f:00:eb:
                    b3:a8:d6:be:63:3e:ba:8c:63:51:51:39:3c:fb:bc:
                    8e:31:6e:d9:b2:e6:df:df:64:97:50:5a:85:86:0f:
                    c5:2b:e3:be:0e:7f:36:9a:b9:19:da:f4:f8:45:37:
                    2b:70:23:59:0d:85:df:81:c4:80:76:c9:5a:5c:ca:
                    44:89:dd:1d:0b:90:73:35:c5:64:96:b8:d1:db:ac:
                    be:8f:c3:82:df:f3:31:4e:94:f5:0b:7e:a2:51:ea:
                    33:69:08:b4:bf:23:f8:2f:45:58:89:9c:2c:42:28:
                    57:ba:b3:39:39:d3:13:8b:40:24:f3:cf:0d:53:9b:
                    57:0c:bc:dd:f3:6b:03:51:1a:da:e1:0f:66:aa:99:
                    4a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:03:9B:43:5D:30:C2:74:F0:32:90:CE:A7:C3:BC:65:48:35:1B:36
            X509v3 Authority Key Identifier:
                keyid:23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/MgObQ10wwnTwMpDOp8O8ZUg1GzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:c7:ab:3e:1a:4b:d9:44:a4:1b:cf:f7:ed:87:5d:7f:e9:eb:
         e6:70:b4:b2:75:25:a4:1d:09:5a:d7:54:5e:2b:b1:dc:c3:ee:
         12:be:43:be:22:ec:69:b5:93:87:31:57:41:ce:37:76:23:4e:
         b7:3f:46:61:26:45:c7:8a:8e:f2:4c:57:1d:2b:f5:7c:19:32:
         bb:8d:a6:c5:b5:1b:e8:7f:60:58:71:57:26:11:8e:81:c6:76:
         cb:ed:cf:2a:db:04:a6:2b:81:6a:f4:43:be:f8:f5:43:9b:49:
         58:13:00:d3:8d:24:e7:f6:d8:1b:f3:8f:7b:4f:a5:c0:36:3d:
         2d:0a:47:69:d0:a9:5c:c4:21:c6:64:cd:ff:e8:50:3a:2c:82:
         53:e0:51:53:99:fa:d7:89:5a:dc:15:d9:58:dd:e5:64:c7:a0:
         91:03:7a:b8:6e:02:21:2b:00:c6:10:2e:fa:ce:82:41:39:f7:
         37:79:7b:93:b8:b1:3a:cb:32:07:7d:b4:85:0f:77:f9:d1:32:
         a1:fe:95:42:6a:3d:06:73:b6:ec:0e:7f:d7:8e:a7:a2:57:74:
         51:19:70:65:57:ba:5c:9f:5a:6d:ad:6c:6c:f5:50:cd:e6:61:
         14:f5:06:63:85:43:88:57:cf:16:92:9d:ad:0b:fd:a7:4b:32:
         54:99:ad:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpJ0jDR1OJQKXKKcTNl+C4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzI5Y2IzYWJlNGU5NDBjZmM2MmEyMGUyYTZlMmMyOGZj
MjgzMjkwHhcNMjUxMTAzMTMwNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjAzOWI0MzVkMzBjMjc0ZjAzMjkwY2VhN2MzYmM2NTQ4MzUxYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JB5AdTbfr++0YCc+17HauDcp9fR
3L8A/sjzzCGLAknhNCyJZBqZVpm1l+1F0w9ynZfimhPLYeu26u4yXgiFXegQqinA
7nk56MhU9lbbDFmkmUaYL1C+kXp6Z+ZZn1aI8m0yYHTnvBxZQx1k4wSGCLJpERQv
AOuzqNa+Yz66jGNRUTk8+7yOMW7Zsubf32SXUFqFhg/FK+O+Dn82mrkZ2vT4RTcr
cCNZDYXfgcSAdslaXMpEid0dC5BzNcVklrjR26y+j8OC3/MxTpT1C36iUeozaQi0
vyP4L0VYiZwsQihXurM5OdMTi0Ak888NU5tXDLzd82sDURra4Q9mqplK5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIDm0NdMMJ08DKQzqfDvGVINRs2MB8GA1UdIwQY
MBaAFCMynLOr5OlAz8YqIOKm4sKPwoMpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTIt
NTE4ZjJjOGY4NDZiLzEvTWdPYlExMHd3blR3TXBET3A4TzhaVWcxR3pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTItNTE4ZjJjOGY4NDZi
LzEvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ8pMA0G
CSqGSIb3DQEBCwUAA4IBAQCsx6s+GkvZRKQbz/fth11/6evmcLSydSWkHQla11Re
K7Hcw+4SvkO+IuxptZOHMVdBzjd2I063P0ZhJkXHio7yTFcdK/V8GTK7jabFtRvo
f2BYcVcmEY6BxnbL7c8q2wSmK4Fq9EO++PVDm0lYEwDTjSTn9tgb8497T6XANj0t
Ckdp0KlcxCHGZM3/6FA6LIJT4FFTmfrXiVrcFdlY3eVkx6CRA3q4bgIhKwDGEC76
zoJBOfc3eXuTuLE6yzIHfbSFD3f50TKh/pVCaj0Gc7bsDn/XjqeiV3RRGXBlV7pc
n1ptrWxs9VDN5mEU9QZjhUOIV88Wkp2tC/2nSzJUma11
-----END CERTIFICATE-----