Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/3e7654-5124-4a6e-9497-9a9ed1ef2e8d/1/MDLnzRvtVaDNauKZ3YaGSLWMKyM.roa
File:                     MDLnzRvtVaDNauKZ3YaGSLWMKyM.roa (raw, json)
Hash identifier:          MMQjB7y3IaNNZ21WEqRPVuCFVd1+Iw0iUNXJdEC5KBE=
Subject key identifier:   30:32:E7:CD:1B:ED:55:A0:CD:6A:E2:99:DD:86:86:48:B5:8C:2B:23
Certificate issuer:       /CN=21f10e34421baff174d60678f32fa5e35cdf957e
Certificate serial:       0199B067DCDEA666AAAE233A9D1951696B2B
Authority key identifier: 21:F1:0E:34:42:1B:AF:F1:74:D6:06:78:F3:2F:A5:E3:5C:DF:95:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IfEONEIbr_F01gZ48y-l41zflX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/3e7654-5124-4a6e-9497-9a9ed1ef2e8d/1/MDLnzRvtVaDNauKZ3YaGSLWMKyM.roa
Signing time:             Sat 04 Oct 2025 18:07:00 +0000
ROA not before:           Sat 04 Oct 2025 18:07:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61080
IP address blocks:        185.1.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/3e7654-5124-4a6e-9497-9a9ed1ef2e8d/1/IfEONEIbr_F01gZ48y-l41zflX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/3e7654-5124-4a6e-9497-9a9ed1ef2e8d/1/IfEONEIbr_F01gZ48y-l41zflX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IfEONEIbr_F01gZ48y-l41zflX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b0:67:dc:de:a6:66:aa:ae:23:3a:9d:19:51:69:6b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21f10e34421baff174d60678f32fa5e35cdf957e
        Validity
            Not Before: Oct  4 18:07:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3032e7cd1bed55a0cd6ae299dd868648b58c2b23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6d:72:76:04:8f:e9:47:5c:67:7c:90:98:d9:
                    c2:3e:fd:52:74:e0:88:0e:f7:b3:42:32:59:f0:5a:
                    65:66:5a:18:7e:cc:88:48:46:0a:9f:29:7b:5d:19:
                    e6:5e:3b:3b:39:c0:ce:f5:6b:06:60:c4:1c:ef:e1:
                    96:f1:fd:ff:71:35:2a:82:3e:f8:f9:d5:0e:ad:60:
                    6a:08:5e:20:0a:a9:55:fa:0e:86:de:b0:18:ca:7b:
                    19:e0:e3:e0:e8:f2:78:4e:cc:c9:f8:e7:37:9c:c5:
                    e7:b4:5a:a0:07:49:af:68:40:69:06:89:21:4c:0f:
                    11:df:97:29:14:d0:08:5a:93:8b:20:a2:ab:54:29:
                    47:8b:f2:94:e8:0c:2b:1a:8c:4d:07:f1:32:cb:0f:
                    54:e3:b9:d8:18:1e:f5:56:b8:e5:e7:e4:e2:40:e1:
                    3a:df:3e:28:81:4b:2c:0e:a2:e6:72:c7:af:9f:7c:
                    96:c6:59:c7:d0:c6:43:c7:23:a6:d4:d9:91:76:04:
                    33:88:23:40:a6:22:f2:32:40:67:19:f1:be:d0:65:
                    db:fc:b2:75:10:8b:6d:5d:20:f4:97:5e:e3:c1:e1:
                    cc:04:40:29:93:10:0f:75:9d:08:27:61:42:10:43:
                    9b:24:08:6d:96:09:51:1e:56:29:79:c3:ce:77:84:
                    26:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:32:E7:CD:1B:ED:55:A0:CD:6A:E2:99:DD:86:86:48:B5:8C:2B:23
            X509v3 Authority Key Identifier:
                keyid:21:F1:0E:34:42:1B:AF:F1:74:D6:06:78:F3:2F:A5:E3:5C:DF:95:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IfEONEIbr_F01gZ48y-l41zflX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3e7654-5124-4a6e-9497-9a9ed1ef2e8d/1/MDLnzRvtVaDNauKZ3YaGSLWMKyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3e7654-5124-4a6e-9497-9a9ed1ef2e8d/1/IfEONEIbr_F01gZ48y-l41zflX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:55:a7:88:e4:fe:6d:18:04:24:fd:b8:be:e0:e1:f2:93:8f:
         40:e5:fc:6f:a7:1d:5c:58:93:6b:14:f6:fc:10:15:78:a7:a7:
         f1:0f:6b:07:fd:39:22:d7:34:55:19:42:97:35:28:0e:5e:3b:
         65:5c:98:c1:ef:c7:9c:26:50:b1:58:8a:17:74:f1:52:dc:75:
         ca:f0:80:3d:7a:e8:75:2b:c8:05:68:d7:e4:15:b7:fc:dc:90:
         a1:f0:a6:32:85:e4:2c:16:f8:5d:f6:ac:9e:58:ce:17:36:b6:
         87:b4:3f:fb:bf:3e:3c:6e:d2:bf:93:aa:72:1b:8c:41:ff:f4:
         ce:27:0e:7c:86:c7:0f:a1:fe:35:78:41:4b:98:f8:4b:85:dc:
         3a:95:b9:a0:64:24:7d:4b:44:5d:09:0f:6f:1d:fc:d0:bd:79:
         7b:d9:e9:ff:a3:8a:b0:35:11:f5:60:05:db:a1:5b:5e:26:35:
         a4:e0:04:d7:4d:6a:15:b3:f2:84:f7:0e:97:20:84:0e:f1:52:
         df:53:d3:93:91:33:8a:06:39:16:ab:ec:4b:56:3d:ff:bc:26:
         41:b4:48:63:49:9e:6e:a9:99:59:9a:41:0b:98:8d:ea:fd:36:
         46:96:d4:64:65:cb:29:65:6a:f1:4e:d1:4c:13:fc:91:be:72:
         ea:2c:f1:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmwZ9zepmaqriM6nRlRaWsrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZjEwZTM0NDIxYmFmZjE3NGQ2MDY3OGYzMmZhNWUzNWNk
Zjk1N2UwHhcNMjUxMDA0MTgwNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDMyZTdjZDFiZWQ1NWEwY2Q2YWUyOTlkZDg2ODY0OGI1OGMyYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm1ydgSP6UdcZ3yQmNnCPv1SdOCI
DvezQjJZ8FplZloYfsyISEYKnyl7XRnmXjs7OcDO9WsGYMQc7+GW8f3/cTUqgj74
+dUOrWBqCF4gCqlV+g6G3rAYynsZ4OPg6PJ4TszJ+Oc3nMXntFqgB0mvaEBpBokh
TA8R35cpFNAIWpOLIKKrVClHi/KU6AwrGoxNB/Eyyw9U47nYGB71Vrjl5+TiQOE6
3z4ogUssDqLmcsevn3yWxlnH0MZDxyOm1NmRdgQziCNApiLyMkBnGfG+0GXb/LJ1
EIttXSD0l17jweHMBEApkxAPdZ0IJ2FCEEObJAhtlglRHlYpecPOd4QmOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAy580b7VWgzWrimd2Ghki1jCsjMB8GA1UdIwQY
MBaAFCHxDjRCG6/xdNYGePMvpeNc35V+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWZFT05FSWJyX0YwMWdaNDh5LWw0MXpmbFg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zZTc2NTQtNTEyNC00YTZlLTk0OTct
OWE5ZWQxZWYyZThkLzEvTURMbnpSdnRWYUROYXVLWjNZYUdTTFdNS3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zZTc2NTQtNTEyNC00YTZlLTk0OTctOWE5ZWQxZWYyZThk
LzEvSWZFT05FSWJyX0YwMWdaNDh5LWw0MXpmbFg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQFfMA0G
CSqGSIb3DQEBCwUAA4IBAQC1VaeI5P5tGAQk/bi+4OHyk49A5fxvpx1cWJNrFPb8
EBV4p6fxD2sH/Tki1zRVGUKXNSgOXjtlXJjB78ecJlCxWIoXdPFS3HXK8IA9euh1
K8gFaNfkFbf83JCh8KYyheQsFvhd9qyeWM4XNraHtD/7vz48btK/k6pyG4xB//TO
Jw58hscPof41eEFLmPhLhdw6lbmgZCR9S0RdCQ9vHfzQvXl72en/o4qwNRH1YAXb
oVteJjWk4ATXTWoVs/KE9w6XIIQO8VLfU9OTkTOKBjkWq+xLVj3/vCZBtEhjSZ5u
qZlZmkELmI3q/TZGltRkZcspZWrxTtFME/yRvnLqLPHT
-----END CERTIFICATE-----