Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/MedSYzAUGRaCQbAdR-zgVrQGSLI.roa
File:                     MedSYzAUGRaCQbAdR-zgVrQGSLI.roa (raw, json)
Hash identifier:          foaGfOyRrA7XjkOMVOKushElmhuY/Ku5h7Hsu0onGho=
Subject key identifier:   31:E7:52:63:30:14:19:16:82:41:B0:1D:47:EC:E0:56:B4:06:48:B2
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       019A5900378BC472B85271D7A7D35532E515
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/MedSYzAUGRaCQbAdR-zgVrQGSLI.roa
Signing time:             Thu 06 Nov 2025 11:49:37 +0000
ROA not before:           Thu 06 Nov 2025 11:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210699
IP address blocks:        185.46.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:59:00:37:8b:c4:72:b8:52:71:d7:a7:d3:55:32:e5:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: Nov  6 11:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31e75263301419168241b01d47ece056b40648b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d8:7b:26:64:b9:aa:1b:64:0d:15:88:59:ee:
                    27:58:82:5c:a0:98:93:c4:56:7b:c1:35:cf:ac:c3:
                    f9:b0:bf:bf:33:5a:41:68:57:0d:59:9f:a9:85:9e:
                    b5:f6:33:5f:e8:3b:10:5a:f3:af:3a:be:1f:24:2e:
                    ca:3a:dd:1b:48:11:c9:b4:19:a9:fd:84:b1:2a:96:
                    6a:d0:54:d6:9d:d0:a8:2a:d8:2a:73:d7:b4:5d:2d:
                    40:0c:ba:93:1c:9c:98:38:d3:9e:06:3f:98:6e:ae:
                    ca:2d:a6:fc:58:89:e5:d9:d8:24:33:aa:71:4f:e1:
                    4f:14:fb:33:a5:e5:69:6f:f3:5d:a2:44:14:4b:b1:
                    7d:0c:9b:b2:4d:47:46:bd:78:c5:ab:26:e8:e9:59:
                    7f:9f:a1:85:0f:ad:fe:ca:c3:9f:3f:43:40:2b:c4:
                    28:08:4b:22:b4:18:40:04:16:3e:9a:da:fa:dd:f0:
                    a1:e6:c5:c2:b8:e4:c3:ae:ea:9b:a8:4f:b9:b6:eb:
                    37:cf:9a:66:97:9b:cc:ce:72:85:15:13:0f:e7:fb:
                    ef:4b:fa:45:3a:31:8a:61:fd:df:c3:ed:2e:13:c6:
                    b7:91:3c:cc:d8:69:53:fb:54:d7:eb:9f:6e:db:85:
                    87:72:b1:82:c6:6a:fe:3b:de:aa:e3:dd:f3:af:4b:
                    fa:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E7:52:63:30:14:19:16:82:41:B0:1D:47:EC:E0:56:B4:06:48:B2
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/MedSYzAUGRaCQbAdR-zgVrQGSLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:9e:7b:89:f6:8d:43:b3:bb:ed:d1:b5:1d:6d:7e:9e:3f:6a:
         5d:1d:c7:fa:3f:7e:2c:45:9f:45:7b:f4:77:ec:d5:c3:82:e4:
         40:2f:29:d1:c4:2e:d5:64:64:4e:a1:dc:37:6b:40:77:e2:1c:
         29:d7:a4:d6:12:a1:0d:46:8e:00:f7:ce:e1:38:66:00:18:84:
         51:00:16:37:b2:ea:c3:7a:b8:0d:5c:6b:e6:aa:76:ad:82:14:
         14:af:f0:6f:3b:3d:5e:c9:31:ad:4a:f9:57:63:36:df:dd:a6:
         ff:bc:bf:8d:1e:ff:a9:6e:f6:b5:44:3a:fa:e5:52:2a:15:d6:
         78:66:cc:ca:be:9d:3e:f7:34:17:06:34:69:2c:61:9b:af:f9:
         91:33:d5:af:4e:a8:e6:78:01:c0:ff:81:19:94:c8:8e:82:ad:
         99:78:fd:b0:1a:45:bb:58:b5:56:0a:9a:0d:36:4b:c9:35:f1:
         32:c7:df:32:b2:ab:6e:59:fd:68:35:71:d7:08:72:6d:c4:12:
         04:62:cb:e8:7b:91:c4:41:df:5f:55:89:89:62:da:ba:4a:3f:
         e2:c9:1a:95:5b:c6:ac:a2:76:c3:49:22:b8:28:26:ba:7d:bc:
         58:62:76:e1:17:b9:01:f4:30:9a:e4:80:e6:47:0b:4b:2d:2e:
         f0:98:45:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpZADeLxHK4UnHXp9NVMuUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjUxMTA2MTE0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWU3NTI2MzMwMTQxOTE2ODI0MWIwMWQ0N2VjZTA1NmI0MDY0OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmth7JmS5qhtkDRWIWe4nWIJcoJiT
xFZ7wTXPrMP5sL+/M1pBaFcNWZ+phZ619jNf6DsQWvOvOr4fJC7KOt0bSBHJtBmp
/YSxKpZq0FTWndCoKtgqc9e0XS1ADLqTHJyYONOeBj+Ybq7KLab8WInl2dgkM6px
T+FPFPszpeVpb/NdokQUS7F9DJuyTUdGvXjFqybo6Vl/n6GFD63+ysOfP0NAK8Qo
CEsitBhABBY+mtr63fCh5sXCuOTDruqbqE+5tus3z5pml5vMznKFFRMP5/vvS/pF
OjGKYf3fw+0uE8a3kTzM2GlT+1TX659u24WHcrGCxmr+O96q493zr0v6UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHnUmMwFBkWgkGwHUfs4Fa0BkiyMB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvTWVkU1l6QVVHUmFDUWJBZFItemdWclFHU0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5wMA0G
CSqGSIb3DQEBCwUAA4IBAQBNnnuJ9o1Ds7vt0bUdbX6eP2pdHcf6P34sRZ9Fe/R3
7NXDguRALynRxC7VZGROodw3a0B34hwp16TWEqENRo4A987hOGYAGIRRABY3surD
ergNXGvmqnatghQUr/BvOz1eyTGtSvlXYzbf3ab/vL+NHv+pbva1RDr65VIqFdZ4
ZszKvp0+9zQXBjRpLGGbr/mRM9WvTqjmeAHA/4EZlMiOgq2ZeP2wGkW7WLVWCpoN
NkvJNfEyx98ysqtuWf1oNXHXCHJtxBIEYsvoe5HEQd9fVYmJYtq6Sj/iyRqVW8as
onbDSSK4KCa6fbxYYnbhF7kB9DCa5IDmRwtLLS7wmEXY
-----END CERTIFICATE-----