Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/16a48b-6d2a-40e2-9bc3-8cd9b33a5684/1/MDzL3FdO7fvyyBkKk6vdxUTiCwo.roa
File:                     MDzL3FdO7fvyyBkKk6vdxUTiCwo.roa (raw, json)
Hash identifier:          PnGHgebP3UovxlfbIsUeajZPOhGSEQYNlKiEGzPopd8=
Subject key identifier:   30:3C:CB:DC:57:4E:ED:FB:F2:C8:19:0A:93:AB:DD:C5:44:E2:0B:0A
Certificate issuer:       /CN=fb02f648de95b88479364346ed01e78769577922
Certificate serial:       019B7F8156F082153541DEA266FAFC9678C9
Authority key identifier: FB:02:F6:48:DE:95:B8:84:79:36:43:46:ED:01:E7:87:69:57:79:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-wL2SN6VuIR5NkNG7QHnh2lXeSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/16a48b-6d2a-40e2-9bc3-8cd9b33a5684/1/MDzL3FdO7fvyyBkKk6vdxUTiCwo.roa
Signing time:             Fri 02 Jan 2026 16:19:01 +0000
ROA not before:           Fri 02 Jan 2026 16:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206165
IP address blocks:        185.1.89.0/24 maxlen: 24
                          2001:7f8:b1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/16a48b-6d2a-40e2-9bc3-8cd9b33a5684/1/1-wL2SN6VuIR5NkNG7QHnh2lXeSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/16a48b-6d2a-40e2-9bc3-8cd9b33a5684/1/1-wL2SN6VuIR5NkNG7QHnh2lXeSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-wL2SN6VuIR5NkNG7QHnh2lXeSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:56:f0:82:15:35:41:de:a2:66:fa:fc:96:78:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb02f648de95b88479364346ed01e78769577922
        Validity
            Not Before: Jan  2 16:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=303ccbdc574eedfbf2c8190a93abddc544e20b0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9a:c5:7d:26:66:fe:fe:6a:83:d6:a7:d2:63:
                    1c:c8:3a:6d:11:87:2e:7d:24:aa:7c:b5:85:46:0f:
                    13:0b:3a:e9:25:c7:15:9e:91:db:d6:06:ae:b2:c0:
                    b1:1b:2b:94:dc:a1:ca:3f:c2:4d:06:eb:a3:6c:5f:
                    89:1f:19:70:85:dc:5b:4a:ee:73:9d:f0:5f:7d:f9:
                    1c:3f:63:75:31:68:29:eb:d6:b9:2f:dc:18:12:26:
                    1d:0f:fb:3b:3c:41:81:a2:50:e9:c5:10:d0:e3:bb:
                    96:85:0f:38:2a:e3:9d:e5:6b:be:f2:2b:02:af:63:
                    33:b6:5c:44:0d:95:0d:c5:66:96:12:8f:9d:3e:62:
                    bc:83:36:4e:99:87:59:78:fa:25:bc:28:15:3d:11:
                    fa:96:c2:67:cd:be:b0:5e:2d:3f:aa:a6:a3:1b:0e:
                    73:86:b4:25:ca:8f:41:65:6d:56:e6:43:b5:a9:12:
                    4d:8d:fb:9a:69:15:bb:02:79:a8:06:61:4e:ee:99:
                    6e:58:d8:ec:7f:cf:92:a1:29:a6:3d:e5:c5:97:a1:
                    13:d9:38:f7:b5:fe:6f:ff:79:5a:55:de:2c:75:7d:
                    17:c4:64:d4:d4:b6:ff:41:bc:f1:b7:17:a6:89:21:
                    d3:0d:a8:e9:6c:a7:78:7e:06:8a:a2:ae:3e:8d:e1:
                    6a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3C:CB:DC:57:4E:ED:FB:F2:C8:19:0A:93:AB:DD:C5:44:E2:0B:0A
            X509v3 Authority Key Identifier:
                keyid:FB:02:F6:48:DE:95:B8:84:79:36:43:46:ED:01:E7:87:69:57:79:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-wL2SN6VuIR5NkNG7QHnh2lXeSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/16a48b-6d2a-40e2-9bc3-8cd9b33a5684/1/MDzL3FdO7fvyyBkKk6vdxUTiCwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/16a48b-6d2a-40e2-9bc3-8cd9b33a5684/1/1-wL2SN6VuIR5NkNG7QHnh2lXeSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.89.0/24
                IPv6:
                  2001:7f8:b1::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:b5:ae:ac:05:2e:fe:37:ea:20:eb:77:23:4b:2c:d0:18:30:
         97:54:dc:a2:6a:f9:ad:55:84:40:13:a6:05:ec:b7:fd:3d:15:
         1e:38:68:6d:38:c0:72:df:ea:eb:d2:5a:5b:04:f5:6f:82:81:
         ca:f3:76:54:27:8b:8b:74:2b:58:98:07:e9:c0:7f:dc:77:7c:
         cb:69:c8:e5:80:93:33:a7:d6:7b:44:b7:66:ac:5b:30:6b:bb:
         21:5d:4a:9b:6f:07:1a:ab:13:93:70:4f:4b:54:5d:34:a0:81:
         88:a4:b1:59:cb:c2:dc:a3:7e:b0:1c:c7:b2:b7:e4:b4:04:10:
         0f:c6:f9:77:50:4b:86:ee:ec:5f:04:f3:be:5c:29:52:50:0e:
         3c:0a:e8:b3:2a:69:08:14:36:50:a8:c3:00:ca:60:1d:e9:c2:
         44:68:9d:cf:53:f2:e0:50:78:0a:58:5e:6b:f2:ae:1c:ae:dd:
         81:2a:a3:9a:a0:2a:52:d0:1d:63:57:4f:fb:1c:fb:a4:9c:90:
         1e:bd:91:74:bf:09:23:6f:c8:c4:1e:ad:ce:31:b0:d6:87:ef:
         7d:c8:34:a0:4a:4f:d3:72:1a:0f:f5:3e:6d:6d:54:08:50:f3:
         35:c0:ae:fe:04:6d:05:a1:24:6d:ff:fb:4e:33:13:3d:ff:8b:
         5e:74:0f:38
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZt/gVbwghU1Qd6iZvr8lnjJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMDJmNjQ4ZGU5NWI4ODQ3OTM2NDM0NmVkMDFlNzg3Njk1
Nzc5MjIwHhcNMjYwMTAyMTYxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNjY2JkYzU3NGVlZGZiZjJjODE5MGE5M2FiZGRjNTQ0ZTIwYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtprFfSZm/v5qg9an0mMcyDptEYcu
fSSqfLWFRg8TCzrpJccVnpHb1gaussCxGyuU3KHKP8JNBuujbF+JHxlwhdxbSu5z
nfBfffkcP2N1MWgp69a5L9wYEiYdD/s7PEGBolDpxRDQ47uWhQ84KuOd5Wu+8isC
r2MztlxEDZUNxWaWEo+dPmK8gzZOmYdZePolvCgVPRH6lsJnzb6wXi0/qqajGw5z
hrQlyo9BZW1W5kO1qRJNjfuaaRW7AnmoBmFO7pluWNjsf8+SoSmmPeXFl6ET2Tj3
tf5v/3laVd4sdX0XxGTU1Lb/QbzxtxemiSHTDajpbKd4fgaKoq4+jeFq0QIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFDA8y9xXTu378sgZCpOr3cVE4gsKMB8GA1UdIwQY
MBaAFPsC9kjelbiEeTZDRu0B54dpV3kiMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS13TDJTTjZWdUlSNU5rTkc3UUhuaDJsWGVTSS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzEvMTZhNDhiLTZkMmEtNDBlMi05YmMz
LThjZDliMzNhNTY4NC8xL01EekwzRmRPN2Z2eXlCa0trNnZkeFVUaUN3by5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzEvMTZhNDhiLTZkMmEtNDBlMi05YmMzLThjZDliMzNhNTY4
NC8xLzEtd0wyU042VnVJUjVOa05HN1FIbmgybFhlU0kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAC5AVkw
DwQCAAIwCQMHACABB/gAsTANBgkqhkiG9w0BAQsFAAOCAQEAKLWurAUu/jfqIOt3
I0ss0Bgwl1Tcomr5rVWEQBOmBey3/T0VHjhobTjAct/q69JaWwT1b4KByvN2VCeL
i3QrWJgH6cB/3Hd8y2nI5YCTM6fWe0S3ZqxbMGu7IV1Km28HGqsTk3BPS1RdNKCB
iKSxWcvC3KN+sBzHsrfktAQQD8b5d1BLhu7sXwTzvlwpUlAOPArosyppCBQ2UKjD
AMpgHenCRGidz1Py4FB4Clhea/KuHK7dgSqjmqAqUtAdY1dP+xz7pJyQHr2RdL8J
I2/IxB6tzjGw1ofvfcg0oEpP03IaD/U+bW1UCFDzNcCu/gRtBaEkbf/7TjMTPf+L
XnQPOA==
-----END CERTIFICATE-----