Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/MZcfdzTOpWJ3MfFqG_gNe9z5FH8.roa
File:                     MZcfdzTOpWJ3MfFqG_gNe9z5FH8.roa (raw, json)
Hash identifier:          /+LVeCTzovnE1dFlylZhcgPddt+72yaMeunsLjeiWGc=
Subject key identifier:   31:97:1F:77:34:CE:A5:62:77:31:F1:6A:1B:F8:0D:7B:DC:F9:14:7F
Certificate issuer:       /CN=af6eaeff123ca67446d0e49401e495057078e174
Certificate serial:       01987F71C6ADF78EB4FEAC683A013894D871
Authority key identifier: AF:6E:AE:FF:12:3C:A6:74:46:D0:E4:94:01:E4:95:05:70:78:E1:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/MZcfdzTOpWJ3MfFqG_gNe9z5FH8.roa
Signing time:             Wed 06 Aug 2025 12:53:39 +0000
ROA not before:           Wed 06 Aug 2025 12:53:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202851
IP address blocks:        185.172.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 18:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:71:c6:ad:f7:8e:b4:fe:ac:68:3a:01:38:94:d8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af6eaeff123ca67446d0e49401e495057078e174
        Validity
            Not Before: Aug  6 12:53:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31971f7734cea5627731f16a1bf80d7bdcf9147f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a0:c8:18:76:4c:5f:c9:9a:72:c2:36:5b:80:
                    6c:49:ae:3a:58:ec:b4:d3:bc:74:79:0f:e2:b4:3d:
                    a3:e3:0a:20:c1:ef:cf:a5:cf:60:42:fd:63:57:86:
                    fb:7f:b2:2e:c4:95:a9:aa:33:1f:5b:c3:e3:51:df:
                    d8:18:7e:b0:06:36:ec:74:68:6e:a6:92:27:d3:b3:
                    9a:3f:57:c1:27:66:bf:ab:8b:37:dc:3f:d4:68:96:
                    84:e8:69:22:72:ec:bf:2d:66:5a:f3:8b:df:5b:ff:
                    2a:a6:67:3b:c7:ac:93:78:7f:c2:9e:b4:6a:04:1a:
                    d6:9f:b2:fe:04:90:47:bc:3f:58:57:20:d0:81:5b:
                    ef:c2:6c:05:e1:b0:d1:46:8e:76:f0:3a:b0:9b:8b:
                    24:4f:fd:5f:bb:37:70:71:71:60:a1:00:f1:bf:4b:
                    29:56:8e:83:03:7b:55:91:e6:8d:28:ba:b6:8e:79:
                    ee:7a:8e:b8:19:66:c7:5f:a9:fd:49:f5:d2:90:36:
                    e2:31:b9:23:d1:32:2a:a9:84:53:a2:2d:bf:f8:13:
                    75:09:5c:87:19:17:c5:fb:ea:a4:fe:69:eb:ac:16:
                    25:a5:4c:50:e5:96:1f:f2:5a:35:c7:e4:4a:83:f7:
                    cf:6e:e3:06:a2:3e:11:90:6a:df:7d:4d:c5:1b:50:
                    3c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:97:1F:77:34:CE:A5:62:77:31:F1:6A:1B:F8:0D:7B:DC:F9:14:7F
            X509v3 Authority Key Identifier:
                keyid:AF:6E:AE:FF:12:3C:A6:74:46:D0:E4:94:01:E4:95:05:70:78:E1:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/MZcfdzTOpWJ3MfFqG_gNe9z5FH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:8b:b6:b4:67:e2:bd:1f:4d:80:fd:2c:aa:b3:37:2a:53:6f:
         e1:a5:6a:4c:bc:bf:e4:c0:1f:1c:25:5c:ce:e1:f4:d2:93:09:
         a9:78:d0:48:35:47:4c:08:80:f3:b1:95:09:72:15:bf:c5:76:
         3c:bd:62:54:4e:d4:48:a7:4d:ad:c9:b1:be:f1:1f:f1:d2:84:
         8b:80:ce:7e:60:ff:10:23:71:c4:c1:4e:c3:7e:ce:01:83:45:
         89:2d:5f:38:7c:ad:c6:57:9a:06:8b:19:64:53:52:0d:75:c3:
         55:f8:02:ea:99:52:aa:ac:ef:d3:40:86:8e:cc:51:71:5f:04:
         98:13:5c:18:bb:6b:00:e0:e6:9f:ad:81:f2:0a:b2:d0:5a:4a:
         8d:aa:9c:b5:48:1e:45:17:27:9b:80:5d:58:f7:1a:37:1e:0d:
         cb:34:54:33:28:73:97:c6:1c:22:a8:f8:ee:c7:98:fb:66:57:
         a8:1e:49:e0:03:3d:48:9a:51:86:cc:58:1e:ad:43:74:86:05:
         16:13:f1:34:dd:27:69:a7:ca:35:d7:20:83:7c:fa:d9:6b:77:
         71:26:99:1a:c7:fa:2a:b4:f1:62:95:e0:84:ae:03:dc:e6:6e:
         13:80:ce:e1:0e:b7:a1:dc:84:af:b1:5c:bd:85:23:18:99:54:
         5e:2d:f1:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/ccat9460/qxoOgE4lNhxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNmVhZWZmMTIzY2E2NzQ0NmQwZTQ5NDAxZTQ5NTA1NzA3
OGUxNzQwHhcNMjUwODA2MTI1MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTk3MWY3NzM0Y2VhNTYyNzczMWYxNmExYmY4MGQ3YmRjZjkxNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKDIGHZMX8macsI2W4BsSa46WOy0
07x0eQ/itD2j4wogwe/Ppc9gQv1jV4b7f7IuxJWpqjMfW8PjUd/YGH6wBjbsdGhu
ppIn07OaP1fBJ2a/q4s33D/UaJaE6Gkicuy/LWZa84vfW/8qpmc7x6yTeH/CnrRq
BBrWn7L+BJBHvD9YVyDQgVvvwmwF4bDRRo528Dqwm4skT/1fuzdwcXFgoQDxv0sp
Vo6DA3tVkeaNKLq2jnnueo64GWbHX6n9SfXSkDbiMbkj0TIqqYRToi2/+BN1CVyH
GRfF++qk/mnrrBYlpUxQ5ZYf8lo1x+RKg/fPbuMGoj4RkGrffU3FG1A8pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGXH3c0zqVidzHxahv4DXvc+RR/MB8GA1UdIwQY
MBaAFK9urv8SPKZ0RtDklAHklQVweOF0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjI2dV94SThwblJHME9TVUFlU1ZCWEI0NFhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83MDAxNjQtODlkMS00MDRmLWFmMzUt
NGVmNDdmYzRiZDdmLzEvTVpjZmR6VE9wV0ozTWZGcUdfZ05lOXo1Rkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83MDAxNjQtODlkMS00MDRmLWFmMzUtNGVmNDdmYzRiZDdm
LzEvcjI2dV94SThwblJHME9TVUFlU1ZCWEI0NFhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuax8MA0G
CSqGSIb3DQEBCwUAA4IBAQAAi7a0Z+K9H02A/SyqszcqU2/hpWpMvL/kwB8cJVzO
4fTSkwmpeNBINUdMCIDzsZUJchW/xXY8vWJUTtRIp02tybG+8R/x0oSLgM5+YP8Q
I3HEwU7Dfs4Bg0WJLV84fK3GV5oGixlkU1INdcNV+ALqmVKqrO/TQIaOzFFxXwSY
E1wYu2sA4OafrYHyCrLQWkqNqpy1SB5FFyebgF1Y9xo3Hg3LNFQzKHOXxhwiqPju
x5j7ZleoHkngAz1ImlGGzFgerUN0hgUWE/E03Sdpp8o11yCDfPrZa3dxJpkax/oq
tPFileCErgPc5m4TgM7hDreh3ISvsVy9hSMYmVReLfFc
-----END CERTIFICATE-----