Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/BXHDQCQG-wiIYBYAo9CxDsDgehg.roa
File:                     BXHDQCQG-wiIYBYAo9CxDsDgehg.roa (raw, json)
Hash identifier:          CIrUiKrFR0/gWs49aGev5B3SX1v+HzVfT2s9Wj/WzZo=
Subject key identifier:   05:71:C3:40:24:06:FB:08:88:60:16:00:A3:D0:B1:0E:C0:E0:7A:18
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       0199DCC84C68E3010E8AFD03F4E6ED55F95B
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/BXHDQCQG-wiIYBYAo9CxDsDgehg.roa
Signing time:             Mon 13 Oct 2025 08:55:38 +0000
ROA not before:           Mon 13 Oct 2025 08:55:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        212.100.164.0/22 maxlen: 22
                          212.100.172.0/22 maxlen: 22
                          212.100.180.0/22 maxlen: 22
                          212.100.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:c8:4c:68:e3:01:0e:8a:fd:03:f4:e6:ed:55:f9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Oct 13 08:55:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0571c3402406fb0888601600a3d0b10ec0e07a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:97:57:b8:07:14:ba:76:a2:f2:df:db:36:1e:
                    bb:61:fd:89:1d:9e:4a:e9:15:36:65:90:f2:26:01:
                    e1:40:69:5d:bc:20:7b:4c:b3:66:fb:f8:67:c8:a9:
                    43:77:cf:96:3b:fc:c1:91:ed:1f:42:54:b1:e6:2a:
                    f7:c0:cb:74:44:5b:69:de:91:df:aa:9d:49:ac:ce:
                    40:ad:82:0d:67:22:fc:eb:51:a5:a0:b7:48:bd:1b:
                    0c:2d:5f:a6:1a:df:a9:ab:2e:d5:a9:48:21:aa:ad:
                    86:90:19:b0:b5:2e:86:df:c3:a8:57:c2:a3:a4:bd:
                    85:f2:f2:d6:76:ef:d7:3f:6a:03:50:5d:b4:83:9a:
                    45:45:b8:ae:d2:a0:e0:e7:95:35:7b:27:04:6a:76:
                    f5:d1:94:65:0a:bb:f6:17:d2:82:d6:c7:10:1c:5a:
                    47:da:1f:0f:43:ff:10:04:91:e9:96:b1:d1:61:a0:
                    64:ed:c1:bf:8c:af:c8:83:b9:ff:8a:42:d4:cb:fe:
                    50:10:b4:6b:8e:71:d4:0d:53:ba:ad:55:b3:6d:3a:
                    e1:aa:37:77:73:9c:0b:79:53:d0:a7:be:cd:de:82:
                    72:39:9b:7d:45:d3:15:ff:5b:5d:69:0a:4d:96:2b:
                    16:1f:28:31:ce:5f:6c:ad:aa:eb:8a:71:9c:20:99:
                    09:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:71:C3:40:24:06:FB:08:88:60:16:00:A3:D0:B1:0E:C0:E0:7A:18
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/BXHDQCQG-wiIYBYAo9CxDsDgehg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.164.0/22
                  212.100.172.0/22
                  212.100.180.0-212.100.187.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:26:74:89:95:e9:97:bd:96:1a:07:8c:8f:de:24:c7:d2:a6:
         8a:c2:d1:fd:d9:b5:7a:69:45:79:d3:3c:10:81:77:3d:d6:71:
         83:5e:2b:4d:cd:ff:ff:b8:6e:8c:2c:f6:ab:fe:4d:0b:56:22:
         d6:f4:07:0f:41:6f:91:b2:3d:d9:c6:33:ce:34:70:ea:1c:2d:
         89:56:02:f5:12:9d:bc:6f:3c:0d:53:a9:01:ec:aa:67:81:1f:
         b5:5e:08:81:72:eb:76:e6:67:51:fc:20:c7:28:32:81:09:78:
         76:4b:b0:99:d7:74:48:7f:a6:da:88:76:26:19:0b:2d:02:11:
         3f:21:7b:d5:58:ae:27:dc:80:1b:5f:d8:79:c8:15:ce:e0:9b:
         4c:48:8d:85:39:86:8b:96:34:eb:5f:c6:76:1d:62:a6:73:03:
         52:e5:c0:a6:67:43:98:67:c3:17:42:de:2a:ea:de:aa:00:fe:
         57:ed:c9:33:4b:53:09:fe:d4:a4:11:ed:cb:cf:4a:a3:ef:a8:
         5e:c6:17:7e:23:e5:f9:cd:ff:37:3b:51:07:bf:b9:dc:3f:30:
         44:8b:e4:c7:3c:21:39:b7:ee:00:f8:70:d2:b4:93:05:4c:83:
         f0:5e:7a:78:ba:d5:7a:0e:8c:c5:4c:0b:47:63:a0:31:85:c8:
         d6:5e:0f:74
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZncyExo4wEOiv0D9ObtVflbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUxMDEzMDg1NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcxYzM0MDI0MDZmYjA4ODg2MDE2MDBhM2QwYjEwZWMwZTA3YTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpdXuAcUunai8t/bNh67Yf2JHZ5K
6RU2ZZDyJgHhQGldvCB7TLNm+/hnyKlDd8+WO/zBke0fQlSx5ir3wMt0RFtp3pHf
qp1JrM5ArYINZyL861GloLdIvRsMLV+mGt+pqy7VqUghqq2GkBmwtS6G38OoV8Kj
pL2F8vLWdu/XP2oDUF20g5pFRbiu0qDg55U1eycEanb10ZRlCrv2F9KC1scQHFpH
2h8PQ/8QBJHplrHRYaBk7cG/jK/Ig7n/ikLUy/5QELRrjnHUDVO6rVWzbTrhqjd3
c5wLeVPQp77N3oJyOZt9RdMV/1tdaQpNlisWHygxzl9srarrinGcIJkJuwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAVxw0AkBvsIiGAWAKPQsQ7A4HoYMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvQlhIRFFDUUctd2lJWUJZQW85Q3hEc0RnZWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQC1GSkAwQC
1GSsMAwDBALUZLQDBALUZLgwDQYJKoZIhvcNAQELBQADggEBAEsmdImV6Ze9lhoH
jI/eJMfSporC0f3ZtXppRXnTPBCBdz3WcYNeK03N//+4bows9qv+TQtWItb0Bw9B
b5GyPdnGM840cOocLYlWAvUSnbxvPA1TqQHsqmeBH7VeCIFy63bmZ1H8IMcoMoEJ
eHZLsJnXdEh/ptqIdiYZCy0CET8he9VYrifcgBtf2HnIFc7gm0xIjYU5houWNOtf
xnYdYqZzA1LlwKZnQ5hnwxdC3irq3qoA/lftyTNLUwn+1KQR7cvPSqPvqF7GF34j
5fnN/zc7UQe/udw/MESL5Mc8ITm37gD4cNK0kwVMg/Beeni61XoOjMVMC0djoDGF
yNZeD3Q=
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:42 2025 by rpki-client