Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/MCSENiRFKrhWZu8OQyzGyZey3X0.roa
File:                     MCSENiRFKrhWZu8OQyzGyZey3X0.roa (raw, json)
Hash identifier:          19Lj/9aGeP94OmDKLkzUjkTMV0n5d9Schy39XGUO2Qo=
Subject key identifier:   30:24:84:36:24:45:2A:B8:56:66:EF:0E:43:2C:C6:C9:97:B2:DD:7D
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019A05429FC9B3C1353800161345752DA280
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/MCSENiRFKrhWZu8OQyzGyZey3X0.roa
Signing time:             Tue 21 Oct 2025 05:34:03 +0000
ROA not before:           Tue 21 Oct 2025 05:34:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        144.56.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:42:9f:c9:b3:c1:35:38:00:16:13:45:75:2d:a2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Oct 21 05:34:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3024843624452ab85666ef0e432cc6c997b2dd7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:bb:90:22:21:6d:44:e7:d7:e5:c4:1a:7c:7f:
                    cd:e0:24:42:fa:2b:82:29:4d:fc:22:82:c9:43:df:
                    28:6a:ee:5a:52:71:bd:69:07:e1:4c:a7:06:8b:15:
                    60:43:fa:59:6b:6d:3a:86:09:55:d7:87:38:e8:00:
                    ca:80:9e:44:35:56:57:59:2d:cf:1e:43:c4:12:63:
                    5f:c4:15:1c:05:ea:15:c0:22:c5:8c:49:1f:59:28:
                    64:10:50:b4:43:dd:b8:6a:ad:4d:a0:e1:aa:96:b1:
                    60:6b:eb:01:c5:45:03:34:69:52:bc:8d:32:d9:03:
                    06:46:cf:f1:d8:07:5e:e1:c5:ad:c8:ab:2f:fa:04:
                    de:ee:ba:da:67:3f:c6:aa:45:db:10:5a:88:2b:ce:
                    ca:53:4c:82:6b:58:38:f7:cc:62:a5:3f:ac:57:4d:
                    44:7a:29:aa:a7:b8:32:09:b6:7d:c9:78:d7:b9:2d:
                    f3:bc:90:e1:a5:5e:05:56:1e:28:14:66:a8:e0:65:
                    55:48:b4:51:51:5c:1a:3c:24:15:6a:7d:15:79:c9:
                    37:10:5e:9b:8b:9a:b7:f1:84:fb:af:be:d5:d3:87:
                    00:1b:81:32:1e:ed:78:cf:9d:ed:24:ba:a8:ae:f3:
                    cf:3c:57:b6:b0:e8:59:ba:88:87:de:85:10:a9:30:
                    15:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:24:84:36:24:45:2A:B8:56:66:EF:0E:43:2C:C6:C9:97:B2:DD:7D
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/MCSENiRFKrhWZu8OQyzGyZey3X0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:8a:fc:a1:e3:f1:47:a4:3c:1b:8d:94:9e:73:05:fe:c1:c3:
         03:da:24:70:3d:87:1b:92:20:24:8a:ae:bc:f5:88:86:0c:2b:
         1c:28:f8:fd:8b:9d:8d:d5:83:af:e8:10:52:84:70:54:d8:72:
         4e:ef:bb:f2:45:e5:5b:a8:ce:9f:fb:31:e7:b1:a1:66:97:d5:
         b3:06:73:5d:ca:a2:11:40:fc:c3:d9:8c:4c:bc:ee:4e:c7:42:
         9e:2b:92:4e:2b:29:f9:4c:84:d1:b5:5c:d8:97:6e:bd:56:be:
         75:de:86:14:34:75:93:83:84:81:f4:e1:ab:fa:2b:fb:43:a1:
         7d:a2:31:3f:cc:04:09:0c:40:49:87:de:d4:66:51:a8:85:1c:
         2b:54:8c:5e:cf:c2:c5:27:40:78:87:91:b5:e4:d7:0a:26:fd:
         c1:c5:95:b1:78:44:bd:61:14:24:43:2d:6d:74:f1:95:dd:f6:
         33:49:cf:78:32:13:50:35:97:1c:d5:5f:db:a8:68:bf:f1:9e:
         12:91:d1:a1:d1:50:e7:82:0b:41:9b:d0:6a:5c:14:36:25:6c:
         f6:4a:a2:48:e3:dc:52:a7:8b:94:28:29:54:21:60:08:21:59:
         ad:70:e1:d7:d7:c0:f4:03:b2:f0:87:f1:36:3d:71:4f:ea:4a:
         7a:df:f6:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoFQp/Js8E1OAAWE0V1LaKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUxMDIxMDUzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI0ODQzNjI0NDUyYWI4NTY2NmVmMGU0MzJjYzZjOTk3YjJkZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhruQIiFtROfX5cQafH/N4CRC+iuC
KU38IoLJQ98oau5aUnG9aQfhTKcGixVgQ/pZa206hglV14c46ADKgJ5ENVZXWS3P
HkPEEmNfxBUcBeoVwCLFjEkfWShkEFC0Q924aq1NoOGqlrFga+sBxUUDNGlSvI0y
2QMGRs/x2Ade4cWtyKsv+gTe7rraZz/GqkXbEFqIK87KU0yCa1g498xipT+sV01E
eimqp7gyCbZ9yXjXuS3zvJDhpV4FVh4oFGao4GVVSLRRUVwaPCQVan0Veck3EF6b
i5q38YT7r77V04cAG4EyHu14z53tJLqorvPPPFe2sOhZuoiH3oUQqTAV2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAkhDYkRSq4VmbvDkMsxsmXst19MB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvTUNTRU5pUkZLcmhXWnU4T1F5ekd5WmV5M1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgjMA0G
CSqGSIb3DQEBCwUAA4IBAQCvivyh4/FHpDwbjZSecwX+wcMD2iRwPYcbkiAkiq68
9YiGDCscKPj9i52N1YOv6BBShHBU2HJO77vyReVbqM6f+zHnsaFml9WzBnNdyqIR
QPzD2YxMvO5Ox0KeK5JOKyn5TITRtVzYl269Vr513oYUNHWTg4SB9OGr+iv7Q6F9
ojE/zAQJDEBJh97UZlGohRwrVIxez8LFJ0B4h5G15NcKJv3BxZWxeES9YRQkQy1t
dPGV3fYzSc94MhNQNZcc1V/bqGi/8Z4SkdGh0VDnggtBm9BqXBQ2JWz2SqJI49xS
p4uUKClUIWAIIVmtcOHX18D0A7Lwh/E2PXFP6kp63/b1
-----END CERTIFICATE-----