Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/df9a4c-79fe-4004-9413-4b47e8f8c86f/1/MGv8fe2IvQEr0upg_J3OguE6DTc.roa
File:                     MGv8fe2IvQEr0upg_J3OguE6DTc.roa (raw, json)
Hash identifier:          pyEnPsCzTcBBaKCxYIn3yVpRD7il4dwpBJHyZI57pbE=
Subject key identifier:   30:6B:FC:7D:ED:88:BD:01:2B:D2:EA:60:FC:9D:CE:82:E1:3A:0D:37
Certificate issuer:       /CN=200b3b2345710a096f6a34d7f089beb1e3fc5388
Certificate serial:       019B7A5B88CFD6E8FC5A24AC3B647735F166
Authority key identifier: 20:0B:3B:23:45:71:0A:09:6F:6A:34:D7:F0:89:BE:B1:E3:FC:53:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IAs7I0VxCglvajTX8Im-seP8U4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/df9a4c-79fe-4004-9413-4b47e8f8c86f/1/MGv8fe2IvQEr0upg_J3OguE6DTc.roa
Signing time:             Thu 01 Jan 2026 16:19:37 +0000
ROA not before:           Thu 01 Jan 2026 16:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48134
IP address blocks:        91.209.19.0/24 maxlen: 24
                          2a0e:58c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/df9a4c-79fe-4004-9413-4b47e8f8c86f/1/IAs7I0VxCglvajTX8Im-seP8U4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/df9a4c-79fe-4004-9413-4b47e8f8c86f/1/IAs7I0VxCglvajTX8Im-seP8U4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IAs7I0VxCglvajTX8Im-seP8U4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:88:cf:d6:e8:fc:5a:24:ac:3b:64:77:35:f1:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=200b3b2345710a096f6a34d7f089beb1e3fc5388
        Validity
            Not Before: Jan  1 16:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=306bfc7ded88bd012bd2ea60fc9dce82e13a0d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0c:e6:90:35:f2:03:78:bc:97:dd:60:89:0d:
                    2b:de:93:7c:e5:b2:d5:44:7e:e8:5a:de:0c:32:f8:
                    00:f5:2d:e8:d6:50:51:cf:69:5a:e4:05:66:67:4a:
                    ab:77:f3:a4:c9:7b:14:1d:4f:62:84:31:d4:ba:6e:
                    8d:fa:36:a9:54:e4:aa:d8:2f:19:c1:d1:b9:f2:9d:
                    c2:d0:2c:f7:f1:cc:2f:02:a5:87:da:7c:b2:94:8f:
                    80:5e:e2:c0:ce:f2:5b:13:ab:91:d9:18:a8:9e:df:
                    44:4c:34:ef:85:6c:7a:6f:96:59:11:91:21:83:90:
                    8b:57:a8:9f:a8:a7:23:b0:3c:cd:45:4b:a0:ac:fd:
                    2b:52:a5:26:24:6f:e5:2e:c8:43:fe:53:11:8f:6b:
                    9a:9c:17:e3:39:d2:1a:de:ce:ea:0b:1e:6c:9c:01:
                    63:63:0e:8a:fe:66:a0:30:22:ac:a4:42:1f:ff:f5:
                    cf:ed:33:f3:65:28:af:7d:71:35:af:42:d7:5e:cf:
                    f9:af:80:5b:de:71:ca:f2:e7:07:67:80:81:23:4d:
                    d5:a7:06:58:19:f6:45:40:56:22:5e:00:04:1b:a7:
                    f1:bd:84:8f:9e:e1:e1:98:d7:d2:f4:95:fa:c6:2a:
                    3c:b6:c3:ce:4f:64:b1:a3:9b:b8:0e:a1:b7:cb:19:
                    2c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:6B:FC:7D:ED:88:BD:01:2B:D2:EA:60:FC:9D:CE:82:E1:3A:0D:37
            X509v3 Authority Key Identifier:
                keyid:20:0B:3B:23:45:71:0A:09:6F:6A:34:D7:F0:89:BE:B1:E3:FC:53:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IAs7I0VxCglvajTX8Im-seP8U4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/df9a4c-79fe-4004-9413-4b47e8f8c86f/1/MGv8fe2IvQEr0upg_J3OguE6DTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/df9a4c-79fe-4004-9413-4b47e8f8c86f/1/IAs7I0VxCglvajTX8Im-seP8U4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.19.0/24
                IPv6:
                  2a0e:58c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:4b:08:8f:89:41:d3:fb:12:27:90:a1:2e:c4:41:66:c9:4d:
         45:ba:d8:29:3d:92:0b:81:73:7a:50:a0:23:00:29:05:cd:8e:
         61:97:b4:42:c8:1f:2b:4b:97:ef:73:88:30:91:e2:15:86:bf:
         49:dd:b8:d2:86:7d:fb:07:70:cf:fb:bc:5d:c6:43:88:d5:6c:
         2f:4c:27:ed:57:d2:bf:08:b4:d5:51:93:f2:c3:dd:51:87:a3:
         fd:dc:bb:04:7a:34:e5:43:2b:93:5f:35:ac:d8:a1:52:4e:5a:
         7a:21:2d:a9:26:a7:e6:19:9c:eb:d0:9c:9b:f9:af:47:33:05:
         8a:8b:87:90:62:8c:e1:af:f7:0a:e3:c4:93:a5:99:29:1a:54:
         18:0c:7c:1e:ae:a6:04:ec:4d:2d:98:7c:dc:cf:18:0b:6c:49:
         fe:ba:12:47:06:8a:20:70:16:21:8e:9a:79:1c:d5:71:e2:79:
         93:38:34:d0:e1:b6:f7:55:b0:02:0b:b5:87:01:73:d4:94:53:
         06:d4:06:10:c4:be:f4:8c:35:c7:42:5b:d1:71:98:d3:7e:2f:
         70:51:56:4b:57:f2:1e:a8:d5:59:fe:86:dd:e9:f5:75:c1:bb:
         40:46:26:ec:a8:fe:2c:12:44:d4:73:ff:4b:57:04:9d:6f:ce:
         6f:3a:d0:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt6W4jP1uj8WiSsO2R3NfFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMGIzYjIzNDU3MTBhMDk2ZjZhMzRkN2YwODliZWIxZTNm
YzUzODgwHhcNMjYwMTAxMTYxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDZiZmM3ZGVkODhiZDAxMmJkMmVhNjBmYzlkY2U4MmUxM2EwZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwzmkDXyA3i8l91giQ0r3pN85bLV
RH7oWt4MMvgA9S3o1lBRz2la5AVmZ0qrd/OkyXsUHU9ihDHUum6N+japVOSq2C8Z
wdG58p3C0Cz38cwvAqWH2nyylI+AXuLAzvJbE6uR2Riont9ETDTvhWx6b5ZZEZEh
g5CLV6ifqKcjsDzNRUugrP0rUqUmJG/lLshD/lMRj2uanBfjOdIa3s7qCx5snAFj
Yw6K/magMCKspEIf//XP7TPzZSivfXE1r0LXXs/5r4Bb3nHK8ucHZ4CBI03VpwZY
GfZFQFYiXgAEG6fxvYSPnuHhmNfS9JX6xio8tsPOT2Sxo5u4DqG3yxksmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDBr/H3tiL0BK9LqYPydzoLhOg03MB8GA1UdIwQY
MBaAFCALOyNFcQoJb2o01/CJvrHj/FOIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUFzN0kwVnhDZ2x2YWpUWDhJbS1zZVA4VTRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kZjlhNGMtNzlmZS00MDA0LTk0MTMt
NGI0N2U4ZjhjODZmLzEvTUd2OGZlMkl2UUVyMHVwZ19KM09ndUU2RFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kZjlhNGMtNzlmZS00MDA0LTk0MTMtNGI0N2U4ZjhjODZm
LzEvSUFzN0kwVnhDZ2x2YWpUWDhJbS1zZVA4VTRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9ETMA0E
AgACMAcDBQMqDljAMA0GCSqGSIb3DQEBCwUAA4IBAQCESwiPiUHT+xInkKEuxEFm
yU1FutgpPZILgXN6UKAjACkFzY5hl7RCyB8rS5fvc4gwkeIVhr9J3bjShn37B3DP
+7xdxkOI1WwvTCftV9K/CLTVUZPyw91Rh6P93LsEejTlQyuTXzWs2KFSTlp6IS2p
JqfmGZzr0Jyb+a9HMwWKi4eQYozhr/cK48STpZkpGlQYDHwerqYE7E0tmHzczxgL
bEn+uhJHBoogcBYhjpp5HNVx4nmTODTQ4bb3VbACC7WHAXPUlFMG1AYQxL70jDXH
QlvRcZjTfi9wUVZLV/IeqNVZ/obd6fV1wbtARibsqP4sEkTUc/9LVwSdb85vOtDi
-----END CERTIFICATE-----