Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/mxy-X6DSpF8ZztbUQjMZo4HUfAM.roa
File:                     mxy-X6DSpF8ZztbUQjMZo4HUfAM.roa (raw, json)
Hash identifier:          8VsFON9Y1Ltuj+mPJYLJdGhQhe4GbTQ4L4kgjue4VFU=
Subject key identifier:   9B:1C:BE:5F:A0:D2:A4:5F:19:CE:D6:D4:42:33:19:A3:81:D4:7C:03
Certificate issuer:       /CN=e0866e5a7c725dcb6a138cc6c340cfdad4315d3e
Certificate serial:       019D52066C00B5FF36E2333389FEDEC07C8A
Authority key identifier: E0:86:6E:5A:7C:72:5D:CB:6A:13:8C:C6:C3:40:CF:DA:D4:31:5D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/mxy-X6DSpF8ZztbUQjMZo4HUfAM.roa
Signing time:             Fri 03 Apr 2026 06:27:25 +0000
ROA not before:           Fri 03 Apr 2026 06:27:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60591
IP address blocks:        80.94.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:06:6c:00:b5:ff:36:e2:33:33:89:fe:de:c0:7c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0866e5a7c725dcb6a138cc6c340cfdad4315d3e
        Validity
            Not Before: Apr  3 06:27:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b1cbe5fa0d2a45f19ced6d4423319a381d47c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e1:5c:85:c8:17:09:97:a5:fb:2e:98:86:1e:
                    0b:48:39:a8:0a:a4:18:bd:93:ad:d6:27:c8:50:2b:
                    50:ad:ba:5a:cf:41:68:cd:bc:05:86:21:ae:14:b4:
                    3f:18:33:c7:9a:45:bc:3e:c8:e5:49:74:6d:71:e1:
                    6f:a6:43:97:9d:54:79:03:56:85:6f:9d:6b:7c:8b:
                    8d:08:cf:ab:6f:d0:12:b5:42:95:30:02:9f:c9:4d:
                    df:4c:74:da:c4:76:92:42:f0:3d:d4:b4:80:da:80:
                    7b:c6:43:f0:0a:f0:43:07:1a:9a:4f:be:72:2d:35:
                    5c:55:51:d3:ae:28:d2:51:c7:19:a1:31:bd:5d:fc:
                    35:10:e4:3b:2a:2b:cf:64:b3:5d:05:17:95:98:8a:
                    f3:f9:32:f8:20:28:18:34:c0:0b:37:71:d4:7e:ca:
                    5f:d9:1f:df:15:16:7d:b5:e6:16:62:54:cd:df:4e:
                    60:0a:2b:4c:a0:05:f7:0c:82:65:1e:cd:df:bc:84:
                    4f:d6:18:86:96:86:a0:a3:4d:74:7e:f5:81:0c:a3:
                    7d:2a:7d:e0:40:6b:39:fb:fe:e5:1f:f3:c3:ac:03:
                    34:65:30:a5:ce:76:99:31:e3:a0:e8:78:56:81:74:
                    5c:fd:4a:17:45:77:dd:e1:12:de:a0:a3:b9:33:18:
                    30:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:1C:BE:5F:A0:D2:A4:5F:19:CE:D6:D4:42:33:19:A3:81:D4:7C:03
            X509v3 Authority Key Identifier:
                keyid:E0:86:6E:5A:7C:72:5D:CB:6A:13:8C:C6:C3:40:CF:DA:D4:31:5D:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/mxy-X6DSpF8ZztbUQjMZo4HUfAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:41:cc:0b:44:67:e9:5b:04:12:15:d4:a0:15:a2:b2:94:64:
         aa:99:01:8b:e5:08:c6:d4:bd:5c:42:81:c5:5c:53:18:e7:7e:
         1b:be:30:d2:08:d2:c8:f3:8a:be:0b:6f:80:98:dc:44:e3:f1:
         4e:da:e7:6a:53:c8:20:34:a5:2e:64:08:d9:ee:b3:ba:94:c1:
         5f:28:ab:c4:73:61:f6:1e:c8:92:9a:40:ff:a8:93:a2:0c:3f:
         bc:94:24:a0:ae:72:ff:4f:24:7f:c3:3c:f7:53:d8:9d:b0:a7:
         6c:45:77:b3:be:57:e0:19:f2:c9:51:95:94:3f:aa:58:d3:b6:
         c8:72:6e:bd:94:37:15:b9:da:54:01:e8:91:8a:3d:45:03:f1:
         51:2c:c5:c7:d9:5a:2e:9d:23:5a:b4:89:20:ed:57:2c:07:38:
         35:cf:52:cd:cd:17:3a:99:c4:25:00:b7:24:c5:ae:72:82:13:
         9f:9d:48:4c:2c:7b:c6:eb:49:5f:e0:a2:bd:5c:9a:44:83:6a:
         ed:89:82:b4:66:20:bc:e9:16:de:92:6c:85:24:ec:49:ca:b0:
         7c:61:c9:f1:d0:08:33:bd:70:3e:a2:9e:d9:3a:e8:29:ab:ad:
         bd:b1:97:51:b7:8a:21:af:93:61:da:8a:d5:a1:c4:94:bd:fa:
         98:9c:19:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SBmwAtf824jMzif7ewHyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwODY2ZTVhN2M3MjVkY2I2YTEzOGNjNmMzNDBjZmRhZDQz
MTVkM2UwHhcNMjYwNDAzMDYyNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjFjYmU1ZmEwZDJhNDVmMTljZWQ2ZDQ0MjMzMTlhMzgxZDQ3YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOFchcgXCZel+y6Yhh4LSDmoCqQY
vZOt1ifIUCtQrbpaz0FozbwFhiGuFLQ/GDPHmkW8PsjlSXRtceFvpkOXnVR5A1aF
b51rfIuNCM+rb9AStUKVMAKfyU3fTHTaxHaSQvA91LSA2oB7xkPwCvBDBxqaT75y
LTVcVVHTrijSUccZoTG9Xfw1EOQ7KivPZLNdBReVmIrz+TL4ICgYNMALN3HUfspf
2R/fFRZ9teYWYlTN305gCitMoAX3DIJlHs3fvIRP1hiGloago010fvWBDKN9Kn3g
QGs5+/7lH/PDrAM0ZTClznaZMeOg6HhWgXRc/UoXRXfd4RLeoKO5MxgwQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJscvl+g0qRfGc7W1EIzGaOB1HwDMB8GA1UdIwQY
MBaAFOCGblp8cl3LahOMxsNAz9rUMV0+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEladVdueHlYY3RxRTR6R3cwRFAydFF4WFQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83YmE4NzctNDgzOS00NzE3LThhYTQt
MjQ0MTliODc2ZjA4LzEvbXh5LVg2RFNwRjhaenRiVVFqTVpvNEhVZkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83YmE4NzctNDgzOS00NzE3LThhYTQtMjQ0MTliODc2ZjA4
LzEvNEladVdueHlYY3RxRTR6R3cwRFAydFF4WFQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF7rMA0G
CSqGSIb3DQEBCwUAA4IBAQAOQcwLRGfpWwQSFdSgFaKylGSqmQGL5QjG1L1cQoHF
XFMY534bvjDSCNLI84q+C2+AmNxE4/FO2udqU8ggNKUuZAjZ7rO6lMFfKKvEc2H2
HsiSmkD/qJOiDD+8lCSgrnL/TyR/wzz3U9idsKdsRXezvlfgGfLJUZWUP6pY07bI
cm69lDcVudpUAeiRij1FA/FRLMXH2VounSNatIkg7VcsBzg1z1LNzRc6mcQlALck
xa5yghOfnUhMLHvG60lf4KK9XJpEg2rtiYK0ZiC86RbekmyFJOxJyrB8Ycnx0Agz
vXA+op7ZOugpq629sZdRt4ohr5Nh2orVocSUvfqYnBni
-----END CERTIFICATE-----