Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/mKygmLEaAcG12iJKla4NTxN16_k.roa
File:                     mKygmLEaAcG12iJKla4NTxN16_k.roa (raw, json)
Hash identifier:          irq+IO7nYrHgz8agqZ9EA1eioq3hHNo5B7OdnvrxylQ=
Subject key identifier:   98:AC:A0:98:B1:1A:01:C1:B5:DA:22:4A:95:AE:0D:4F:13:75:EB:F9
Certificate issuer:       /CN=0f7dd32779c1a9b297e28cb035fd679abb1916d1
Certificate serial:       019913C160B434A766A02EB2634349A22C75
Authority key identifier: 0F:7D:D3:27:79:C1:A9:B2:97:E2:8C:B0:35:FD:67:9A:BB:19:16:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/mKygmLEaAcG12iJKla4NTxN16_k.roa
Signing time:             Thu 04 Sep 2025 08:04:24 +0000
ROA not before:           Thu 04 Sep 2025 08:04:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        91.234.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 08:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:13:c1:60:b4:34:a7:66:a0:2e:b2:63:43:49:a2:2c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f7dd32779c1a9b297e28cb035fd679abb1916d1
        Validity
            Not Before: Sep  4 08:04:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98aca098b11a01c1b5da224a95ae0d4f1375ebf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:37:b1:1c:26:3b:d6:3e:d4:3d:51:22:86:7a:
                    dc:e6:96:b2:0d:e2:d0:3a:5b:90:31:96:a6:4b:da:
                    1d:48:d5:1b:62:77:ec:41:e2:01:70:a0:de:29:bb:
                    16:ac:30:d4:f3:df:fe:3f:96:37:3b:59:6f:45:75:
                    bf:73:ed:83:1e:c1:b7:c6:79:3c:42:74:86:5b:ce:
                    85:64:7a:1c:cd:ac:1e:08:a6:e5:1a:05:80:3e:10:
                    9d:70:a8:1f:d9:46:26:02:3f:76:ac:80:e0:de:5c:
                    a8:81:05:3f:a5:42:17:78:2e:a8:e6:f5:17:f6:e0:
                    5a:a0:ee:66:de:8e:d7:fa:e9:ef:e9:16:b6:30:4a:
                    d1:17:fc:3d:bb:84:ca:ad:86:24:de:0d:25:dc:a7:
                    7d:06:19:49:a7:6c:24:82:b6:59:e6:95:47:ef:19:
                    20:63:8a:fb:b9:21:80:da:77:e4:3f:5c:dd:b6:79:
                    d3:e5:fa:4c:d4:05:bb:70:f2:de:fa:f4:80:fe:f1:
                    d7:5e:ee:15:96:eb:bc:be:e4:26:83:7c:99:58:a8:
                    32:17:93:6a:f4:7d:14:d1:93:9e:08:8b:b3:ff:25:
                    e5:72:b7:6b:e2:c7:bb:65:f4:67:29:23:a3:52:6e:
                    2c:64:e0:cb:5b:e6:d6:14:c1:08:c1:af:70:eb:1e:
                    d9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:AC:A0:98:B1:1A:01:C1:B5:DA:22:4A:95:AE:0D:4F:13:75:EB:F9
            X509v3 Authority Key Identifier:
                keyid:0F:7D:D3:27:79:C1:A9:B2:97:E2:8C:B0:35:FD:67:9A:BB:19:16:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/mKygmLEaAcG12iJKla4NTxN16_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:72:17:2c:ea:41:da:32:03:b2:db:d3:85:5e:93:d1:d0:62:
         dd:98:36:83:6a:bc:23:e9:41:b8:1b:ad:63:cc:1f:33:ec:d1:
         d9:30:4d:dd:79:ed:e7:0c:5f:47:dc:e6:34:dc:cb:ec:64:9f:
         4a:6f:29:9f:6f:84:4f:84:64:ad:94:1b:cc:c9:c4:63:1f:ee:
         27:fd:c3:0b:90:a5:f1:e4:4e:35:75:1c:8c:57:0d:0b:4e:0d:
         66:9e:69:ca:fb:77:64:5d:a8:11:66:b0:79:60:65:d7:a2:b8:
         c7:52:e5:93:08:76:35:8f:6f:77:60:a9:41:28:51:77:bf:13:
         a2:1f:2a:4f:49:b3:0d:63:09:56:b2:0c:0e:cd:e2:2c:88:bd:
         6f:a0:ce:2e:bc:88:b3:1c:3e:2a:25:e3:1a:61:ac:24:cc:a2:
         c6:00:3a:8d:4a:ca:57:cf:bf:f1:c8:6b:9a:e7:a5:42:90:3a:
         40:d0:81:75:9d:83:f3:c1:18:f7:48:07:e4:00:d1:f7:04:6b:
         c1:7f:fd:4a:55:1e:9f:74:4d:35:06:e5:34:1d:2d:a1:bb:d8:
         0b:42:52:57:24:62:77:6c:bf:f9:b0:d2:c7:3e:7d:50:9c:29:
         9c:fe:b1:ee:5a:25:c9:0b:4f:c7:e6:0f:96:8b:68:e4:8f:e5:
         1c:6d:cf:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkTwWC0NKdmoC6yY0NJoix1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmN2RkMzI3NzljMWE5YjI5N2UyOGNiMDM1ZmQ2NzlhYmIx
OTE2ZDEwHhcNMjUwOTA0MDgwNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGFjYTA5OGIxMWEwMWMxYjVkYTIyNGE5NWFlMGQ0ZjEzNzVlYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jexHCY71j7UPVEihnrc5payDeLQ
OluQMZamS9odSNUbYnfsQeIBcKDeKbsWrDDU89/+P5Y3O1lvRXW/c+2DHsG3xnk8
QnSGW86FZHoczaweCKblGgWAPhCdcKgf2UYmAj92rIDg3lyogQU/pUIXeC6o5vUX
9uBaoO5m3o7X+unv6Ra2MErRF/w9u4TKrYYk3g0l3Kd9BhlJp2wkgrZZ5pVH7xkg
Y4r7uSGA2nfkP1zdtnnT5fpM1AW7cPLe+vSA/vHXXu4Vluu8vuQmg3yZWKgyF5Nq
9H0U0ZOeCIuz/yXlcrdr4se7ZfRnKSOjUm4sZODLW+bWFMEIwa9w6x7Z0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJisoJixGgHBtdoiSpWuDU8Tdev5MB8GA1UdIwQY
MBaAFA990yd5wamyl+KMsDX9Z5q7GRbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDMzVEozbkJxYktYNG95d05mMW5tcnNaRnRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi83MjkyMTAtZDcyMC00ZjM4LWI2YmUt
YWNmNjZmNzhiMmI3LzEvbUt5Z21MRWFBY0cxMmlKS2xhNE5UeE4xNl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi83MjkyMTAtZDcyMC00ZjM4LWI2YmUtYWNmNjZmNzhiMmI3
LzEvRDMzVEozbkJxYktYNG95d05mMW5tcnNaRnRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+onMA0G
CSqGSIb3DQEBCwUAA4IBAQBachcs6kHaMgOy29OFXpPR0GLdmDaDarwj6UG4G61j
zB8z7NHZME3dee3nDF9H3OY03MvsZJ9Kbymfb4RPhGStlBvMycRjH+4n/cMLkKXx
5E41dRyMVw0LTg1mnmnK+3dkXagRZrB5YGXXorjHUuWTCHY1j293YKlBKFF3vxOi
HypPSbMNYwlWsgwOzeIsiL1voM4uvIizHD4qJeMaYawkzKLGADqNSspXz7/xyGua
56VCkDpA0IF1nYPzwRj3SAfkANH3BGvBf/1KVR6fdE01BuU0HS2hu9gLQlJXJGJ3
bL/5sNLHPn1QnCmc/rHuWiXJC0/H5g+Wi2jkj+Ucbc/Q
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:46 2025 by rpki-client