Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QckeBKMJh1BMnZ4ggic7riQ2nos.roa
File:                     QckeBKMJh1BMnZ4ggic7riQ2nos.roa (raw, json)
Hash identifier:          PamlZ5g3cWGlPRPXTTD6iPe1z0pCGfOT1CE1MB2hQhQ=
Subject key identifier:   41:C9:1E:04:A3:09:87:50:4C:9D:9E:20:82:27:3B:AE:24:36:9E:8B
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0199FDB98961366A99E3E6B1454D46354434
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QckeBKMJh1BMnZ4ggic7riQ2nos.roa
Signing time:             Sun 19 Oct 2025 18:26:58 +0000
ROA not before:           Sun 19 Oct 2025 18:26:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.199.213.0/24 maxlen: 24
                          185.221.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:b9:89:61:36:6a:99:e3:e6:b1:45:4d:46:35:44:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Oct 19 18:26:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41c91e04a30987504c9d9e2082273bae24369e8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:18:1a:a8:63:a9:56:24:40:31:13:0c:fd:8e:
                    5a:52:78:6b:cd:06:e8:f8:0d:73:81:b7:6d:f6:25:
                    d6:4f:5e:67:6d:b5:6f:ea:49:4b:d2:fa:e2:6f:fc:
                    50:e1:85:5b:ba:1b:33:55:f0:f6:5e:c8:f2:80:e7:
                    77:df:9d:5b:09:57:22:62:87:cb:2b:ae:d4:a0:06:
                    59:ae:75:af:55:a3:c1:42:d6:a3:c5:25:ab:d2:8c:
                    10:b1:f4:c1:d7:fd:0a:98:95:b5:67:92:d3:a1:8b:
                    68:87:ca:6b:1c:9e:46:af:13:15:63:ba:e6:d9:c2:
                    d0:85:5b:88:dd:6c:03:b2:af:16:72:55:c9:a1:f6:
                    5e:ca:e6:35:c2:ea:d7:b3:dd:ed:47:6b:c9:c4:d0:
                    24:8a:c1:50:30:c4:20:28:4c:56:29:4d:c1:ac:ad:
                    4d:13:ad:bd:4f:e5:51:ba:d3:39:20:1f:b0:81:05:
                    45:ab:83:6a:15:f8:47:eb:fb:75:d9:2d:b8:7e:7c:
                    c0:1a:38:76:fc:20:96:70:97:3c:12:6b:8c:a8:e5:
                    57:c0:34:0f:d0:0d:e2:5f:cf:16:2d:9d:b8:45:ae:
                    2e:06:ca:f1:6e:da:ed:1e:43:a5:f4:bd:2b:16:51:
                    fd:4d:d1:e7:05:ab:41:83:e2:de:aa:42:50:68:e8:
                    3d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:C9:1E:04:A3:09:87:50:4C:9D:9E:20:82:27:3B:AE:24:36:9E:8B
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QckeBKMJh1BMnZ4ggic7riQ2nos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.213.0/24
                  185.221.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:dd:39:f4:3f:87:69:c1:e3:25:19:c7:9f:a9:85:41:01:31:
         fc:cb:d6:c1:a9:a4:d8:c7:24:2a:65:b3:9e:b5:90:5d:a1:e8:
         af:83:02:d1:61:7b:6c:26:82:6e:11:5e:38:94:25:c5:4e:58:
         75:01:d7:c0:2f:38:08:51:d8:5d:62:70:1d:58:52:59:cc:97:
         f0:2c:52:cb:27:db:3f:ac:a9:6f:a7:12:95:51:2b:5f:cf:8e:
         9a:43:77:36:42:12:30:bd:e5:d7:17:07:5f:ef:1d:de:dd:93:
         eb:4b:ba:9d:6e:2c:92:09:54:f2:8e:94:a8:e1:1f:3b:16:22:
         e1:87:ed:d0:0a:af:09:56:7a:53:07:2f:40:0a:73:6a:88:6b:
         b6:ca:6f:45:0b:5a:51:1d:ed:85:81:38:f1:11:e8:01:b2:3d:
         c2:64:10:78:64:b9:75:60:5e:15:a1:3a:4a:ed:55:8d:61:52:
         39:2f:e2:9e:e3:3b:f9:36:f5:5e:d0:e7:b8:82:f3:16:2a:1c:
         aa:af:db:15:f5:8a:ec:0e:ea:71:11:77:66:77:17:14:b5:f8:
         45:86:c1:58:a5:ed:be:cf:70:af:ca:cb:f9:bd:ee:47:d1:5a:
         f2:6c:a0:b1:f3:32:a3:92:7d:53:f1:10:49:fa:be:69:10:16:
         55:01:c8:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZn9uYlhNmqZ4+axRU1GNUQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUxMDE5MTgyNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWM5MWUwNGEzMDk4NzUwNGM5ZDllMjA4MjI3M2JhZTI0MzY5ZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRgaqGOpViRAMRMM/Y5aUnhrzQbo
+A1zgbdt9iXWT15nbbVv6klL0vrib/xQ4YVbuhszVfD2XsjygOd3351bCVciYofL
K67UoAZZrnWvVaPBQtajxSWr0owQsfTB1/0KmJW1Z5LToYtoh8prHJ5GrxMVY7rm
2cLQhVuI3WwDsq8WclXJofZeyuY1wurXs93tR2vJxNAkisFQMMQgKExWKU3BrK1N
E629T+VRutM5IB+wgQVFq4NqFfhH6/t12S24fnzAGjh2/CCWcJc8EmuMqOVXwDQP
0A3iX88WLZ24Ra4uBsrxbtrtHkOl9L0rFlH9TdHnBatBg+LeqkJQaOg9ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHJHgSjCYdQTJ2eIIInO64kNp6LMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvUWNrZUJLTUpoMUJNblo0Z2dpYzdyaVEybm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucfVAwQA
ud0aMA0GCSqGSIb3DQEBCwUAA4IBAQBk3Tn0P4dpweMlGcefqYVBATH8y9bBqaTY
xyQqZbOetZBdoeivgwLRYXtsJoJuEV44lCXFTlh1AdfALzgIUdhdYnAdWFJZzJfw
LFLLJ9s/rKlvpxKVUStfz46aQ3c2QhIwveXXFwdf7x3e3ZPrS7qdbiySCVTyjpSo
4R87FiLhh+3QCq8JVnpTBy9ACnNqiGu2ym9FC1pRHe2FgTjxEegBsj3CZBB4ZLl1
YF4VoTpK7VWNYVI5L+Ke4zv5NvVe0Oe4gvMWKhyqr9sV9YrsDupxEXdmdxcUtfhF
hsFYpe2+z3Cvysv5ve5H0VrybKCx8zKjkn1T8RBJ+r5pEBZVAchZ
-----END CERTIFICATE-----