Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/MJcW6n1Zw1cRRMx2JJssh0n88wc.roa
File:                     MJcW6n1Zw1cRRMx2JJssh0n88wc.roa (raw, json)
Hash identifier:          QN4N1PiinIR/Q61/ddeIuput+O1bvBdzX6LykJe6OpU=
Subject key identifier:   30:97:16:EA:7D:59:C3:57:11:44:CC:76:24:9B:2C:87:49:FC:F3:07
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019D7C60043E2331BD52A0A510516F4BC42F
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/MJcW6n1Zw1cRRMx2JJssh0n88wc.roa
Signing time:             Sat 11 Apr 2026 11:49:20 +0000
ROA not before:           Sat 11 Apr 2026 11:49:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        45.12.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7c:60:04:3e:23:31:bd:52:a0:a5:10:51:6f:4b:c4:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Apr 11 11:49:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=309716ea7d59c3571144cc76249b2c8749fcf307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:69:d4:74:8d:bc:83:7b:61:f2:cc:82:58:b4:
                    a5:5e:3f:67:32:48:b4:ed:3c:eb:8c:51:a8:39:f6:
                    d6:11:31:18:13:7f:ac:1d:a5:4f:17:2b:15:14:08:
                    7e:be:88:ef:02:c9:d4:31:63:24:aa:fb:cf:09:c5:
                    03:20:d3:22:06:dc:91:2b:84:45:3a:68:77:ce:7a:
                    73:0c:ce:f5:87:10:c3:54:47:a7:ef:5c:fb:51:63:
                    be:ea:99:db:fa:60:f3:8a:c6:e7:ff:cc:c2:1c:62:
                    25:73:c9:14:9b:c7:7c:c6:a1:7d:ff:1f:99:0f:25:
                    51:28:d7:5e:2a:df:fe:76:41:4b:3d:bd:db:9c:54:
                    ff:08:54:0b:b1:fe:41:dd:eb:0a:80:19:78:be:39:
                    71:6e:8b:c6:36:aa:41:17:35:9b:47:33:0e:ef:f8:
                    b2:2a:39:b4:af:a5:54:93:90:ba:a9:cd:0d:ae:20:
                    65:31:c6:6e:01:31:98:8b:01:6a:aa:2c:c1:ac:c8:
                    4f:7e:59:b2:5d:f3:df:f1:6e:23:b6:12:82:e5:f5:
                    d7:f6:2c:d1:ec:e1:44:d4:0f:3d:c5:2f:5c:9c:aa:
                    24:43:7c:9f:92:46:ae:9f:3f:ee:00:e2:1d:14:26:
                    76:91:05:de:33:fc:7d:48:d0:b0:7e:d2:c4:89:f0:
                    0e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:97:16:EA:7D:59:C3:57:11:44:CC:76:24:9B:2C:87:49:FC:F3:07
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/MJcW6n1Zw1cRRMx2JJssh0n88wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a1:76:9e:b9:ff:dd:50:76:43:be:a3:11:90:cc:34:27:7b:
         bd:a4:f9:a4:d0:a8:f1:e2:62:d3:76:3c:66:f5:35:63:01:ec:
         9e:d9:3a:36:ae:0c:cf:9d:10:23:55:41:43:a3:a0:09:c3:5d:
         cd:31:5e:79:be:f9:9f:f4:8a:3a:e6:1d:1a:3e:43:d2:49:a7:
         6f:27:53:14:e2:55:09:c6:76:a9:6f:dd:0c:f4:89:d8:6e:40:
         9a:2f:de:5f:7f:66:a3:ea:fd:8a:56:3b:63:22:45:8d:c1:96:
         dc:1b:7e:dc:6b:b5:e0:65:db:7b:6c:eb:7b:7d:cd:cd:9d:c4:
         79:de:4d:e1:d8:1e:b9:c7:a5:82:f5:b5:2b:ed:5f:6c:8a:0b:
         46:6a:23:5d:44:a0:3b:8e:f5:ae:a6:ac:a5:1f:43:bf:93:ee:
         9a:ac:34:ee:ef:79:8c:9d:b9:79:4f:d5:24:65:70:32:f4:ea:
         eb:89:cc:cb:db:5a:ff:71:9c:7e:63:ec:32:55:b1:c1:8a:84:
         da:4a:f3:62:5e:58:a1:9e:2c:39:8f:16:bd:1e:c4:ab:dd:ad:
         5f:50:60:1a:75:aa:c6:c3:42:2e:fe:f1:36:1b:70:5b:b6:82:
         85:62:89:55:b1:af:da:29:66:c5:ab:5e:0a:56:3a:95:e3:6a:
         81:8b:5a:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ18YAQ+IzG9UqClEFFvS8QvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwNDExMTE0OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk3MTZlYTdkNTljMzU3MTE0NGNjNzYyNDliMmM4NzQ5ZmNmMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWnUdI28g3th8syCWLSlXj9nMki0
7TzrjFGoOfbWETEYE3+sHaVPFysVFAh+vojvAsnUMWMkqvvPCcUDINMiBtyRK4RF
Omh3znpzDM71hxDDVEen71z7UWO+6pnb+mDzisbn/8zCHGIlc8kUm8d8xqF9/x+Z
DyVRKNdeKt/+dkFLPb3bnFT/CFQLsf5B3esKgBl4vjlxbovGNqpBFzWbRzMO7/iy
Kjm0r6VUk5C6qc0NriBlMcZuATGYiwFqqizBrMhPflmyXfPf8W4jthKC5fXX9izR
7OFE1A89xS9cnKokQ3yfkkaunz/uAOIdFCZ2kQXeM/x9SNCwftLEifAO+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCXFup9WcNXEUTMdiSbLIdJ/PMHMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvTUpjVzZuMVp3MWNSUk14MkpKc3NoMG44OHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQzZMA0G
CSqGSIb3DQEBCwUAA4IBAQBOoXaeuf/dUHZDvqMRkMw0J3u9pPmk0Kjx4mLTdjxm
9TVjAeye2To2rgzPnRAjVUFDo6AJw13NMV55vvmf9Io65h0aPkPSSadvJ1MU4lUJ
xnapb90M9InYbkCaL95ff2aj6v2KVjtjIkWNwZbcG37ca7XgZdt7bOt7fc3NncR5
3k3h2B65x6WC9bUr7V9sigtGaiNdRKA7jvWupqylH0O/k+6arDTu73mMnbl5T9Uk
ZXAy9OrriczL21r/cZx+Y+wyVbHBioTaSvNiXlihniw5jxa9HsSr3a1fUGAadarG
w0Iu/vE2G3BbtoKFYolVsa/aKWbFq14KVjqV42qBi1rR
-----END CERTIFICATE-----