Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/fe95da-c95e-4829-9e05-aa9b873d7f96/1/mbfy7L8D_2UAGm_dalRDD5X5-5k.roa
File:                     mbfy7L8D_2UAGm_dalRDD5X5-5k.roa (raw, json)
Hash identifier:          QA1iyiTc+hx3IttbGaQYktAkhZefaHnHg6PgY6o1wcw=
Subject key identifier:   99:B7:F2:EC:BF:03:FF:65:00:1A:6F:DD:6A:54:43:0F:95:F9:FB:99
Certificate issuer:       /CN=4a70e1bc8eedd9478610b1aff0930f40347526e5
Certificate serial:       019EADB5C6DF07F05CFFA70E351A83D6A9DF
Authority key identifier: 4A:70:E1:BC:8E:ED:D9:47:86:10:B1:AF:F0:93:0F:40:34:75:26:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SnDhvI7t2UeGELGv8JMPQDR1JuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/fe95da-c95e-4829-9e05-aa9b873d7f96/1/mbfy7L8D_2UAGm_dalRDD5X5-5k.roa
Signing time:             Tue 09 Jun 2026 18:47:11 +0000
ROA not before:           Tue 09 Jun 2026 18:47:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200677
IP address blocks:        2001:678:888::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/fe95da-c95e-4829-9e05-aa9b873d7f96/1/SnDhvI7t2UeGELGv8JMPQDR1JuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/fe95da-c95e-4829-9e05-aa9b873d7f96/1/SnDhvI7t2UeGELGv8JMPQDR1JuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SnDhvI7t2UeGELGv8JMPQDR1JuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:b5:c6:df:07:f0:5c:ff:a7:0e:35:1a:83:d6:a9:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a70e1bc8eedd9478610b1aff0930f40347526e5
        Validity
            Not Before: Jun  9 18:47:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99b7f2ecbf03ff65001a6fdd6a54430f95f9fb99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:56:10:39:50:ce:8c:9c:e3:9c:b2:55:f3:45:
                    cb:a8:50:70:34:87:83:6a:03:38:b5:c6:c7:ab:27:
                    8e:0f:23:70:58:3e:96:94:18:ae:86:8c:4a:44:d3:
                    14:fb:b3:dc:34:bc:e6:2b:7e:b7:d4:30:78:64:66:
                    83:e3:67:b8:0c:e5:47:71:9a:cf:f7:7c:ec:92:d4:
                    b9:98:a5:ab:3b:06:46:27:08:d7:5f:e6:26:3d:8e:
                    6d:8d:8a:10:06:ed:7f:f5:a9:d6:2c:95:51:61:d3:
                    aa:ab:e3:e5:e3:a7:4a:86:1b:44:17:85:60:c0:cd:
                    d2:21:e9:e6:0a:fe:53:3a:1a:c1:79:0b:c3:1c:6a:
                    fd:6c:5c:98:29:f6:fc:d6:91:b2:fa:27:1d:c8:2c:
                    d7:a8:5e:5f:65:fc:7e:2d:ec:91:3a:4d:7a:6a:8c:
                    7a:e0:9a:67:3e:3b:b2:69:cd:fe:02:fc:16:a0:b8:
                    d9:30:e2:10:08:60:66:7d:0f:8f:ca:9b:4d:c7:9a:
                    47:c9:86:c4:ed:75:86:62:89:1d:65:21:36:d4:4d:
                    79:9f:49:6a:87:3d:a6:83:1f:6d:71:61:ba:08:01:
                    d2:65:62:d2:27:9f:23:ef:38:34:91:ce:ef:9c:27:
                    5f:ca:f2:54:5d:93:5f:1c:26:85:12:22:b4:bf:09:
                    ae:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:B7:F2:EC:BF:03:FF:65:00:1A:6F:DD:6A:54:43:0F:95:F9:FB:99
            X509v3 Authority Key Identifier:
                keyid:4A:70:E1:BC:8E:ED:D9:47:86:10:B1:AF:F0:93:0F:40:34:75:26:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SnDhvI7t2UeGELGv8JMPQDR1JuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/fe95da-c95e-4829-9e05-aa9b873d7f96/1/mbfy7L8D_2UAGm_dalRDD5X5-5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/fe95da-c95e-4829-9e05-aa9b873d7f96/1/SnDhvI7t2UeGELGv8JMPQDR1JuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:888::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:e7:0f:d2:92:aa:14:f6:49:22:af:eb:b1:10:c5:99:b9:ae:
         54:9d:3b:40:0f:e3:38:45:8d:fa:67:4a:60:d5:f6:7f:4f:a4:
         88:86:13:04:eb:60:4f:97:ab:9c:24:ed:d0:02:55:80:a3:00:
         c4:f5:83:28:e2:42:e3:dd:e9:80:72:97:b2:25:e3:3b:db:63:
         6d:36:f0:be:7c:65:e4:a0:49:4e:97:82:de:8e:9f:c4:00:8f:
         9e:d0:8d:a8:34:9d:d7:be:9d:ea:2c:84:0c:e1:7e:ae:14:8f:
         a7:9a:4f:ea:fa:b0:1b:08:b1:c1:27:7b:b0:c0:ec:1e:de:52:
         c1:f3:55:43:dd:54:fd:43:d5:c5:cb:dd:5e:f1:50:c4:86:cd:
         95:a2:9f:c4:f7:7a:2f:00:eb:6d:fa:51:c6:6d:03:83:65:7a:
         a3:be:a0:81:08:a5:19:f1:fa:6b:b9:61:59:71:a3:84:76:f7:
         08:6b:65:e8:06:be:88:5e:55:13:63:da:8d:5c:83:e6:d1:d0:
         df:91:50:9e:1e:40:0d:38:74:a3:f7:62:23:d1:83:fe:d7:51:
         29:46:be:40:6f:44:2d:40:5c:4d:0c:6f:7c:03:ca:a5:ea:cc:
         55:e4:c5:22:41:0c:a8:6f:f3:61:8f:ea:f3:14:57:a9:4c:3c:
         5e:1e:84:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6ttcbfB/Bc/6cONRqD1qnfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNzBlMWJjOGVlZGQ5NDc4NjEwYjFhZmYwOTMwZjQwMzQ3
NTI2ZTUwHhcNMjYwNjA5MTg0NzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWI3ZjJlY2JmMDNmZjY1MDAxYTZmZGQ2YTU0NDMwZjk1ZjlmYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VYQOVDOjJzjnLJV80XLqFBwNIeD
agM4tcbHqyeODyNwWD6WlBiuhoxKRNMU+7PcNLzmK3631DB4ZGaD42e4DOVHcZrP
93zsktS5mKWrOwZGJwjXX+YmPY5tjYoQBu1/9anWLJVRYdOqq+Pl46dKhhtEF4Vg
wM3SIenmCv5TOhrBeQvDHGr9bFyYKfb81pGy+icdyCzXqF5fZfx+LeyROk16aox6
4JpnPjuyac3+AvwWoLjZMOIQCGBmfQ+PyptNx5pHyYbE7XWGYokdZSE21E15n0lq
hz2mgx9tcWG6CAHSZWLSJ58j7zg0kc7vnCdfyvJUXZNfHCaFEiK0vwmucwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJm38uy/A/9lABpv3WpUQw+V+fuZMB8GA1UdIwQY
MBaAFEpw4byO7dlHhhCxr/CTD0A0dSblMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU25EaHZJN3QyVWVHRUxHdjhKTVBRRFIxSnVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9mZTk1ZGEtYzk1ZS00ODI5LTllMDUt
YWE5Yjg3M2Q3Zjk2LzEvbWJmeTdMOERfMlVBR21fZGFsUkRENVg1LTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9mZTk1ZGEtYzk1ZS00ODI5LTllMDUtYWE5Yjg3M2Q3Zjk2
LzEvU25EaHZJN3QyVWVHRUxHdjhKTVBRRFIxSnVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAiI
MA0GCSqGSIb3DQEBCwUAA4IBAQBs5w/SkqoU9kkir+uxEMWZua5UnTtAD+M4RY36
Z0pg1fZ/T6SIhhME62BPl6ucJO3QAlWAowDE9YMo4kLj3emAcpeyJeM722NtNvC+
fGXkoElOl4Lejp/EAI+e0I2oNJ3Xvp3qLIQM4X6uFI+nmk/q+rAbCLHBJ3uwwOwe
3lLB81VD3VT9Q9XFy91e8VDEhs2Vop/E93ovAOtt+lHGbQODZXqjvqCBCKUZ8fpr
uWFZcaOEdvcIa2XoBr6IXlUTY9qNXIPm0dDfkVCeHkANOHSj92Ij0YP+11EpRr5A
b0QtQFxNDG98A8ql6sxV5MUiQQyob/Nhj+rzFFepTDxeHoTS
-----END CERTIFICATE-----