Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9Mh7v1Z5JBGY0lRthuDaNZcOhWA.roa
File:                     9Mh7v1Z5JBGY0lRthuDaNZcOhWA.roa (raw, json)
Hash identifier:          +u1dOqVLLfzO8roOkXoJfWKMLHBo21wiCSY54xcpEUA=
Subject key identifier:   F4:C8:7B:BF:56:79:24:11:98:D2:54:6D:86:E0:DA:35:97:0E:85:60
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0199C13768CD8FEBDEA9445273BFC9031463
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9Mh7v1Z5JBGY0lRthuDaNZcOhWA.roa
Signing time:             Wed 08 Oct 2025 00:27:38 +0000
ROA not before:           Wed 08 Oct 2025 00:27:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        91.246.49.0/24 maxlen: 24
                          91.247.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c1:37:68:cd:8f:eb:de:a9:44:52:73:bf:c9:03:14:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct  8 00:27:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4c87bbf5679241198d2546d86e0da35970e8560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e1:ef:ba:4c:79:8c:c1:b7:4f:99:2c:4a:e8:
                    4e:a7:48:d9:fe:ec:4e:4b:80:c1:70:02:d2:e7:df:
                    ab:8d:1e:c9:38:48:36:46:9d:2e:c0:0f:fe:c7:0b:
                    5d:d5:a0:d6:02:8a:ec:06:df:b0:a8:8e:0e:e2:cb:
                    2f:c2:55:09:9d:d6:9f:2f:63:c6:10:e5:9f:32:68:
                    9c:2d:fb:9f:ac:bc:50:54:a7:47:0a:99:fc:d5:05:
                    a7:ee:b6:18:3c:c5:9e:96:48:11:64:47:c8:ef:a6:
                    e0:f1:98:3d:f1:78:25:2c:fd:9e:38:28:05:47:7b:
                    a4:33:61:93:bc:c0:c9:89:78:e6:fd:00:f5:ed:6a:
                    49:27:e5:fb:ea:56:d5:94:24:bd:ed:57:9f:c0:a2:
                    74:73:e3:6c:a2:a4:fc:12:92:b5:a0:2d:94:b8:4e:
                    a7:4e:bc:9c:5a:6f:46:52:22:db:2f:e5:86:54:cd:
                    5b:67:4c:ff:91:13:be:a6:5a:c4:24:c4:2d:03:af:
                    d4:2d:b5:00:d0:d6:c0:9e:48:0c:e9:3b:57:da:8e:
                    4b:39:31:34:4f:54:eb:33:62:1f:be:4e:6a:65:85:
                    a0:b4:89:1f:4a:44:bb:8d:91:b8:74:b2:d9:8d:17:
                    c1:eb:84:6a:e9:18:f2:7b:ef:04:62:c1:5c:dd:0b:
                    fa:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C8:7B:BF:56:79:24:11:98:D2:54:6D:86:E0:DA:35:97:0E:85:60
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9Mh7v1Z5JBGY0lRthuDaNZcOhWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.49.0/24
                  91.247.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:2c:a1:1b:bc:79:a4:f3:a9:47:1e:b4:87:c9:89:5d:29:78:
         56:60:58:a8:35:6d:c8:2c:63:e5:22:f6:83:78:16:36:fe:e9:
         63:3c:cb:c7:97:a3:32:99:cd:ce:18:b7:7c:b9:78:15:d2:2b:
         4d:d9:a3:55:58:67:3c:74:52:bb:c9:44:68:bf:90:e7:97:66:
         11:58:16:8e:fb:ca:f6:cf:ac:f4:55:8f:89:91:82:18:6b:ea:
         f6:f6:9d:8f:62:ab:33:a8:0d:ae:5f:54:5f:ee:8f:88:9b:07:
         20:9f:ba:9a:8e:36:b1:a5:a3:30:bf:39:87:99:1f:77:c3:64:
         e7:7c:af:86:21:52:28:72:2d:8b:36:3b:2b:a0:85:03:72:60:
         70:e2:4a:a1:5c:2b:f4:fc:d9:a0:90:e9:cd:c4:ed:fc:40:97:
         b1:51:18:c7:38:67:76:d8:2d:9f:7f:42:38:a9:c7:82:e4:85:
         52:c6:5d:1d:8b:f2:e8:92:93:12:af:93:b4:90:4d:d5:f8:06:
         14:55:c8:96:33:2f:11:7f:67:d9:1c:a2:62:f8:83:a2:16:17:
         d8:e4:be:41:4e:5f:8d:02:be:06:9c:58:ad:0e:f4:08:32:25:
         99:5f:64:5a:fc:7e:87:08:a9:7c:52:bb:ba:79:e9:e9:27:1c:
         83:cf:43:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnBN2jNj+veqURSc7/JAxRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUxMDA4MDAyNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGM4N2JiZjU2NzkyNDExOThkMjU0NmQ4NmUwZGEzNTk3MGU4NTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+Hvukx5jMG3T5ksSuhOp0jZ/uxO
S4DBcALS59+rjR7JOEg2Rp0uwA/+xwtd1aDWAorsBt+wqI4O4ssvwlUJndafL2PG
EOWfMmicLfufrLxQVKdHCpn81QWn7rYYPMWelkgRZEfI76bg8Zg98XglLP2eOCgF
R3ukM2GTvMDJiXjm/QD17WpJJ+X76lbVlCS97VefwKJ0c+NsoqT8EpK1oC2UuE6n
TrycWm9GUiLbL+WGVM1bZ0z/kRO+plrEJMQtA6/ULbUA0NbAnkgM6TtX2o5LOTE0
T1TrM2Ifvk5qZYWgtIkfSkS7jZG4dLLZjRfB64Rq6Rjye+8EYsFc3Qv6twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPTIe79WeSQRmNJUbYbg2jWXDoVgMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvOU1oN3YxWjVKQkdZMGxSdGh1RGFOWmNPaFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/YxAwQA
W/exMA0GCSqGSIb3DQEBCwUAA4IBAQBKLKEbvHmk86lHHrSHyYldKXhWYFioNW3I
LGPlIvaDeBY2/uljPMvHl6Mymc3OGLd8uXgV0itN2aNVWGc8dFK7yURov5Dnl2YR
WBaO+8r2z6z0VY+JkYIYa+r29p2PYqszqA2uX1Rf7o+Imwcgn7qajjaxpaMwvzmH
mR93w2TnfK+GIVIoci2LNjsroIUDcmBw4kqhXCv0/NmgkOnNxO38QJexURjHOGd2
2C2ff0I4qceC5IVSxl0di/LokpMSr5O0kE3V+AYUVciWMy8Rf2fZHKJi+IOiFhfY
5L5BTl+NAr4GnFitDvQIMiWZX2Ra/H6HCKl8Uru6eenpJxyDz0ON
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:13 2025 by rpki-client