Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/KgwBKHljj7pwEemei4izTFatz2I.roa
File:                     KgwBKHljj7pwEemei4izTFatz2I.roa (raw, json)
Hash identifier:          eVDUYtbHqOXwc5M3emIOpC/IOXEvGmty2120RNJjtQI=
Subject key identifier:   2A:0C:01:28:79:63:8F:BA:70:11:E9:9E:8B:88:B3:4C:56:AD:CF:62
Certificate issuer:       /CN=dd29c370460bec753010fc7e68365c5770bf45e4
Certificate serial:       0199190073F3CD169355BBBF213E5700F197
Authority key identifier: DD:29:C3:70:46:0B:EC:75:30:10:FC:7E:68:36:5C:57:70:BF:45:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/KgwBKHljj7pwEemei4izTFatz2I.roa
Signing time:             Fri 05 Sep 2025 08:31:24 +0000
ROA not before:           Fri 05 Sep 2025 08:31:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214274
IP address blocks:        185.243.160.0/24 maxlen: 24
                          185.243.161.0/24 maxlen: 24
                          185.243.162.0/24 maxlen: 24
                          185.243.163.0/24 maxlen: 24
                          2a09:900::/47 maxlen: 47
                          2a09:900:2::/47 maxlen: 47
                          2a09:900:100::/40 maxlen: 40
                          2a09:900:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:00:73:f3:cd:16:93:55:bb:bf:21:3e:57:00:f1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd29c370460bec753010fc7e68365c5770bf45e4
        Validity
            Not Before: Sep  5 08:31:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a0c012879638fba7011e99e8b88b34c56adcf62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bb:14:99:f6:a9:2e:13:9e:8b:bd:c4:99:38:
                    1e:61:c8:d7:d1:1f:42:e9:54:6c:ee:88:71:60:1b:
                    47:1a:82:2c:90:6b:2d:90:e5:84:b6:36:68:d8:9d:
                    eb:88:8c:5e:6d:9a:77:1c:ad:ce:72:f8:9d:aa:c1:
                    d5:99:6b:fc:9c:c0:df:88:5d:c2:bf:85:6c:91:fe:
                    9a:37:a5:1c:f0:82:b4:db:19:8f:d6:7d:ef:bf:07:
                    ec:92:a3:8c:bc:64:be:18:16:58:44:ec:47:e8:77:
                    35:73:3a:33:4a:bf:62:97:af:be:ba:fa:ad:21:fb:
                    eb:41:66:41:80:53:72:a8:4c:70:71:4c:99:08:8b:
                    c2:dd:4a:29:6e:2a:c0:89:91:a8:5e:30:14:40:7e:
                    69:7c:4c:7e:09:ea:e6:fa:6b:c7:0f:02:1a:66:68:
                    85:fe:ae:e4:66:c6:ef:5e:e3:dc:f9:e2:ab:49:df:
                    78:24:32:b2:35:28:71:6c:bf:e4:a7:96:18:ff:25:
                    e9:26:a7:21:02:b1:17:5e:07:86:12:f6:f7:11:2e:
                    e9:9e:78:eb:7a:a6:e0:60:10:ce:b0:18:e5:82:a8:
                    3f:e2:d4:f4:54:2f:74:bd:57:46:51:de:30:d0:1a:
                    9c:98:8f:c4:77:60:b3:e8:dd:67:7c:f4:ef:5b:05:
                    df:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:0C:01:28:79:63:8F:BA:70:11:E9:9E:8B:88:B3:4C:56:AD:CF:62
            X509v3 Authority Key Identifier:
                keyid:DD:29:C3:70:46:0B:EC:75:30:10:FC:7E:68:36:5C:57:70:BF:45:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/KgwBKHljj7pwEemei4izTFatz2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.160.0/22
                IPv6:
                  2a09:900::/46
                  2a09:900:100::-2a09:900:2ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         67:37:00:32:f6:a0:3d:ee:78:b1:27:c6:7a:73:b3:bd:5e:25:
         3f:8a:8c:52:f8:03:ec:e4:eb:78:6f:c6:ec:9e:3c:84:25:51:
         bf:aa:7f:cb:52:31:22:4b:11:f1:78:95:f7:c9:72:82:07:5a:
         26:c1:c1:e6:e8:3c:68:16:0c:a5:64:76:55:c3:a9:d5:4e:00:
         c7:5b:b5:05:b6:19:c4:55:c9:76:28:4d:f4:ed:b7:30:8d:cf:
         a4:6e:b2:ca:47:9d:22:53:23:ce:5b:12:e0:e9:f3:bb:96:79:
         e2:97:00:17:cf:6d:68:cc:cf:da:74:43:79:19:1e:6f:3c:de:
         a0:a0:b4:78:e8:f7:98:d7:02:60:e5:57:26:f2:f9:83:76:27:
         c0:b2:bf:c1:33:5d:9d:9b:a2:53:59:ef:73:48:59:d0:c1:0a:
         5b:23:e9:78:ec:ac:4b:c3:2b:51:e0:05:fc:b8:dc:43:9f:d0:
         f1:41:39:a1:aa:d6:59:55:e5:3c:eb:ec:9f:18:e5:be:14:00:
         91:1f:07:fe:56:4c:db:fb:82:58:e7:5d:1b:09:43:ad:7c:01:
         7d:61:58:11:15:58:59:2a:f8:d5:33:3c:88:d7:83:73:a2:c6:
         da:54:3d:e9:a0:08:cd:a7:77:ac:d8:17:db:b5:5f:65:2b:16:
         cc:77:68:36
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZkZAHPzzRaTVbu/IT5XAPGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMjljMzcwNDYwYmVjNzUzMDEwZmM3ZTY4MzY1YzU3NzBi
ZjQ1ZTQwHhcNMjUwOTA1MDgzMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTBjMDEyODc5NjM4ZmJhNzAxMWU5OWU4Yjg4YjM0YzU2YWRjZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrsUmfapLhOei73EmTgeYcjX0R9C
6VRs7ohxYBtHGoIskGstkOWEtjZo2J3riIxebZp3HK3OcvidqsHVmWv8nMDfiF3C
v4Vskf6aN6Uc8IK02xmP1n3vvwfskqOMvGS+GBZYROxH6Hc1czozSr9il6++uvqt
IfvrQWZBgFNyqExwcUyZCIvC3UopbirAiZGoXjAUQH5pfEx+Cerm+mvHDwIaZmiF
/q7kZsbvXuPc+eKrSd94JDKyNShxbL/kp5YY/yXpJqchArEXXgeGEvb3ES7pnnjr
eqbgYBDOsBjlgqg/4tT0VC90vVdGUd4w0BqcmI/Ed2Cz6N1nfPTvWwXfcQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFCoMASh5Y4+6cBHpnouIs0xWrc9iMB8GA1UdIwQY
MBaAFN0pw3BGC+x1MBD8fmg2XFdwv0XkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1NuRGNFWUw3SFV3RVB4LWFEWmNWM0NfUmVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iMzAxOWMtNjZjZi00Zjk4LWE4NTYt
MTM0YzQ3Yjk0OTEzLzEvS2d3QktIbGpqN3B3RWVtZWk0aXpURmF0ejJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iMzAxOWMtNjZjZi00Zjk4LWE4NTYtMTM0YzQ3Yjk0OTEz
LzEvM1NuRGNFWUw3SFV3RVB4LWFEWmNWM0NfUmVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAMBAIAATAGAwQCufOgMCEE
AgACMBsDBwIqCQkAAAAwEAMGACoJCQABAwYAKgkJAAIwDQYJKoZIhvcNAQELBQAD
ggEBAGc3ADL2oD3ueLEnxnpzs71eJT+KjFL4A+zk63hvxuyePIQlUb+qf8tSMSJL
EfF4lffJcoIHWibBweboPGgWDKVkdlXDqdVOAMdbtQW2GcRVyXYoTfTttzCNz6Ru
sspHnSJTI85bEuDp87uWeeKXABfPbWjMz9p0Q3kZHm883qCgtHjo95jXAmDlVyby
+YN2J8Cyv8EzXZ2bolNZ73NIWdDBClsj6XjsrEvDK1HgBfy43EOf0PFBOaGq1llV
5Tzr7J8Y5b4UAJEfB/5WTNv7gljnXRsJQ618AX1hWBEVWFkq+NUzPIjXg3OixtpU
PemgCM2nd6zYF9u1X2UrFsx3aDY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:05 2025 by rpki-client