Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/MikcNyys91YehiYBdcBVDySyknI.roa
File:                     MikcNyys91YehiYBdcBVDySyknI.roa (raw, json)
Hash identifier:          +LpeWviQcdGuuYSrUm8cdzX4Fg1TCmYYpy6nwnOOZEo=
Subject key identifier:   32:29:1C:37:2C:AC:F7:56:1E:86:26:01:75:C0:55:0F:24:B2:92:72
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01993D20106ED68C7F403A16E2404AE0817F
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/MikcNyys91YehiYBdcBVDySyknI.roa
Signing time:             Fri 12 Sep 2025 08:52:15 +0000
ROA not before:           Fri 12 Sep 2025 08:52:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        109.122.15.0/24 maxlen: 24
                          109.122.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:20:10:6e:d6:8c:7f:40:3a:16:e2:40:4a:e0:81:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Sep 12 08:52:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32291c372cacf7561e86260175c0550f24b29272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:46:76:0e:ea:84:0c:fb:6e:9f:ab:5f:c3:e2:
                    1d:df:95:13:40:4c:2c:c0:2a:90:35:58:a1:66:a4:
                    00:42:00:47:aa:d5:42:b7:c0:08:7d:87:66:ce:72:
                    b1:da:61:81:b8:e9:04:f5:08:96:08:5e:a9:3c:b5:
                    8e:f9:49:c3:db:85:61:4e:af:5f:44:05:e0:65:c2:
                    c6:22:b8:e4:f1:dc:65:56:e9:f2:37:6a:8e:73:ad:
                    62:b8:d0:d8:2d:00:a8:83:ea:9c:fd:f9:fa:c3:19:
                    65:f9:d1:ec:64:95:c8:ab:3b:50:ab:8f:00:1e:c6:
                    e9:8c:55:4c:2e:0c:03:b4:e8:c6:40:52:6c:e3:c7:
                    47:89:9b:e2:e1:96:4e:22:aa:f3:d0:57:db:a6:10:
                    9a:8b:c9:82:64:0a:23:02:7c:f7:3a:15:e3:3b:7d:
                    ec:b7:73:e1:cd:f3:03:8a:52:9a:0e:93:88:e2:9b:
                    0f:e1:3a:16:c6:c2:35:0f:db:12:4a:16:10:22:61:
                    fa:94:6c:c4:fc:63:46:90:c2:b1:a8:8f:f2:c6:14:
                    57:0b:a5:18:dd:cf:16:4a:7a:eb:0b:e3:3c:dd:51:
                    c9:03:5f:89:41:32:ab:3a:d8:9b:20:70:1f:08:c0:
                    c6:e1:59:1d:e6:83:10:a8:5c:9c:b0:62:12:06:28:
                    7b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:29:1C:37:2C:AC:F7:56:1E:86:26:01:75:C0:55:0F:24:B2:92:72
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/MikcNyys91YehiYBdcBVDySyknI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.15.0/24
                  109.122.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:93:f7:18:92:41:04:fb:a3:16:3a:e1:64:89:e7:77:d5:60:
         a3:aa:b1:29:a3:8e:ca:56:85:8d:ee:3e:40:33:66:c9:70:cd:
         24:a7:32:b0:14:ef:78:31:60:17:57:be:63:18:8c:5d:a1:4b:
         38:86:b0:79:37:a2:01:95:37:82:68:3d:7a:56:81:bc:f0:66:
         46:d5:08:96:72:90:a7:8e:9a:8c:69:2b:5c:c4:03:6d:dc:3e:
         68:3d:f2:96:6b:c5:b2:52:b8:c9:b0:bb:49:01:4b:ce:1a:02:
         a1:0f:4e:8e:ae:f5:d6:8e:a2:99:1f:0f:67:6c:1b:45:22:a3:
         e9:c7:ee:ba:31:73:29:24:b4:28:15:c2:28:e1:66:a2:f1:73:
         1f:be:ca:d4:c7:ba:50:59:e5:f2:35:9d:b1:14:1a:fa:52:43:
         dc:67:42:42:1b:4a:e9:67:2b:6d:6b:31:62:53:3f:e3:7d:34:
         16:63:d8:1c:46:c2:a4:04:11:67:cf:25:cb:e7:39:05:9b:c0:
         87:a6:30:eb:42:97:ae:18:92:d8:68:36:86:2f:b9:d0:c2:44:
         ec:44:d0:5f:f2:6a:d1:25:77:68:28:e9:b9:6e:c0:50:b4:b1:
         9a:11:e3:76:71:fd:1e:45:d9:35:75:c2:b7:c4:ff:9c:52:c8:
         dd:f3:5c:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk9IBBu1ox/QDoW4kBK4IF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwOTEyMDg1MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjI5MWMzNzJjYWNmNzU2MWU4NjI2MDE3NWMwNTUwZjI0YjI5MjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkZ2DuqEDPtun6tfw+Id35UTQEws
wCqQNVihZqQAQgBHqtVCt8AIfYdmznKx2mGBuOkE9QiWCF6pPLWO+UnD24VhTq9f
RAXgZcLGIrjk8dxlVunyN2qOc61iuNDYLQCog+qc/fn6wxll+dHsZJXIqztQq48A
HsbpjFVMLgwDtOjGQFJs48dHiZvi4ZZOIqrz0FfbphCai8mCZAojAnz3OhXjO33s
t3PhzfMDilKaDpOI4psP4ToWxsI1D9sSShYQImH6lGzE/GNGkMKxqI/yxhRXC6UY
3c8WSnrrC+M83VHJA1+JQTKrOtibIHAfCMDG4Vkd5oMQqFycsGISBih7QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDIpHDcsrPdWHoYmAXXAVQ8kspJyMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvTWlrY055eXM5MVllaGlZQmRjQlZEeVN5a25JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoPAwQA
bXoUMA0GCSqGSIb3DQEBCwUAA4IBAQAHk/cYkkEE+6MWOuFkied31WCjqrEpo47K
VoWN7j5AM2bJcM0kpzKwFO94MWAXV75jGIxdoUs4hrB5N6IBlTeCaD16VoG88GZG
1QiWcpCnjpqMaStcxANt3D5oPfKWa8WyUrjJsLtJAUvOGgKhD06OrvXWjqKZHw9n
bBtFIqPpx+66MXMpJLQoFcIo4Wai8XMfvsrUx7pQWeXyNZ2xFBr6UkPcZ0JCG0rp
ZyttazFiUz/jfTQWY9gcRsKkBBFnzyXL5zkFm8CHpjDrQpeuGJLYaDaGL7nQwkTs
RNBf8mrRJXdoKOm5bsBQtLGaEeN2cf0eRdk1dcK3xP+cUsjd81xZ
-----END CERTIFICATE-----