Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/mj78j7-0AeevMahy3Oa3oEUR37o.roa
File:                     mj78j7-0AeevMahy3Oa3oEUR37o.roa (raw, json)
Hash identifier:          GV37V8PynELJMOdG95g3RGrNY37XlDLhQkTKeFw+n+A=
Subject key identifier:   9A:3E:FC:8F:BF:B4:01:E7:AF:31:A8:72:DC:E6:B7:A0:45:11:DF:BA
Certificate issuer:       /CN=ba8861e17ebed57950ff32c7b377fc430413dbe4
Certificate serial:       019818926CE01E287150FDA5E0184AC4A7A8
Authority key identifier: BA:88:61:E1:7E:BE:D5:79:50:FF:32:C7:B3:77:FC:43:04:13:DB:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/mj78j7-0AeevMahy3Oa3oEUR37o.roa
Signing time:             Thu 17 Jul 2025 13:28:25 +0000
ROA not before:           Thu 17 Jul 2025 13:28:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.164.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:92:6c:e0:1e:28:71:50:fd:a5:e0:18:4a:c4:a7:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba8861e17ebed57950ff32c7b377fc430413dbe4
        Validity
            Not Before: Jul 17 13:28:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a3efc8fbfb401e7af31a872dce6b7a04511dfba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7d:ed:76:89:bc:65:21:da:c2:b3:0a:b3:54:
                    14:76:be:c9:ab:11:3d:5a:1c:69:35:ad:c8:16:c6:
                    d5:59:b7:c4:f2:3f:8f:c2:34:87:5b:1a:97:4d:28:
                    54:56:b2:ae:94:cc:1b:3f:6d:1f:33:8f:60:b3:0a:
                    14:92:26:88:17:40:b0:4e:b2:59:48:41:75:f2:e3:
                    b1:9f:aa:67:2c:93:21:14:17:ce:97:c4:c3:94:c2:
                    e6:c4:00:64:18:09:2e:45:33:97:07:e0:07:ea:f4:
                    da:a4:0c:25:09:b9:6e:3f:2f:59:fa:42:b9:32:8e:
                    2a:1b:67:10:4b:64:80:23:29:00:7a:5f:e7:8b:42:
                    b6:86:37:58:40:b6:10:3a:30:af:e0:4b:e2:a5:3c:
                    3e:0a:00:c1:bb:2d:78:c4:52:00:1d:6d:ac:d4:90:
                    6a:19:b0:cb:51:55:de:4f:e3:98:49:11:d9:d0:14:
                    59:eb:d5:2c:95:8b:e6:db:67:cd:04:7f:bd:5f:34:
                    7b:a5:2a:2b:07:c1:a5:fb:1a:f1:5c:16:7c:48:39:
                    d3:08:92:2a:2e:a0:ad:f4:c8:c3:c9:85:0b:a7:a3:
                    39:87:74:5b:be:bf:a3:a1:4b:5c:e5:69:76:64:70:
                    57:b6:f7:c0:9b:38:fb:b5:10:10:90:58:3e:fc:dc:
                    ab:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:3E:FC:8F:BF:B4:01:E7:AF:31:A8:72:DC:E6:B7:A0:45:11:DF:BA
            X509v3 Authority Key Identifier:
                keyid:BA:88:61:E1:7E:BE:D5:79:50:FF:32:C7:B3:77:FC:43:04:13:DB:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/mj78j7-0AeevMahy3Oa3oEUR37o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/10d153-c3c3-4011-97cf-10fdca385ea4/1/uohh4X6-1XlQ_zLHs3f8QwQT2-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:3c:08:16:73:c0:b4:1c:8c:07:50:32:c1:41:19:4f:48:32:
         cc:af:4f:50:c0:e5:e3:f0:95:ba:78:3b:7a:6a:a9:47:02:25:
         e2:93:53:aa:8e:35:66:dc:1f:8a:51:76:9c:80:dd:cc:8c:db:
         a1:85:80:f4:67:42:08:65:20:49:58:27:c5:ae:2b:2c:e1:9d:
         ea:66:9e:0b:1f:5e:02:2e:3e:ff:c2:e9:a5:9a:59:c2:c9:0f:
         15:1b:8a:57:30:35:84:60:e5:79:31:8d:87:f5:f5:42:70:60:
         20:fb:e6:9b:9a:bc:05:b1:72:31:d3:70:97:c4:68:51:da:11:
         86:d7:45:ce:5f:75:74:01:63:84:82:03:ec:11:34:97:a7:d2:
         0f:47:aa:33:65:85:9a:c0:4f:ad:8c:aa:54:c7:18:e5:bb:3e:
         ec:5c:57:8d:12:66:d7:5f:98:de:34:ed:38:31:a8:ba:8a:62:
         c5:e7:c0:d6:22:eb:78:b2:9f:68:47:ba:e5:1d:fb:03:d6:85:
         f2:16:2c:c5:79:47:f5:67:50:89:ec:04:9f:92:de:6d:c1:d1:
         ef:2d:77:d1:1b:9a:0e:85:1d:3e:a7:41:a9:61:6d:d7:bc:3a:
         ee:1c:22:b0:ab:58:80:bb:25:58:08:66:ee:8f:20:ac:1a:9f:
         b3:fe:83:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgYkmzgHihxUP2l4BhKxKeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhODg2MWUxN2ViZWQ1Nzk1MGZmMzJjN2IzNzdmYzQzMDQx
M2RiZTQwHhcNMjUwNzE3MTMyODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTNlZmM4ZmJmYjQwMWU3YWYzMWE4NzJkY2U2YjdhMDQ1MTFkZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2X3tdom8ZSHawrMKs1QUdr7JqxE9
WhxpNa3IFsbVWbfE8j+PwjSHWxqXTShUVrKulMwbP20fM49gswoUkiaIF0CwTrJZ
SEF18uOxn6pnLJMhFBfOl8TDlMLmxABkGAkuRTOXB+AH6vTapAwlCbluPy9Z+kK5
Mo4qG2cQS2SAIykAel/ni0K2hjdYQLYQOjCv4EvipTw+CgDBuy14xFIAHW2s1JBq
GbDLUVXeT+OYSRHZ0BRZ69UslYvm22fNBH+9XzR7pSorB8Gl+xrxXBZ8SDnTCJIq
LqCt9MjDyYULp6M5h3Rbvr+joUtc5Wl2ZHBXtvfAmzj7tRAQkFg+/NyrAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJo+/I+/tAHnrzGoctzmt6BFEd+6MB8GA1UdIwQY
MBaAFLqIYeF+vtV5UP8yx7N3/EMEE9vkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW9oaDRYNi0xWGxRX3pMSHMzZjhRd1FUMi1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8xMGQxNTMtYzNjMy00MDExLTk3Y2Yt
MTBmZGNhMzg1ZWE0LzEvbWo3OGo3LTBBZWV2TWFoeTNPYTNvRVVSMzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8xMGQxNTMtYzNjMy00MDExLTk3Y2YtMTBmZGNhMzg1ZWE0
LzEvdW9oaDRYNi0xWGxRX3pMSHMzZjhRd1FUMi1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaTFMA0G
CSqGSIb3DQEBCwUAA4IBAQB9PAgWc8C0HIwHUDLBQRlPSDLMr09QwOXj8JW6eDt6
aqlHAiXik1OqjjVm3B+KUXacgN3MjNuhhYD0Z0IIZSBJWCfFriss4Z3qZp4LH14C
Lj7/wumlmlnCyQ8VG4pXMDWEYOV5MY2H9fVCcGAg++abmrwFsXIx03CXxGhR2hGG
10XOX3V0AWOEggPsETSXp9IPR6ozZYWawE+tjKpUxxjluz7sXFeNEmbXX5jeNO04
Mai6imLF58DWIut4sp9oR7rlHfsD1oXyFizFeUf1Z1CJ7ASfkt5twdHvLXfRG5oO
hR0+p0GpYW3XvDruHCKwq1iAuyVYCGbujyCsGp+z/oPk
-----END CERTIFICATE-----