Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/BDQDuKOE6HSldICs31YDXppOWyI.roa
File:                     BDQDuKOE6HSldICs31YDXppOWyI.roa (raw, json)
Hash identifier:          Ox3x2X8HRRb+xIBqwpqttFpUUTKWFHSb3CgZaB3s/b4=
Subject key identifier:   04:34:03:B8:A3:84:E8:74:A5:74:80:AC:DF:56:03:5E:9A:4E:5B:22
Certificate issuer:       /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial:       0199F902DF16E8A9DEB074E49B634EB9D472
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/BDQDuKOE6HSldICs31YDXppOWyI.roa
Signing time:             Sat 18 Oct 2025 20:28:58 +0000
ROA not before:           Sat 18 Oct 2025 20:28:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213799
IP address blocks:        185.7.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f9:02:df:16:e8:a9:de:b0:74:e4:9b:63:4e:b9:d4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
        Validity
            Not Before: Oct 18 20:28:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=043403b8a384e874a57480acdf56035e9a4e5b22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4e:a1:76:29:82:87:9c:c0:66:2e:5c:20:5b:
                    a3:5c:f7:e8:3c:d4:a6:d8:f6:54:22:da:cf:8a:8a:
                    ad:80:7e:98:88:63:73:1c:97:83:e2:00:e5:c6:d1:
                    23:c4:b9:0d:90:8d:56:06:a4:6c:2d:c5:5d:ea:ab:
                    56:f9:95:bb:b4:ae:1a:49:77:78:41:dd:3e:37:06:
                    42:84:fa:47:6c:1a:29:ef:82:48:bb:60:90:9a:2e:
                    0c:69:ed:b6:71:20:61:da:bd:bd:7b:5a:e4:56:3b:
                    ad:9f:43:a2:8d:3f:61:b7:8b:49:b8:7a:58:ad:f2:
                    af:c2:e7:fb:24:9f:f4:9f:ff:1e:4a:2b:be:b5:12:
                    f1:6b:6e:f2:3e:a4:a2:eb:88:a5:dc:42:0e:03:54:
                    0b:62:6c:cb:52:25:b6:bb:a8:0b:a8:d2:89:27:81:
                    7d:94:b1:ac:22:b1:a6:b0:56:af:bb:5b:92:47:d9:
                    ef:0d:f4:4b:28:ba:67:8b:e2:51:57:af:dc:de:f2:
                    1f:62:25:c0:a9:fb:63:2d:32:39:c9:a1:15:86:d6:
                    a3:97:14:61:49:14:9f:ac:aa:71:1e:22:50:97:36:
                    49:c9:1a:1a:8f:0f:a8:f5:32:e6:d3:52:24:d5:5d:
                    a4:8f:23:c8:9d:e0:35:c3:8c:8f:87:3e:34:36:36:
                    eb:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:34:03:B8:A3:84:E8:74:A5:74:80:AC:DF:56:03:5E:9A:4E:5B:22
            X509v3 Authority Key Identifier:
                keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/BDQDuKOE6HSldICs31YDXppOWyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:d9:e5:b0:5f:9b:0c:47:03:76:6b:e5:6e:fb:e6:38:ce:96:
         ef:bb:9d:93:c1:a2:c1:6d:38:d6:d5:8e:82:28:24:86:a7:19:
         ba:3a:4e:f9:95:87:b1:f1:7c:fe:95:0f:82:05:1d:0e:e8:66:
         12:ca:21:8a:6c:1f:be:5a:92:41:80:86:c2:8f:6d:69:6a:3b:
         5c:9e:e7:75:64:d8:2b:21:cd:e0:1e:5d:19:37:3b:8d:5d:fb:
         9d:a7:6b:fe:cc:64:0d:1c:52:f0:d7:57:64:71:9c:8a:99:eb:
         5a:63:d7:b5:cf:66:46:4c:db:e8:fc:85:f4:25:d7:bf:f2:a0:
         2b:aa:95:01:03:fa:07:b2:8b:67:21:95:c9:46:9d:87:d7:ad:
         c0:b8:50:09:83:1c:b2:1f:8d:14:1e:39:ce:77:5c:c4:ad:18:
         14:4f:28:9a:2d:e2:46:c3:60:68:16:14:12:1b:be:a7:f7:ce:
         47:65:82:19:50:1f:2b:28:9e:d8:fe:bd:c1:6a:48:ea:77:27:
         a6:0a:a8:4c:aa:7f:a4:09:c5:15:32:91:20:9e:0f:2c:cb:c5:
         5a:fe:34:93:fc:e2:24:9d:3b:cb:08:8a:2a:df:38:b9:b5:ba:
         cb:c8:c8:01:3a:95:6e:c0:fd:79:89:20:12:54:f9:1b:4c:d4:
         ee:05:d9:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn5At8W6KnesHTkm2NOudRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjUxMDE4MjAyODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM0MDNiOGEzODRlODc0YTU3NDgwYWNkZjU2MDM1ZTlhNGU1YjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvk6hdimCh5zAZi5cIFujXPfoPNSm
2PZUItrPioqtgH6YiGNzHJeD4gDlxtEjxLkNkI1WBqRsLcVd6qtW+ZW7tK4aSXd4
Qd0+NwZChPpHbBop74JIu2CQmi4Mae22cSBh2r29e1rkVjutn0OijT9ht4tJuHpY
rfKvwuf7JJ/0n/8eSiu+tRLxa27yPqSi64il3EIOA1QLYmzLUiW2u6gLqNKJJ4F9
lLGsIrGmsFavu1uSR9nvDfRLKLpni+JRV6/c3vIfYiXAqftjLTI5yaEVhtajlxRh
SRSfrKpxHiJQlzZJyRoajw+o9TLm01Ik1V2kjyPIneA1w4yPhz40NjbrOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQ0A7ijhOh0pXSArN9WA16aTlsiMB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvQkRRRHVLT0U2SFNsZElDczMxWURYcHBPV3lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQfyMA0G
CSqGSIb3DQEBCwUAA4IBAQA22eWwX5sMRwN2a+Vu++Y4zpbvu52TwaLBbTjW1Y6C
KCSGpxm6Ok75lYex8Xz+lQ+CBR0O6GYSyiGKbB++WpJBgIbCj21pajtcnud1ZNgr
Ic3gHl0ZNzuNXfudp2v+zGQNHFLw11dkcZyKmetaY9e1z2ZGTNvo/IX0Jde/8qAr
qpUBA/oHsotnIZXJRp2H163AuFAJgxyyH40UHjnOd1zErRgUTyiaLeJGw2BoFhQS
G76n985HZYIZUB8rKJ7Y/r3BakjqdyemCqhMqn+kCcUVMpEgng8sy8Va/jST/OIk
nTvLCIoq3zi5tbrLyMgBOpVuwP15iSASVPkbTNTuBdm0
-----END CERTIFICATE-----