Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mlnlrHSy1-JVZmcNCPm_m-L_Dio.roa
File:                     mlnlrHSy1-JVZmcNCPm_m-L_Dio.roa (raw, json)
Hash identifier:          CfVNyEjta1W0yOjclfhYfYwy2fJ5gW1mA/X55B6MOMc=
Subject key identifier:   9A:59:E5:AC:74:B2:D7:E2:55:66:67:0D:08:F9:BF:9B:E2:FF:0E:2A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CB4B80ED4E95D59CD5B4D31E63D122D00
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mlnlrHSy1-JVZmcNCPm_m-L_Dio.roa
Signing time:             Tue 03 Mar 2026 17:21:27 +0000
ROA not before:           Tue 03 Mar 2026 17:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216006
IP address blocks:        185.229.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b4:b8:0e:d4:e9:5d:59:cd:5b:4d:31:e6:3d:12:2d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar  3 17:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a59e5ac74b2d7e25566670d08f9bf9be2ff0e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:47:de:33:0a:ee:63:27:b2:ab:30:04:82:a3:
                    4a:4b:1a:2c:e0:aa:95:20:3a:a6:7d:f7:7c:bc:22:
                    7f:70:d5:9d:ea:1d:a8:4f:10:f2:39:ba:66:d3:f2:
                    fd:83:03:82:9b:b8:10:69:cf:66:62:c2:54:4e:5b:
                    4c:e5:f7:66:16:07:df:4b:db:eb:d4:85:fc:c6:27:
                    f1:76:68:23:0f:17:4a:5f:a2:b8:7d:73:b4:eb:54:
                    a4:79:66:06:08:c1:e4:a1:d9:24:07:d6:e0:6a:a6:
                    1d:e4:2c:23:b8:9a:b1:6c:6a:1b:bf:f4:c6:c4:95:
                    5b:33:6a:03:50:e3:ad:96:69:e5:d6:16:3c:e3:67:
                    5a:9f:63:3e:ca:93:dc:4e:82:05:57:be:66:fd:ba:
                    54:a6:5f:58:1b:22:17:ff:09:5e:d3:df:d0:54:d2:
                    02:56:aa:2d:88:de:45:3a:9d:9e:06:a4:4c:cc:2e:
                    86:94:01:d4:0c:c6:06:59:9f:24:b2:a3:f2:d9:d7:
                    e5:8a:23:f7:79:b6:ea:46:60:95:5f:00:c1:09:25:
                    a4:c3:3d:8c:6f:0c:c7:d3:26:3f:ae:a3:12:76:32:
                    1c:cd:bf:fb:7f:ce:21:f7:ee:b6:d2:4a:88:02:b8:
                    4a:a3:dd:5b:70:e8:66:6b:01:2a:85:cf:88:b5:0e:
                    51:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:59:E5:AC:74:B2:D7:E2:55:66:67:0D:08:F9:BF:9B:E2:FF:0E:2A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mlnlrHSy1-JVZmcNCPm_m-L_Dio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:96:25:86:f3:0c:21:b4:2f:02:59:4b:72:f6:cb:64:e3:dc:
         b2:f6:67:44:85:e3:4c:81:3d:12:64:33:cb:80:d2:92:d3:cd:
         45:61:9b:e4:86:b1:20:61:54:3c:6f:c5:74:ec:26:36:c0:b8:
         f9:f1:ca:40:84:11:75:44:44:72:44:34:f4:a9:8a:c5:20:3b:
         78:1f:4c:ac:73:0d:e3:03:22:77:71:91:77:8e:fb:9b:9c:2e:
         84:75:89:9f:fd:d5:ca:31:c5:b6:ed:fe:69:8f:b6:a2:f0:18:
         f8:f9:ad:1e:7b:63:b9:39:c7:45:22:35:bf:69:2e:ed:8e:92:
         cb:7b:41:e5:07:da:f4:ca:96:53:83:bf:d9:fb:2c:cd:2b:13:
         99:79:85:c2:d9:21:39:9d:16:a6:22:62:2b:dd:8b:ba:f0:51:
         4d:6d:4b:89:35:00:7a:fc:08:f9:db:33:e7:1b:b1:26:6b:60:
         bd:c7:0a:ec:dd:a0:7c:3a:7a:a4:cc:da:31:cb:7e:00:ad:64:
         cc:f0:0f:54:42:0d:ba:48:8f:ac:61:63:fd:58:c0:ef:24:ac:
         94:ea:fc:23:ce:a0:c0:8f:49:5a:8a:01:ce:5d:50:c4:d2:3e:
         21:a1:87:3f:ce:16:14:d0:7f:9e:d4:5f:9f:65:b9:6a:d6:d5:
         3c:82:67:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy0uA7U6V1ZzVtNMeY9Ei0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzAzMTcyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTU5ZTVhYzc0YjJkN2UyNTU2NjY3MGQwOGY5YmY5YmUyZmYwZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkfeMwruYyeyqzAEgqNKSxos4KqV
IDqmffd8vCJ/cNWd6h2oTxDyObpm0/L9gwOCm7gQac9mYsJUTltM5fdmFgffS9vr
1IX8xifxdmgjDxdKX6K4fXO061SkeWYGCMHkodkkB9bgaqYd5CwjuJqxbGobv/TG
xJVbM2oDUOOtlmnl1hY842dan2M+ypPcToIFV75m/bpUpl9YGyIX/wle09/QVNIC
VqotiN5FOp2eBqRMzC6GlAHUDMYGWZ8ksqPy2dfliiP3ebbqRmCVXwDBCSWkwz2M
bwzH0yY/rqMSdjIczb/7f84h9+620kqIArhKo91bcOhmawEqhc+ItQ5RHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpZ5ax0stfiVWZnDQj5v5vi/w4qMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbWxubHJIU3kxLUpWWm1jTkNQbV9tLUxfRGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueXfMA0G
CSqGSIb3DQEBCwUAA4IBAQCNliWG8wwhtC8CWUty9stk49yy9mdEheNMgT0SZDPL
gNKS081FYZvkhrEgYVQ8b8V07CY2wLj58cpAhBF1RERyRDT0qYrFIDt4H0yscw3j
AyJ3cZF3jvubnC6EdYmf/dXKMcW27f5pj7ai8Bj4+a0ee2O5OcdFIjW/aS7tjpLL
e0HlB9r0ypZTg7/Z+yzNKxOZeYXC2SE5nRamImIr3Yu68FFNbUuJNQB6/Aj52zPn
G7Ema2C9xwrs3aB8OnqkzNoxy34ArWTM8A9UQg26SI+sYWP9WMDvJKyU6vwjzqDA
j0laigHOXVDE0j4hoYc/zhYU0H+e1F+fZblq1tU8gmeJ
-----END CERTIFICATE-----