Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/Mlg2-dFb_pDIGLBjBDPo1_IYStc.roa
File:                     Mlg2-dFb_pDIGLBjBDPo1_IYStc.roa (raw, json)
Hash identifier:          3gsMMrCsLQ277PtzM/yqX0/jKqAoyQGVpd57kpWn5Y0=
Subject key identifier:   32:58:36:F9:D1:5B:FE:90:C8:18:B0:63:04:33:E8:D7:F2:18:4A:D7
Certificate issuer:       /CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
Certificate serial:       019B7CEE30D65AC0E33D1AB49FF79C60F906
Authority key identifier: 21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/Mlg2-dFb_pDIGLBjBDPo1_IYStc.roa
Signing time:             Fri 02 Jan 2026 04:19:03 +0000
ROA not before:           Fri 02 Jan 2026 04:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204114
IP address blocks:        185.25.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:30:d6:5a:c0:e3:3d:1a:b4:9f:f7:9c:60:f9:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
        Validity
            Not Before: Jan  2 04:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=325836f9d15bfe90c818b0630433e8d7f2184ad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:06:93:ca:fd:49:84:74:ca:70:fb:8b:fb:2a:
                    d8:a1:aa:90:2f:75:4f:46:87:f7:21:d5:40:47:2a:
                    2c:10:4b:01:91:c9:f2:b2:ac:a9:77:8d:f3:64:b5:
                    02:30:49:5d:8d:a2:19:dd:b8:fe:b7:1f:4c:6b:fc:
                    3b:35:4e:7f:12:96:6b:90:5f:42:c1:19:d7:48:cc:
                    14:95:73:2e:f1:5e:56:33:7d:93:70:23:93:c7:a0:
                    62:e3:bf:64:28:d3:7d:bb:7e:b9:b5:ec:c1:27:28:
                    9a:f9:09:9b:32:35:70:46:62:55:b0:1a:23:d7:26:
                    92:fe:97:a4:87:95:57:8f:30:77:db:05:3d:ae:35:
                    08:8f:a1:89:43:58:f4:e8:08:85:a5:e2:30:37:23:
                    72:88:7e:44:0c:31:2a:01:7b:5e:b5:4b:75:21:07:
                    85:e3:88:38:f7:fb:a7:5e:e0:17:ad:05:74:06:02:
                    39:39:47:a4:10:ae:f0:4f:24:08:3e:65:02:5e:eb:
                    c5:f3:8f:3a:e2:f0:11:ea:85:35:0c:c9:07:39:61:
                    d7:ba:f1:45:52:c7:5c:e1:74:cb:65:06:1b:b3:d2:
                    5f:84:d8:2c:69:40:1e:9b:49:16:14:41:e7:9b:0c:
                    12:43:e1:04:73:37:fc:a3:38:d3:94:84:0b:f0:96:
                    08:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:58:36:F9:D1:5B:FE:90:C8:18:B0:63:04:33:E8:D7:F2:18:4A:D7
            X509v3 Authority Key Identifier:
                keyid:21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/Mlg2-dFb_pDIGLBjBDPo1_IYStc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:f1:bf:10:0c:6a:57:e2:6b:ab:10:40:af:25:f9:b7:6e:0d:
         cc:63:85:f3:14:ad:f5:43:6c:99:eb:d0:61:3d:5b:a2:7f:65:
         bf:4e:e1:0e:29:05:c5:1f:6d:18:f1:69:ab:e7:0b:44:3b:ec:
         4a:3b:29:ef:19:3f:b0:29:58:09:b5:a5:5f:7b:5e:1a:bc:35:
         9b:25:a2:62:91:2e:7b:91:89:98:a3:44:86:49:8c:58:26:d3:
         70:39:b9:40:c4:a7:1e:dc:6b:80:46:5d:de:08:5c:2b:36:33:
         00:dd:e2:1c:68:c4:95:84:1d:dc:a0:b4:62:10:f3:ce:cd:7f:
         34:0b:a1:5b:77:f6:c2:c1:ee:17:68:93:02:b7:f2:56:35:af:
         35:d6:2d:24:42:6a:f7:69:1f:a6:05:a3:a5:27:b6:2d:28:fa:
         fa:11:41:4a:62:32:19:1c:70:16:be:62:3e:a3:bd:22:c0:f8:
         fe:6b:fb:9c:4a:b5:97:13:dc:14:53:fc:63:08:91:c4:d0:73:
         28:d5:22:f5:41:1b:15:8f:12:87:98:2f:9a:34:f2:ed:00:73:
         9d:54:b1:6d:27:ec:35:9f:dd:98:67:c0:18:f8:ad:e7:0d:af:
         8a:7e:ff:9f:81:a4:5d:34:59:f7:36:a6:71:c5:97:da:cc:dd:
         25:4e:cb:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87jDWWsDjPRq0n/ecYPkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYzE2NzJkYmJiZjcxNjVhNmE4M2IzMjI3YTcxMTlmMGQz
MWU4ZWUwHhcNMjYwMTAyMDQxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjU4MzZmOWQxNWJmZTkwYzgxOGIwNjMwNDMzZThkN2YyMTg0YWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAaTyv1JhHTKcPuL+yrYoaqQL3VP
Rof3IdVARyosEEsBkcnysqypd43zZLUCMEldjaIZ3bj+tx9Ma/w7NU5/EpZrkF9C
wRnXSMwUlXMu8V5WM32TcCOTx6Bi479kKNN9u365tezBJyia+QmbMjVwRmJVsBoj
1yaS/pekh5VXjzB32wU9rjUIj6GJQ1j06AiFpeIwNyNyiH5EDDEqAXtetUt1IQeF
44g49/unXuAXrQV0BgI5OUekEK7wTyQIPmUCXuvF84864vAR6oU1DMkHOWHXuvFF
Usdc4XTLZQYbs9JfhNgsaUAem0kWFEHnmwwSQ+EEczf8ozjTlIQL8JYIcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJYNvnRW/6QyBiwYwQz6NfyGErXMB8GA1UdIwQY
MBaAFCHBZy27v3Flpqg7MienEZ8NMejuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQt
MzQ3N2M3ZmNkNGQ5LzEvTWxnMi1kRmJfcERJR0xCakJEUG8xX0lZU3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQtMzQ3N2M3ZmNkNGQ5
LzEvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRlxMA0G
CSqGSIb3DQEBCwUAA4IBAQA88b8QDGpX4murEECvJfm3bg3MY4XzFK31Q2yZ69Bh
PVuif2W/TuEOKQXFH20Y8Wmr5wtEO+xKOynvGT+wKVgJtaVfe14avDWbJaJikS57
kYmYo0SGSYxYJtNwOblAxKce3GuARl3eCFwrNjMA3eIcaMSVhB3coLRiEPPOzX80
C6Fbd/bCwe4XaJMCt/JWNa811i0kQmr3aR+mBaOlJ7YtKPr6EUFKYjIZHHAWvmI+
o70iwPj+a/ucSrWXE9wUU/xjCJHE0HMo1SL1QRsVjxKHmC+aNPLtAHOdVLFtJ+w1
n92YZ8AY+K3nDa+Kfv+fgaRdNFn3NqZxxZfazN0lTss6
-----END CERTIFICATE-----