Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mplBn8_l4oQZW1CikAdq3wdNpME.roa
File:                     mplBn8_l4oQZW1CikAdq3wdNpME.roa (raw, json)
Hash identifier:          e0fsXsyMszdCIG7MoH8ye+BTR7i2qpFHuVnTb+e93rQ=
Subject key identifier:   9A:99:41:9F:CF:E5:E2:84:19:5B:50:A2:90:07:6A:DF:07:4D:A4:C1
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01987E69F219017CCFBE36E6216A74713E5B
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mplBn8_l4oQZW1CikAdq3wdNpME.roa
Signing time:             Wed 06 Aug 2025 08:05:29 +0000
ROA not before:           Wed 06 Aug 2025 08:05:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42160
IP address blocks:        158.173.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:69:f2:19:01:7c:cf:be:36:e6:21:6a:74:71:3e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Aug  6 08:05:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a99419fcfe5e284195b50a290076adf074da4c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8f:43:34:b4:e1:75:87:18:74:3b:fb:0a:bd:
                    9d:ce:10:c1:6f:50:d4:1f:78:bb:a7:5a:90:ca:83:
                    1b:de:be:60:67:e5:09:28:ad:a3:1e:60:b9:12:8a:
                    0e:20:10:1a:ba:4c:a6:23:2b:f1:e4:75:2d:27:54:
                    6b:cc:e5:e1:9d:ce:af:0d:34:72:92:5c:67:07:de:
                    7e:c6:ae:a0:dd:05:9f:bc:be:2c:13:e7:0d:c0:00:
                    27:73:e9:c5:e5:1a:1e:59:13:9e:ab:a9:11:fa:01:
                    02:59:7b:9f:04:7c:5e:82:e1:7f:03:6c:e1:c3:88:
                    31:77:ae:38:fd:bb:9c:08:55:86:21:9b:d6:55:70:
                    c3:6a:2d:ab:7a:cc:be:6f:70:cc:c4:79:af:91:a1:
                    52:75:0a:4f:0a:58:78:a0:a0:a0:a0:ce:6b:fc:ce:
                    ed:6a:ab:d6:6d:43:0d:2e:69:e0:f1:5b:27:3c:90:
                    49:92:8b:e5:e9:70:a4:6f:fc:c7:13:49:bf:6f:b4:
                    a8:fa:62:2a:60:1d:fe:38:8c:80:57:fb:b5:b6:11:
                    51:1d:e8:ba:9c:1c:01:41:66:af:2e:2a:72:b1:29:
                    30:9f:5b:47:b6:6b:bc:1f:f9:ac:3d:4a:88:cd:05:
                    35:59:3c:d4:78:56:43:3b:61:80:b1:5c:f7:db:ea:
                    51:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:99:41:9F:CF:E5:E2:84:19:5B:50:A2:90:07:6A:DF:07:4D:A4:C1
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mplBn8_l4oQZW1CikAdq3wdNpME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:22:c5:e5:df:ba:bd:47:8f:15:cf:b8:01:47:8c:e5:c4:e6:
         e2:b7:49:d6:f0:ff:eb:15:a7:55:24:f2:4b:1a:26:c0:f1:c3:
         af:67:41:ac:31:35:52:9d:ca:2d:f0:1c:6f:df:e4:5c:68:53:
         8b:ee:d1:af:95:bb:01:0c:f0:85:d4:c7:01:d1:3a:ea:93:67:
         62:80:19:77:b2:43:2f:26:5d:66:5b:f3:15:00:e8:cf:a2:ab:
         54:be:27:36:7b:a1:c1:6a:92:f6:6b:52:71:98:dd:89:5a:6d:
         81:74:f3:32:e1:6a:1c:96:df:ba:29:41:ad:3c:8a:1b:36:96:
         a6:e4:4b:1a:a1:7a:e6:ec:19:3f:1c:45:31:68:c7:08:8d:a0:
         d6:6d:0d:c1:4c:05:6b:34:9c:17:3d:90:57:37:d1:f1:f3:0b:
         ef:96:f0:d7:d6:ce:0a:79:d8:c5:6c:79:2a:5f:08:d0:2f:21:
         64:78:0f:f6:2e:cb:f3:02:a3:8d:81:62:32:1d:1a:76:9a:b0:
         c8:75:74:2b:ee:61:3b:12:f9:3f:b3:ad:7f:c7:9b:7d:42:91:
         a6:71:08:85:7b:73:28:83:d9:b2:35:12:af:82:02:a8:e7:fa:
         8b:3f:5b:d2:be:68:a1:14:7e:df:72:1b:c1:5d:ac:56:08:ae:
         15:9c:8d:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh+afIZAXzPvjbmIWp0cT5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODA2MDgwNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTk5NDE5ZmNmZTVlMjg0MTk1YjUwYTI5MDA3NmFkZjA3NGRhNGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw49DNLThdYcYdDv7Cr2dzhDBb1DU
H3i7p1qQyoMb3r5gZ+UJKK2jHmC5EooOIBAaukymIyvx5HUtJ1RrzOXhnc6vDTRy
klxnB95+xq6g3QWfvL4sE+cNwAAnc+nF5RoeWROeq6kR+gECWXufBHxeguF/A2zh
w4gxd644/bucCFWGIZvWVXDDai2resy+b3DMxHmvkaFSdQpPClh4oKCgoM5r/M7t
aqvWbUMNLmng8VsnPJBJkovl6XCkb/zHE0m/b7So+mIqYB3+OIyAV/u1thFRHei6
nBwBQWavLipysSkwn1tHtmu8H/msPUqIzQU1WTzUeFZDO2GAsVz32+pRzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqZQZ/P5eKEGVtQopAHat8HTaTBMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvbXBsQm44X2w0b1FaVzFDaWtBZHEzd2ROcE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq2AMA0G
CSqGSIb3DQEBCwUAA4IBAQBWIsXl37q9R48Vz7gBR4zlxObit0nW8P/rFadVJPJL
GibA8cOvZ0GsMTVSncot8Bxv3+RcaFOL7tGvlbsBDPCF1McB0Trqk2digBl3skMv
Jl1mW/MVAOjPoqtUvic2e6HBapL2a1JxmN2JWm2BdPMy4Woclt+6KUGtPIobNpam
5EsaoXrm7Bk/HEUxaMcIjaDWbQ3BTAVrNJwXPZBXN9Hx8wvvlvDX1s4KedjFbHkq
XwjQLyFkeA/2LsvzAqONgWIyHRp2mrDIdXQr7mE7Evk/s61/x5t9QpGmcQiFe3Mo
g9myNRKvggKo5/qLP1vSvmihFH7fchvBXaxWCK4VnI0T
-----END CERTIFICATE-----