Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/hTqER8lEam9CCl5NIiQaUpJ8rf4.roa
File:                     hTqER8lEam9CCl5NIiQaUpJ8rf4.roa (raw, json)
Hash identifier:          9wP+fA/D6X4X3SoIN61o3QGU1yAgsnrrfT3p4Jwbdys=
Subject key identifier:   85:3A:84:47:C9:44:6A:6F:42:0A:5E:4D:22:24:1A:52:92:7C:AD:FE
Certificate issuer:       /CN=04bec7578450f945d4f334df600c61a6f47232f2
Certificate serial:       0199AA05ACFD8FE981CB50E6F11686557C69
Authority key identifier: 04:BE:C7:57:84:50:F9:45:D4:F3:34:DF:60:0C:61:A6:F4:72:32:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/hTqER8lEam9CCl5NIiQaUpJ8rf4.roa
Signing time:             Fri 03 Oct 2025 12:22:02 +0000
ROA not before:           Fri 03 Oct 2025 12:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212904
IP address blocks:        185.243.29.0/24 maxlen: 24
                          185.243.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:aa:05:ac:fd:8f:e9:81:cb:50:e6:f1:16:86:55:7c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04bec7578450f945d4f334df600c61a6f47232f2
        Validity
            Not Before: Oct  3 12:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=853a8447c9446a6f420a5e4d22241a52927cadfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8b:54:a9:a6:d8:af:58:3f:9a:5c:d7:7c:fd:
                    08:91:94:16:a9:ab:cb:88:4e:2c:0e:40:3a:db:63:
                    d0:2d:40:5e:ad:12:0b:0a:8b:d3:c7:f1:a5:3b:d6:
                    9f:1d:99:d3:56:d8:90:bb:5a:19:e3:be:95:fd:1d:
                    6f:04:5d:c6:50:bd:d8:6c:0e:8e:cc:e0:f6:c5:14:
                    71:2a:4f:e1:12:b8:1d:88:85:bb:cf:79:ac:6f:0d:
                    c9:75:eb:0f:e2:1c:ff:0e:b8:dc:47:07:fe:14:a4:
                    d6:9d:62:dc:6a:52:d6:4f:8f:a4:26:81:44:d0:c7:
                    4f:1b:48:41:c3:50:75:62:7a:8f:d4:46:28:9d:18:
                    90:8f:9f:d2:61:9f:af:48:5b:30:62:d1:7d:c9:96:
                    6c:e8:ee:6a:98:92:6c:21:11:b6:27:2b:6f:56:5e:
                    0b:05:78:52:10:ef:3c:48:0f:d5:23:2d:04:c8:8b:
                    ce:dc:8d:c8:83:e4:90:14:e1:02:d9:88:42:de:e9:
                    7b:95:e4:7e:28:56:0c:28:f7:8f:e3:e2:8a:ad:10:
                    73:b7:08:0f:a4:7c:57:67:6b:10:de:dc:ae:24:2d:
                    0c:3a:fe:ae:ab:5c:29:5a:d0:9c:92:e2:79:21:7e:
                    18:91:20:c6:9e:bc:d1:0e:e2:3c:5e:83:ad:8b:85:
                    e8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:3A:84:47:C9:44:6A:6F:42:0A:5E:4D:22:24:1A:52:92:7C:AD:FE
            X509v3 Authority Key Identifier:
                keyid:04:BE:C7:57:84:50:F9:45:D4:F3:34:DF:60:0C:61:A6:F4:72:32:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/hTqER8lEam9CCl5NIiQaUpJ8rf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.29.0-185.243.30.255

    Signature Algorithm: sha256WithRSAEncryption
         40:91:21:50:8a:78:0a:01:02:4c:4e:90:1a:d5:d7:b1:71:f1:
         f4:b4:5d:fc:8e:ae:49:3c:e6:b5:2d:0a:6f:0a:5d:0b:3b:26:
         2d:14:53:f1:f7:e7:e0:78:fe:46:68:6c:75:41:68:e5:9f:fd:
         be:45:6b:56:08:10:9c:6f:1a:e0:2d:47:a4:59:7f:db:bf:b3:
         4d:65:68:d5:e4:dc:54:f5:7d:eb:61:bd:a2:e0:b6:72:0b:79:
         8e:40:ae:9a:58:62:31:6b:f8:01:56:01:3f:2f:de:ef:89:92:
         1a:a9:6f:4f:3c:0b:49:2e:05:10:1f:e7:2a:43:2f:89:d8:cc:
         ee:cb:db:3c:05:0e:80:c0:69:21:07:e8:aa:37:ea:69:61:fe:
         60:41:c1:81:68:4d:2c:61:b2:9a:19:7c:85:c2:84:0e:3b:da:
         ad:48:24:19:f9:98:99:78:52:f9:c5:83:72:a6:21:43:4c:97:
         ce:59:97:27:3b:3e:57:08:c0:fe:f3:f3:f6:97:87:65:0e:b2:
         0a:ab:bd:9f:77:ac:9f:82:4b:59:42:9f:c8:3a:60:f6:a0:4e:
         4d:f9:93:1f:1a:b1:76:10:60:cf:63:fe:00:40:f4:c0:be:b6:
         36:b3:9d:ee:cb:71:e0:77:eb:21:0c:e1:a9:8b:75:ba:5b:93:
         3b:1d:f0:5c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZmqBaz9j+mBy1Dm8RaGVXxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YmVjNzU3ODQ1MGY5NDVkNGYzMzRkZjYwMGM2MWE2ZjQ3
MjMyZjIwHhcNMjUxMDAzMTIyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNhODQ0N2M5NDQ2YTZmNDIwYTVlNGQyMjI0MWE1MjkyN2NhZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlItUqabYr1g/mlzXfP0IkZQWqavL
iE4sDkA622PQLUBerRILCovTx/GlO9afHZnTVtiQu1oZ476V/R1vBF3GUL3YbA6O
zOD2xRRxKk/hErgdiIW7z3msbw3JdesP4hz/DrjcRwf+FKTWnWLcalLWT4+kJoFE
0MdPG0hBw1B1YnqP1EYonRiQj5/SYZ+vSFswYtF9yZZs6O5qmJJsIRG2JytvVl4L
BXhSEO88SA/VIy0EyIvO3I3Ig+SQFOEC2YhC3ul7leR+KFYMKPeP4+KKrRBztwgP
pHxXZ2sQ3tyuJC0MOv6uq1wpWtCckuJ5IX4YkSDGnrzRDuI8XoOti4XoHwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIU6hEfJRGpvQgpeTSIkGlKSfK3+MB8GA1UdIwQY
MBaAFAS+x1eEUPlF1PM032AMYab0cjLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkw3SFY0UlEtVVhVOHpUZllBeGhwdlJ5TXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNDI4ZTctNjUzYy00NmM3LTk3M2Yt
OWRiNjE0Y2IxMjdhLzEvaFRxRVI4bEVhbTlDQ2w1TklpUWFVcEo4cmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNDI4ZTctNjUzYy00NmM3LTk3M2YtOWRiNjE0Y2IxMjdh
LzEvQkw3SFY0UlEtVVhVOHpUZllBeGhwdlJ5TXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC58x0D
BAC58x4wDQYJKoZIhvcNAQELBQADggEBAECRIVCKeAoBAkxOkBrV17Fx8fS0XfyO
rkk85rUtCm8KXQs7Ji0UU/H35+B4/kZobHVBaOWf/b5Fa1YIEJxvGuAtR6RZf9u/
s01laNXk3FT1fethvaLgtnILeY5ArppYYjFr+AFWAT8v3u+Jkhqpb088C0kuBRAf
5ypDL4nYzO7L2zwFDoDAaSEH6Ko36mlh/mBBwYFoTSxhspoZfIXChA472q1IJBn5
mJl4UvnFg3KmIUNMl85Zlyc7PlcIwP7z8/aXh2UOsgqrvZ93rJ+CS1lCn8g6YPag
Tk35kx8asXYQYM9j/gBA9MC+tjazne7LceB36yEM4amLdbpbkzsd8Fw=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:52 2025 by rpki-client