Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Mo2QSFczcQRbQoYSKl6A_f3_Vzs.roa
File:                     Mo2QSFczcQRbQoYSKl6A_f3_Vzs.roa (raw, json)
Hash identifier:          dLVh2AQ3QB/5pp5P3RLjK1SX93YGwvctw0htEQ2etqs=
Subject key identifier:   32:8D:90:48:57:33:71:04:5B:42:86:12:2A:5E:80:FD:FD:FF:57:3B
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019A1C92EFF88E791F69EB1F3BFBFBABBA1B
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Mo2QSFczcQRbQoYSKl6A_f3_Vzs.roa
Signing time:             Sat 25 Oct 2025 18:13:03 +0000
ROA not before:           Sat 25 Oct 2025 18:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        89.187.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1c:92:ef:f8:8e:79:1f:69:eb:1f:3b:fb:fb:ab:ba:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Oct 25 18:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=328d9048573371045b4286122a5e80fdfdff573b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b1:e2:69:21:f1:db:94:70:4e:a5:68:25:05:
                    54:32:78:32:80:1f:6c:64:a8:3f:18:09:8f:ed:f4:
                    8b:f6:ba:3a:5d:d0:f5:5e:cf:00:e4:74:a2:8b:99:
                    0a:fe:fc:1a:a7:67:ad:21:1b:c0:8f:f0:1e:6a:9a:
                    c2:b8:50:1d:d0:b3:d9:5a:60:58:ba:43:58:2b:09:
                    7f:7e:2c:4d:41:54:3a:01:43:15:f3:ef:68:7a:01:
                    43:da:c9:76:62:af:cb:1b:2b:ca:87:34:20:6e:c1:
                    14:bd:6b:15:50:f3:68:d7:25:16:d4:e8:57:77:45:
                    53:02:96:03:23:42:25:62:0d:50:8a:26:51:bd:06:
                    34:81:51:b0:5a:e3:d1:da:d3:c7:c0:15:1c:0e:7d:
                    dc:93:fb:70:ba:ec:f4:d2:85:33:25:6a:40:84:d5:
                    88:5d:04:95:4c:ea:0d:b0:c2:c5:3d:bf:6d:c0:1f:
                    6f:8c:b6:5d:35:a7:a1:1d:2c:70:de:08:7c:57:17:
                    cc:36:63:f0:2e:bd:b3:eb:ea:20:c0:4a:36:7b:b4:
                    1a:ee:31:31:74:e2:a3:24:4a:49:10:99:42:15:c2:
                    8b:b7:67:8a:25:a1:f5:a9:eb:e3:fc:21:48:73:c2:
                    e3:c5:ee:a0:d1:ff:4c:b0:ed:5a:1a:5f:2d:5f:e3:
                    13:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:8D:90:48:57:33:71:04:5B:42:86:12:2A:5E:80:FD:FD:FF:57:3B
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Mo2QSFczcQRbQoYSKl6A_f3_Vzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:bb:1f:a4:31:d0:c1:83:94:89:ba:a3:7b:7e:ca:ad:00:e4:
         60:43:c1:e3:39:1c:98:5e:2a:93:95:a4:28:ac:80:d0:c9:a0:
         30:b4:67:34:bf:aa:d9:9f:4e:66:c9:68:0d:b8:d3:26:10:96:
         4e:c3:b0:a2:f6:68:42:87:09:fb:1c:37:d2:c2:34:bf:fa:74:
         af:26:73:e8:e2:31:37:68:54:c0:8a:fe:11:2c:5a:f5:2c:68:
         7c:0f:53:16:75:b9:d1:21:23:24:f2:5d:84:c1:cb:17:f8:df:
         25:6c:b0:5c:9d:30:a5:d3:80:82:1d:8a:a6:69:54:e3:76:0b:
         d6:e6:ad:d2:2f:3e:f4:3b:a1:af:53:2d:76:e1:64:5d:68:1c:
         49:7e:f0:23:e5:1e:52:df:b4:c2:1a:40:bf:b5:16:80:3e:8a:
         52:3e:96:5b:9c:99:47:d1:c9:ec:8a:53:3e:dc:68:49:84:3a:
         75:19:7b:65:d4:b1:6c:de:4a:e8:f0:b5:2d:0e:07:1d:06:36:
         a9:7c:88:60:36:31:0c:ab:44:3d:19:7f:a8:f6:ff:9a:be:0d:
         62:7c:16:a5:87:d9:06:09:47:01:d4:f1:c3:6d:84:4e:73:e2:
         ee:b8:0b:13:cd:eb:ef:50:f4:22:06:ee:15:47:1e:05:29:24:
         1e:32:f8:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZocku/4jnkfaesfO/v7q7obMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUxMDI1MTgxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjhkOTA0ODU3MzM3MTA0NWI0Mjg2MTIyYTVlODBmZGZkZmY1NzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7HiaSHx25RwTqVoJQVUMngygB9s
ZKg/GAmP7fSL9ro6XdD1Xs8A5HSii5kK/vwap2etIRvAj/AeaprCuFAd0LPZWmBY
ukNYKwl/fixNQVQ6AUMV8+9oegFD2sl2Yq/LGyvKhzQgbsEUvWsVUPNo1yUW1OhX
d0VTApYDI0IlYg1QiiZRvQY0gVGwWuPR2tPHwBUcDn3ck/twuuz00oUzJWpAhNWI
XQSVTOoNsMLFPb9twB9vjLZdNaehHSxw3gh8VxfMNmPwLr2z6+ogwEo2e7Qa7jEx
dOKjJEpJEJlCFcKLt2eKJaH1qevj/CFIc8Ljxe6g0f9MsO1aGl8tX+MTUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKNkEhXM3EEW0KGEipegP39/1c7MB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvTW8yUVNGY3pjUVJiUW9ZU0tsNkFfZjNfVnpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsNMA0G
CSqGSIb3DQEBCwUAA4IBAQBiux+kMdDBg5SJuqN7fsqtAORgQ8HjORyYXiqTlaQo
rIDQyaAwtGc0v6rZn05myWgNuNMmEJZOw7Ci9mhChwn7HDfSwjS/+nSvJnPo4jE3
aFTAiv4RLFr1LGh8D1MWdbnRISMk8l2EwcsX+N8lbLBcnTCl04CCHYqmaVTjdgvW
5q3SLz70O6GvUy124WRdaBxJfvAj5R5S37TCGkC/tRaAPopSPpZbnJlH0cnsilM+
3GhJhDp1GXtl1LFs3kro8LUtDgcdBjapfIhgNjEMq0Q9GX+o9v+avg1ifBalh9kG
CUcB1PHDbYROc+LuuAsTzevvUPQiBu4VRx4FKSQeMvhW
-----END CERTIFICATE-----