Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/3eaeb4-fb99-4993-8122-e45350414ddf/1/DKYMmdoi70YjC_-L8vJdFhUTolQ.roa
File:                     DKYMmdoi70YjC_-L8vJdFhUTolQ.roa (raw, json)
Hash identifier:          VRVvbtOKDPVO0AG7Nxe+ryERsb8GEeQGYIh0LURsjdI=
Subject key identifier:   0C:A6:0C:99:DA:22:EF:46:23:0B:FF:8B:F2:F2:5D:16:15:13:A2:54
Certificate issuer:       /CN=39704769d087d9fe8f790a6555cb4fbefcd24d38
Certificate serial:       019957C5357FBE7AF20A0C8BE46E599CF198
Authority key identifier: 39:70:47:69:D0:87:D9:FE:8F:79:0A:65:55:CB:4F:BE:FC:D2:4D:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXBHadCH2f6PeQplVctPvvzSTTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/3eaeb4-fb99-4993-8122-e45350414ddf/1/DKYMmdoi70YjC_-L8vJdFhUTolQ.roa
Signing time:             Wed 17 Sep 2025 13:02:45 +0000
ROA not before:           Wed 17 Sep 2025 13:02:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57706
IP address blocks:        2.58.57.0/24 maxlen: 24
                          2.58.58.0/24 maxlen: 24
                          2.58.59.0/24 maxlen: 24
                          2a09:e240::/29 maxlen: 48
                          2a09:e240:40::/44 maxlen: 48
                          2a09:e244::/33 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/3eaeb4-fb99-4993-8122-e45350414ddf/1/OXBHadCH2f6PeQplVctPvvzSTTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/3eaeb4-fb99-4993-8122-e45350414ddf/1/OXBHadCH2f6PeQplVctPvvzSTTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXBHadCH2f6PeQplVctPvvzSTTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:c5:35:7f:be:7a:f2:0a:0c:8b:e4:6e:59:9c:f1:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39704769d087d9fe8f790a6555cb4fbefcd24d38
        Validity
            Not Before: Sep 17 13:02:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ca60c99da22ef46230bff8bf2f25d161513a254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:96:83:21:cb:18:62:d5:e6:ab:e1:c6:95:42:
                    9f:aa:f9:03:4b:ab:57:a8:1d:cd:4c:c4:0e:75:90:
                    ff:6c:ed:c2:37:fd:15:4e:14:74:d9:8c:b3:3e:c8:
                    ac:47:77:8b:c9:de:a8:0b:8f:4e:89:c2:e0:ab:cc:
                    e4:66:6e:ed:32:ed:7e:cd:43:d5:25:1d:0e:e0:0f:
                    39:f9:10:ca:92:b0:17:4d:59:45:ce:4e:cc:07:bd:
                    62:7c:7b:2f:db:7e:76:4b:4d:8c:a7:47:b1:11:eb:
                    0f:68:d6:df:51:6d:9f:66:cf:09:2e:7e:a4:9b:3c:
                    a4:73:ed:aa:2d:6f:da:e8:1b:cf:7c:53:94:d7:d2:
                    23:0a:ad:09:5e:1a:00:06:f5:0b:b0:a1:46:34:50:
                    fe:4b:14:23:5a:6b:6b:0b:72:14:0b:31:50:c9:68:
                    06:46:9c:89:51:e5:f8:48:87:97:c0:dc:31:a4:09:
                    7e:d0:b0:75:ba:cd:fb:e6:c7:49:55:37:f2:93:f7:
                    d9:ad:23:eb:7c:1f:fe:5f:a2:eb:ef:c5:eb:f8:c3:
                    37:42:a9:09:66:68:ef:9e:4d:a6:96:0e:db:8b:00:
                    28:54:a8:2c:a0:61:63:fe:b0:24:4c:a3:60:02:5a:
                    3d:68:59:9c:8b:07:47:62:48:b7:b8:c6:9f:9d:8c:
                    17:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:A6:0C:99:DA:22:EF:46:23:0B:FF:8B:F2:F2:5D:16:15:13:A2:54
            X509v3 Authority Key Identifier:
                keyid:39:70:47:69:D0:87:D9:FE:8F:79:0A:65:55:CB:4F:BE:FC:D2:4D:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXBHadCH2f6PeQplVctPvvzSTTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/3eaeb4-fb99-4993-8122-e45350414ddf/1/DKYMmdoi70YjC_-L8vJdFhUTolQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/3eaeb4-fb99-4993-8122-e45350414ddf/1/OXBHadCH2f6PeQplVctPvvzSTTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.57.0-2.58.59.255
                IPv6:
                  2a09:e240::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:0c:10:60:ea:f0:ce:f0:d8:23:d4:55:25:ab:64:93:54:6f:
         bd:9a:59:32:f5:bd:48:20:7d:17:86:47:98:27:2f:39:27:e6:
         5e:3d:93:04:9a:0a:5e:cb:59:00:8c:dd:91:c8:64:0d:c4:71:
         07:0f:7f:b9:4d:48:47:dc:02:8a:a3:5c:77:e1:2b:9e:0d:4c:
         5f:74:22:d3:44:62:23:74:ef:19:c8:74:c1:5c:78:77:68:5c:
         e7:af:a7:5e:6f:b1:41:28:1f:00:38:9e:10:27:bc:30:ee:17:
         8b:84:29:08:8c:e4:7c:63:f3:04:64:3b:58:43:b2:ba:52:10:
         f5:03:a2:18:c8:18:19:40:9a:f7:63:ac:26:ab:d4:75:a4:24:
         ad:13:4a:59:f5:98:54:64:0a:04:5d:ac:8a:15:f2:99:fc:b2:
         68:7f:e5:21:46:48:74:be:f9:81:67:48:08:d6:1d:89:7a:d1:
         fc:9b:48:59:9d:16:bd:a3:70:28:4f:e6:47:5f:ba:20:24:ec:
         73:56:39:e6:0e:2a:8e:d6:11:a9:42:48:07:7a:f2:d1:af:0d:
         02:92:f6:3c:75:83:a9:64:b8:3f:7b:5c:5a:29:73:fa:08:26:
         85:4d:ad:ef:a0:5e:e1:4c:b5:97:35:e7:09:fb:0c:29:55:aa:
         87:45:84:e3
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZlXxTV/vnryCgyL5G5ZnPGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzA0NzY5ZDA4N2Q5ZmU4Zjc5MGE2NTU1Y2I0ZmJlZmNk
MjRkMzgwHhcNMjUwOTE3MTMwMjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2E2MGM5OWRhMjJlZjQ2MjMwYmZmOGJmMmYyNWQxNjE1MTNhMjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ZaDIcsYYtXmq+HGlUKfqvkDS6tX
qB3NTMQOdZD/bO3CN/0VThR02YyzPsisR3eLyd6oC49OicLgq8zkZm7tMu1+zUPV
JR0O4A85+RDKkrAXTVlFzk7MB71ifHsv2352S02Mp0exEesPaNbfUW2fZs8JLn6k
mzykc+2qLW/a6BvPfFOU19IjCq0JXhoABvULsKFGNFD+SxQjWmtrC3IUCzFQyWgG
RpyJUeX4SIeXwNwxpAl+0LB1us375sdJVTfyk/fZrSPrfB/+X6Lr78Xr+MM3QqkJ
Zmjvnk2mlg7biwAoVKgsoGFj/rAkTKNgAlo9aFmciwdHYki3uMafnYwXZwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAymDJnaIu9GIwv/i/LyXRYVE6JUMB8GA1UdIwQY
MBaAFDlwR2nQh9n+j3kKZVXLT7780k04MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hCSGFkQ0gyZjZQZVFwbFZjdFB2dnpTVFRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8zZWFlYjQtZmI5OS00OTkzLTgxMjIt
ZTQ1MzUwNDE0ZGRmLzEvREtZTW1kb2k3MFlqQ18tTDh2SmRGaFVUb2xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8zZWFlYjQtZmI5OS00OTkzLTgxMjItZTQ1MzUwNDE0ZGRm
LzEvT1hCSGFkQ0gyZjZQZVFwbFZjdFB2dnpTVFRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAACOjkD
BAICOjgwDQQCAAIwBwMFAyoJ4kAwDQYJKoZIhvcNAQELBQADggEBAAcMEGDq8M7w
2CPUVSWrZJNUb72aWTL1vUggfReGR5gnLzkn5l49kwSaCl7LWQCM3ZHIZA3EcQcP
f7lNSEfcAoqjXHfhK54NTF90ItNEYiN07xnIdMFceHdoXOevp15vsUEoHwA4nhAn
vDDuF4uEKQiM5Hxj8wRkO1hDsrpSEPUDohjIGBlAmvdjrCar1HWkJK0TSln1mFRk
CgRdrIoV8pn8smh/5SFGSHS++YFnSAjWHYl60fybSFmdFr2jcChP5kdfuiAk7HNW
OeYOKo7WEalCSAd68tGvDQKS9jx1g6lkuD97XFopc/oIJoVNre+gXuFMtZc15wn7
DClVqodFhOM=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:31 2025 by rpki-client