Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/80c83b-4706-4d16-9f20-7ea0deb830ab/1/MoyUhaJrKyyg7NdI-cgC8UrZDnc.roa
File:                     MoyUhaJrKyyg7NdI-cgC8UrZDnc.roa (raw, json)
Hash identifier:          Blton8K6qNZytZrnFkrDQwMOUJgcucmO6AJ7qz+2/EQ=
Subject key identifier:   32:8C:94:85:A2:6B:2B:2C:A0:EC:D7:48:F9:C8:02:F1:4A:D9:0E:77
Certificate issuer:       /CN=128119ac178e37989036ea29a2c0f4630696cfe8
Certificate serial:       019B797EC214D71A5F75F573DBE2DAE3EC7C
Authority key identifier: 12:81:19:AC:17:8E:37:98:90:36:EA:29:A2:C0:F4:63:06:96:CF:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EoEZrBeON5iQNuoposD0YwaWz-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/80c83b-4706-4d16-9f20-7ea0deb830ab/1/MoyUhaJrKyyg7NdI-cgC8UrZDnc.roa
Signing time:             Thu 01 Jan 2026 12:18:28 +0000
ROA not before:           Thu 01 Jan 2026 12:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203468
IP address blocks:        213.177.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/80c83b-4706-4d16-9f20-7ea0deb830ab/1/EoEZrBeON5iQNuoposD0YwaWz-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/80c83b-4706-4d16-9f20-7ea0deb830ab/1/EoEZrBeON5iQNuoposD0YwaWz-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EoEZrBeON5iQNuoposD0YwaWz-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:c2:14:d7:1a:5f:75:f5:73:db:e2:da:e3:ec:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=128119ac178e37989036ea29a2c0f4630696cfe8
        Validity
            Not Before: Jan  1 12:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=328c9485a26b2b2ca0ecd748f9c802f14ad90e77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6a:c6:a6:29:42:cd:22:74:45:c6:dd:de:3e:
                    e4:7c:b3:c5:93:85:4c:73:27:db:d2:9c:56:7f:b8:
                    f7:82:a4:69:d4:a7:9a:af:d8:bc:83:d1:8c:f0:d1:
                    ac:25:83:b6:79:43:b9:85:dd:9f:6a:14:b2:a6:f5:
                    de:31:44:84:8a:4f:64:71:74:0f:25:8f:04:f1:5b:
                    75:5b:44:db:cf:6a:aa:de:42:22:58:c4:f2:87:68:
                    4c:20:6a:48:0d:6c:8f:27:37:89:6c:cc:7b:dd:50:
                    09:5d:72:c4:87:7f:ce:5d:df:ad:c6:a6:d2:7b:1e:
                    65:42:3e:ff:2e:9b:c4:4e:63:db:b3:3e:a0:bc:1a:
                    1e:23:be:37:9a:9f:07:cc:4d:4f:fb:cf:95:da:57:
                    86:f2:d8:86:a1:c8:33:cb:48:69:92:57:e4:ed:88:
                    30:72:81:e9:84:4b:d1:3d:86:61:e7:58:01:b7:c4:
                    9a:38:26:da:25:c3:5a:00:7f:c4:ff:f1:a6:75:81:
                    ff:2b:9b:b8:15:40:13:e5:97:5e:f6:f3:c5:fa:53:
                    f5:90:ab:c0:c0:d0:e2:82:28:96:bd:b4:6d:a5:bf:
                    31:f5:07:59:51:b9:5b:54:87:2b:a8:2e:b8:68:2a:
                    cd:75:cd:bd:38:d7:f1:db:9f:c7:7b:01:74:37:d5:
                    e1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:8C:94:85:A2:6B:2B:2C:A0:EC:D7:48:F9:C8:02:F1:4A:D9:0E:77
            X509v3 Authority Key Identifier:
                keyid:12:81:19:AC:17:8E:37:98:90:36:EA:29:A2:C0:F4:63:06:96:CF:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EoEZrBeON5iQNuoposD0YwaWz-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/80c83b-4706-4d16-9f20-7ea0deb830ab/1/MoyUhaJrKyyg7NdI-cgC8UrZDnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/80c83b-4706-4d16-9f20-7ea0deb830ab/1/EoEZrBeON5iQNuoposD0YwaWz-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.177.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:9a:08:73:3b:04:b3:a0:27:26:a9:d9:a1:29:de:c0:1b:16:
         fe:b1:e8:9f:75:84:57:69:47:d4:5e:b8:80:d3:72:d5:39:09:
         20:0f:1c:68:24:a0:b1:4b:9a:56:2e:7e:60:37:fc:db:e6:29:
         1c:be:16:e1:5f:f3:aa:42:25:10:64:d8:f2:c7:db:a7:d9:bc:
         67:ee:72:15:8f:a5:51:e3:ba:82:67:3d:12:92:3b:b2:ec:37:
         ac:69:37:bb:e8:a1:2a:4c:5a:fc:d8:54:a5:f6:3e:e5:62:6c:
         5b:e5:33:b3:f4:37:35:7c:f8:5e:46:e0:1d:32:14:56:ed:73:
         ad:56:1d:b9:f4:d3:63:99:f0:f4:08:f7:18:09:68:21:96:3f:
         71:15:a2:69:83:e9:4e:18:31:cc:99:a5:84:b5:19:de:ce:85:
         87:d5:b8:97:17:0b:82:a1:c9:a1:78:62:5e:9b:fa:20:6b:2d:
         52:7c:ac:fb:a6:4e:29:0b:3d:54:0f:a3:de:e6:75:9c:7f:58:
         0d:21:52:fb:38:fc:a9:a8:01:cf:23:a2:46:66:b8:02:a2:36:
         d5:32:8a:f9:d2:5e:e3:27:4a:65:d7:ae:ac:20:b5:4d:1d:ae:
         3a:79:f7:25:b9:f9:5c:48:3f:0e:95:bb:43:32:b0:34:07:f0:
         75:38:63:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fsIU1xpfdfVz2+La4+x8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyODExOWFjMTc4ZTM3OTg5MDM2ZWEyOWEyYzBmNDYzMDY5
NmNmZTgwHhcNMjYwMTAxMTIxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjhjOTQ4NWEyNmIyYjJjYTBlY2Q3NDhmOWM4MDJmMTRhZDkwZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mrGpilCzSJ0Rcbd3j7kfLPFk4VM
cyfb0pxWf7j3gqRp1Kear9i8g9GM8NGsJYO2eUO5hd2fahSypvXeMUSEik9kcXQP
JY8E8Vt1W0Tbz2qq3kIiWMTyh2hMIGpIDWyPJzeJbMx73VAJXXLEh3/OXd+txqbS
ex5lQj7/LpvETmPbsz6gvBoeI743mp8HzE1P+8+V2leG8tiGocgzy0hpklfk7Ygw
coHphEvRPYZh51gBt8SaOCbaJcNaAH/E//GmdYH/K5u4FUAT5Zde9vPF+lP1kKvA
wNDigiiWvbRtpb8x9QdZUblbVIcrqC64aCrNdc29ONfx25/HewF0N9Xh5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKMlIWiayssoOzXSPnIAvFK2Q53MB8GA1UdIwQY
MBaAFBKBGawXjjeYkDbqKaLA9GMGls/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW9FWnJCZU9ONWlRTnVvcG9zRDBZd2FXei1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84MGM4M2ItNDcwNi00ZDE2LTlmMjAt
N2VhMGRlYjgzMGFiLzEvTW95VWhhSnJLeXlnN05kSS1jZ0M4VXJaRG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84MGM4M2ItNDcwNi00ZDE2LTlmMjAtN2VhMGRlYjgzMGFi
LzEvRW9FWnJCZU9ONWlRTnVvcG9zRDBZd2FXei1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bGkMA0G
CSqGSIb3DQEBCwUAA4IBAQBUmghzOwSzoCcmqdmhKd7AGxb+seifdYRXaUfUXriA
03LVOQkgDxxoJKCxS5pWLn5gN/zb5ikcvhbhX/OqQiUQZNjyx9un2bxn7nIVj6VR
47qCZz0Skjuy7DesaTe76KEqTFr82FSl9j7lYmxb5TOz9Dc1fPheRuAdMhRW7XOt
Vh259NNjmfD0CPcYCWghlj9xFaJpg+lOGDHMmaWEtRnezoWH1biXFwuCocmheGJe
m/ogay1SfKz7pk4pCz1UD6Pe5nWcf1gNIVL7OPypqAHPI6JGZrgCojbVMor50l7j
J0pl166sILVNHa46efcluflcSD8OlbtDMrA0B/B1OGN7
-----END CERTIFICATE-----