Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mpkP51v-qQEBjlOmGit6i4RmVI4.roa
File:                     mpkP51v-qQEBjlOmGit6i4RmVI4.roa (raw, json)
Hash identifier:          qaZkgB5h1RQAdn+2dYXgxf1FQvMUDbx/8fvMK3ewUZQ=
Subject key identifier:   9A:99:0F:E7:5B:FE:A9:01:01:8E:53:A6:1A:2B:7A:8B:84:66:54:8E
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019C27E5634162A4C785B4F5F0096C0591E3
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mpkP51v-qQEBjlOmGit6i4RmVI4.roa
Signing time:             Wed 04 Feb 2026 09:04:30 +0000
ROA not before:           Wed 04 Feb 2026 09:04:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51219
IP address blocks:        46.8.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:27:e5:63:41:62:a4:c7:85:b4:f5:f0:09:6c:05:91:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Feb  4 09:04:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a990fe75bfea901018e53a61a2b7a8b8466548e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:72:a8:4b:d0:dc:ff:0e:69:70:7f:8e:73:6b:
                    d3:30:50:67:04:6d:39:e8:53:a7:7c:18:c3:f2:c1:
                    45:dc:8f:31:2d:eb:5c:5a:1a:93:2f:a4:be:cb:c3:
                    f5:e5:78:3f:b5:89:75:9c:a5:4b:db:1b:ac:f1:fc:
                    b4:d7:c2:04:5d:31:0e:21:e1:d6:d8:be:1a:c3:af:
                    98:94:0d:d4:08:cb:53:f8:81:ce:1c:b4:b5:fc:b3:
                    c0:d2:20:c0:1d:a5:98:78:00:aa:10:a8:5e:27:88:
                    b2:02:92:22:77:9e:35:08:62:be:dc:3a:4d:8e:59:
                    a8:1b:51:2a:0d:38:e5:70:9e:a0:7e:a0:20:f0:55:
                    53:43:07:7b:94:30:0d:2f:c3:51:0c:c6:de:6a:45:
                    6c:fc:eb:f1:3e:25:ea:58:9b:3d:d4:7f:0e:c2:37:
                    62:76:f6:fb:64:80:cb:71:f9:90:6b:65:85:9d:b4:
                    83:46:ae:99:50:90:a7:25:0b:4b:55:03:8f:de:63:
                    e6:88:22:cc:46:cf:df:d2:16:15:7b:df:92:5f:94:
                    3c:72:e3:d8:20:df:4b:b5:94:ee:7c:85:65:99:cf:
                    34:da:0e:d6:6b:a3:99:62:cd:fd:c2:49:91:be:32:
                    0a:f6:6a:02:e3:1c:fa:73:fc:86:62:78:90:e3:60:
                    ec:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:99:0F:E7:5B:FE:A9:01:01:8E:53:A6:1A:2B:7A:8B:84:66:54:8E
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mpkP51v-qQEBjlOmGit6i4RmVI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:4d:5a:7f:fb:ce:55:ca:33:8c:93:82:d9:70:0f:99:35:02:
         49:6c:26:a9:c0:a8:b8:7c:35:3d:41:df:e8:81:2f:39:18:a0:
         bd:db:f9:23:32:8f:56:7a:d5:d0:8d:0a:34:e5:c3:f3:50:85:
         f8:12:e8:6e:44:b1:d1:f1:f7:d9:4a:ff:b7:50:65:f5:b6:49:
         df:20:43:be:d7:34:cd:bf:06:07:d3:d9:71:e4:b5:db:a1:a6:
         40:0a:1e:ed:da:a2:ae:81:a5:e3:95:54:1d:dd:c1:af:a2:06:
         96:2d:c7:01:bc:58:46:3f:bc:21:fc:a6:8a:a4:35:56:85:11:
         ee:2c:41:13:06:de:67:ee:88:8f:4f:da:8a:d9:fa:e0:b9:53:
         a9:fe:3a:5d:8a:6f:fd:a2:4e:dc:2e:8f:b9:ea:32:0a:41:f1:
         92:4d:cb:e2:2e:2f:ca:24:0d:e7:f9:07:fb:ff:9f:aa:00:9f:
         1c:8c:c1:5e:e6:72:85:a5:39:8e:76:b2:90:dc:1b:51:14:bc:
         b2:ba:f3:ca:d6:64:c5:7d:ad:4e:f8:6c:bc:13:c7:4c:d3:f6:
         25:04:8e:07:44:11:8b:82:21:31:96:ea:13:bc:de:9b:52:29:
         86:ed:07:a2:fb:b3:cc:86:5f:a7:4b:d8:ae:81:63:e1:12:59:
         35:59:35:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwn5WNBYqTHhbT18AlsBZHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMjA0MDkwNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTk5MGZlNzViZmVhOTAxMDE4ZTUzYTYxYTJiN2E4Yjg0NjY1NDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHKoS9Dc/w5pcH+Oc2vTMFBnBG05
6FOnfBjD8sFF3I8xLetcWhqTL6S+y8P15Xg/tYl1nKVL2xus8fy018IEXTEOIeHW
2L4aw6+YlA3UCMtT+IHOHLS1/LPA0iDAHaWYeACqEKheJ4iyApIid541CGK+3DpN
jlmoG1EqDTjlcJ6gfqAg8FVTQwd7lDANL8NRDMbeakVs/OvxPiXqWJs91H8Owjdi
dvb7ZIDLcfmQa2WFnbSDRq6ZUJCnJQtLVQOP3mPmiCLMRs/f0hYVe9+SX5Q8cuPY
IN9LtZTufIVlmc802g7Wa6OZYs39wkmRvjIK9moC4xz6c/yGYniQ42DsewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqZD+db/qkBAY5TphoreouEZlSOMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvbXBrUDUxdi1xUUVCamxPbUdpdDZpNFJtVkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgixMA0G
CSqGSIb3DQEBCwUAA4IBAQBbTVp/+85VyjOMk4LZcA+ZNQJJbCapwKi4fDU9Qd/o
gS85GKC92/kjMo9WetXQjQo05cPzUIX4EuhuRLHR8ffZSv+3UGX1tknfIEO+1zTN
vwYH09lx5LXboaZACh7t2qKugaXjlVQd3cGvogaWLccBvFhGP7wh/KaKpDVWhRHu
LEETBt5n7oiPT9qK2frguVOp/jpdim/9ok7cLo+56jIKQfGSTcviLi/KJA3n+Qf7
/5+qAJ8cjMFe5nKFpTmOdrKQ3BtRFLyyuvPK1mTFfa1O+Gy8E8dM0/YlBI4HRBGL
giExluoTvN6bUimG7Qei+7PMhl+nS9iugWPhElk1WTU5
-----END CERTIFICATE-----