Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/Mlfex3S5CLOhA1MBkAbm9LHu_10.roa
File:                     Mlfex3S5CLOhA1MBkAbm9LHu_10.roa (raw, json)
Hash identifier:          V4LnwdORb6VK2l3X5YaNbB4FamwrZRclEZ55ZBEF3AA=
Subject key identifier:   32:57:DE:C7:74:B9:08:B3:A1:03:53:01:90:06:E6:F4:B1:EE:FF:5D
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D812BBC75AA678387592F2C737D6CCB3A
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/Mlfex3S5CLOhA1MBkAbm9LHu_10.roa
Signing time:             Sun 12 Apr 2026 10:10:20 +0000
ROA not before:           Sun 12 Apr 2026 10:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     394130
IP address blocks:        216.23.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:2b:bc:75:aa:67:83:87:59:2f:2c:73:7d:6c:cb:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 12 10:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3257dec774b908b3a10353019006e6f4b1eeff5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a6:92:33:d4:53:36:42:ad:e2:7b:92:2f:d6:
                    35:6d:79:76:22:74:86:34:bf:be:2e:83:9e:ad:09:
                    b3:10:4d:bf:02:3c:2b:84:91:7f:2b:bf:dd:14:39:
                    d6:eb:4d:8f:2c:c9:e0:a5:a8:66:80:0c:bd:cf:bb:
                    c8:e3:6c:bd:d4:75:3f:1d:53:e8:97:7e:83:e8:38:
                    45:01:7e:3d:aa:fc:12:12:6b:10:fd:41:77:00:95:
                    cb:56:93:ed:1d:02:63:29:fa:89:34:6d:ba:62:46:
                    fe:2f:e8:a3:6b:73:25:23:05:ad:61:66:97:f2:19:
                    f1:54:93:18:c0:7c:8c:f0:35:9e:e6:35:5f:15:76:
                    70:31:2f:e0:94:06:e7:a5:6f:7c:bc:fa:ac:80:64:
                    4d:05:8a:ad:c4:8a:d7:83:09:4f:20:c6:f2:11:da:
                    1f:6a:e5:2b:8c:55:bd:9e:ce:71:60:ca:ec:9e:82:
                    07:23:01:6d:ba:56:57:04:b5:e8:a0:89:cc:c0:ae:
                    58:82:7b:49:8e:ac:98:88:b1:d2:39:a3:bc:61:f7:
                    3a:7b:81:b4:be:4e:f2:40:53:53:d1:e7:c3:a7:b8:
                    54:24:1d:03:fd:b5:5e:6c:0f:ab:7d:fd:c3:9f:03:
                    fa:9b:f6:a5:2a:35:e7:c9:3c:1a:75:85:ce:43:c7:
                    56:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:57:DE:C7:74:B9:08:B3:A1:03:53:01:90:06:E6:F4:B1:EE:FF:5D
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/Mlfex3S5CLOhA1MBkAbm9LHu_10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.23.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:0d:de:c5:30:fb:21:c9:37:a9:0f:3c:8a:4a:35:b3:b7:48:
         b8:da:51:77:6b:08:b6:fe:f6:15:0a:df:fa:ff:bc:1b:5d:db:
         a2:71:85:7d:39:fc:1e:51:66:ae:25:70:a3:a7:c9:21:d6:ad:
         18:40:d9:cb:74:cf:53:8f:32:6f:6d:81:93:55:0e:19:55:b0:
         54:ad:54:f8:83:46:5a:fc:d3:45:40:b8:a2:16:21:b7:9c:ea:
         26:f6:d0:9e:fd:35:91:ee:17:3a:5c:9d:83:12:c2:a8:db:d1:
         9d:2f:06:2d:ae:de:4e:5c:c9:78:9e:1e:9f:92:b1:41:23:e0:
         4f:1e:b9:5b:28:4a:15:4a:40:01:66:6b:45:ed:9a:04:63:5f:
         f4:1b:fd:ef:6a:95:f3:1f:a1:01:5b:8c:ca:57:33:91:1a:8d:
         b4:92:bf:67:c4:98:a1:a4:67:a5:5b:d9:d4:23:d6:9f:e1:a6:
         d3:af:ba:c0:c5:b2:ff:dd:39:24:ee:f1:d7:bd:f5:d3:83:f9:
         6f:43:be:9b:f1:a9:d8:92:97:79:25:cb:1e:98:79:64:85:91:
         98:54:0c:52:10:7d:de:cd:44:0f:0b:3e:a0:a4:ed:2f:3b:c0:
         83:2c:31:46:3f:91:92:69:23:58:98:b0:6e:ee:dc:bd:bc:b9:
         b9:40:96:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2BK7x1qmeDh1kvLHN9bMs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDEyMTAxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjU3ZGVjNzc0YjkwOGIzYTEwMzUzMDE5MDA2ZTZmNGIxZWVmZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaaSM9RTNkKt4nuSL9Y1bXl2InSG
NL++LoOerQmzEE2/AjwrhJF/K7/dFDnW602PLMngpahmgAy9z7vI42y91HU/HVPo
l36D6DhFAX49qvwSEmsQ/UF3AJXLVpPtHQJjKfqJNG26Ykb+L+ija3MlIwWtYWaX
8hnxVJMYwHyM8DWe5jVfFXZwMS/glAbnpW98vPqsgGRNBYqtxIrXgwlPIMbyEdof
auUrjFW9ns5xYMrsnoIHIwFtulZXBLXooInMwK5YgntJjqyYiLHSOaO8Yfc6e4G0
vk7yQFNT0efDp7hUJB0D/bVebA+rff3DnwP6m/alKjXnyTwadYXOQ8dWxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJX3sd0uQizoQNTAZAG5vSx7v9dMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvTWxmZXgzUzVDTE9oQTFNQmtBYm05TEh1XzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2BdsMA0G
CSqGSIb3DQEBCwUAA4IBAQAFDd7FMPshyTepDzyKSjWzt0i42lF3awi2/vYVCt/6
/7wbXduicYV9OfweUWauJXCjp8kh1q0YQNnLdM9TjzJvbYGTVQ4ZVbBUrVT4g0Za
/NNFQLiiFiG3nOom9tCe/TWR7hc6XJ2DEsKo29GdLwYtrt5OXMl4nh6fkrFBI+BP
HrlbKEoVSkABZmtF7ZoEY1/0G/3vapXzH6EBW4zKVzORGo20kr9nxJihpGelW9nU
I9af4abTr7rAxbL/3Tkk7vHXvfXTg/lvQ76b8anYkpd5JcsemHlkhZGYVAxSEH3e
zUQPCz6gpO0vO8CDLDFGP5GSaSNYmLBu7ty9vLm5QJaI
-----END CERTIFICATE-----