Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/K_nThvB1QPa-NFO1MbnkStYXpDE.roa
File:                     K_nThvB1QPa-NFO1MbnkStYXpDE.roa (raw, json)
Hash identifier:          bCk5SP6F3IPvXuHnQeP0koJlhnPuxSRpq2HC4wbee3g=
Subject key identifier:   2B:F9:D3:86:F0:75:40:F6:BE:34:53:B5:31:B9:E4:4A:D6:17:A4:31
Certificate issuer:       /CN=3ee770f47fd903925d80ac58e05e076f3baa110b
Certificate serial:       0199E1884050CF072E33A3AE57DB4487EDFF
Authority key identifier: 3E:E7:70:F4:7F:D9:03:92:5D:80:AC:58:E0:5E:07:6F:3B:AA:11:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/K_nThvB1QPa-NFO1MbnkStYXpDE.roa
Signing time:             Tue 14 Oct 2025 07:03:46 +0000
ROA not before:           Tue 14 Oct 2025 07:03:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.38.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:88:40:50:cf:07:2e:33:a3:ae:57:db:44:87:ed:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee770f47fd903925d80ac58e05e076f3baa110b
        Validity
            Not Before: Oct 14 07:03:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bf9d386f07540f6be3453b531b9e44ad617a431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:95:d1:07:17:35:77:8f:98:04:68:b9:0f:1f:
                    92:62:cd:ac:44:e4:72:92:42:fb:d8:16:43:0a:32:
                    e5:6b:2f:a1:c8:c9:d6:93:76:65:8a:d3:80:b7:34:
                    45:4a:d5:b1:95:1c:a1:43:9e:a7:a2:cd:57:ed:11:
                    b4:e8:a5:b3:12:83:04:db:ec:2a:4d:bc:13:8a:ce:
                    d0:13:9e:b5:7d:26:d9:de:5b:2b:89:34:79:0d:49:
                    76:2a:4c:a0:69:9b:c0:0f:47:82:5c:bd:54:42:4e:
                    0a:97:54:c5:a6:41:7e:7d:84:b2:58:94:01:37:01:
                    ad:b7:71:ce:cb:0a:40:46:07:28:b2:a0:d1:89:89:
                    25:0d:41:5d:d8:78:89:90:2f:dc:45:77:8a:89:d8:
                    f7:89:4a:d0:94:09:18:c6:6d:f4:a8:eb:ec:e5:17:
                    ca:ca:b7:35:69:b3:43:37:9c:6c:8c:ef:56:9a:af:
                    49:ca:39:78:22:8d:ac:83:d0:84:e4:3d:d3:cf:0b:
                    3d:68:18:f3:70:0f:e6:6d:6e:df:a2:cd:f5:a6:6d:
                    64:77:f2:ee:3c:5c:c6:b7:6c:1f:cb:85:b3:c6:cf:
                    20:ed:26:3b:01:60:87:24:a4:09:6f:14:c0:30:92:
                    f9:86:8e:12:6a:7d:ef:fd:8a:e6:28:a6:1c:51:3d:
                    ea:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F9:D3:86:F0:75:40:F6:BE:34:53:B5:31:B9:E4:4A:D6:17:A4:31
            X509v3 Authority Key Identifier:
                keyid:3E:E7:70:F4:7F:D9:03:92:5D:80:AC:58:E0:5E:07:6F:3B:AA:11:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/K_nThvB1QPa-NFO1MbnkStYXpDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:e5:b2:86:ab:5b:8c:a6:f7:e2:f7:cd:e1:b8:ae:7a:d1:ff:
         d0:6a:c0:c5:d0:66:8e:41:4a:40:75:4a:1d:cc:0e:11:7e:30:
         d7:91:39:22:70:56:9d:83:89:e0:06:38:04:85:56:a9:0e:84:
         3d:7c:e1:18:76:7b:de:ba:17:53:90:3d:45:da:ab:41:bf:8e:
         b7:58:6a:5e:a4:4c:c0:66:d4:52:b0:5e:f9:2b:c6:14:e2:de:
         3a:76:fb:6b:a4:7f:c8:88:9a:3b:c0:09:1f:28:67:23:a4:37:
         a4:79:8b:82:b5:84:8c:dc:8e:7e:6c:92:89:2c:1d:04:35:39:
         0a:95:95:29:1d:4e:26:08:58:56:49:1f:be:0f:d8:7a:db:bf:
         45:35:1d:23:d3:62:1d:7a:29:db:4f:7b:ed:5f:ab:6f:71:6f:
         27:33:fc:d6:54:a7:ca:6c:04:44:fa:b7:af:ac:bb:15:df:33:
         7b:90:5f:1e:65:36:d0:c0:cd:07:c7:d6:f7:f3:1c:64:1d:51:
         ca:38:16:a4:d7:8a:17:4a:47:73:61:a8:d8:67:5c:85:93:19:
         4f:be:12:a3:a4:e7:99:ea:62:1e:c0:d3:8f:71:c5:c2:73:33:
         54:b9:b9:eb:20:ca:40:80:31:e1:88:6e:f5:19:bf:79:fe:84:
         c7:55:2e:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnhiEBQzwcuM6OuV9tEh+3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTc3MGY0N2ZkOTAzOTI1ZDgwYWM1OGUwNWUwNzZmM2Jh
YTExMGIwHhcNMjUxMDE0MDcwMzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmY5ZDM4NmYwNzU0MGY2YmUzNDUzYjUzMWI5ZTQ0YWQ2MTdhNDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJXRBxc1d4+YBGi5Dx+SYs2sRORy
kkL72BZDCjLlay+hyMnWk3ZlitOAtzRFStWxlRyhQ56nos1X7RG06KWzEoME2+wq
TbwTis7QE561fSbZ3lsriTR5DUl2KkygaZvAD0eCXL1UQk4Kl1TFpkF+fYSyWJQB
NwGtt3HOywpARgcosqDRiYklDUFd2HiJkC/cRXeKidj3iUrQlAkYxm30qOvs5RfK
yrc1abNDN5xsjO9Wmq9Jyjl4Io2sg9CE5D3Tzws9aBjzcA/mbW7fos31pm1kd/Lu
PFzGt2wfy4Wzxs8g7SY7AWCHJKQJbxTAMJL5ho4San3v/YrmKKYcUT3qiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCv504bwdUD2vjRTtTG55ErWF6QxMB8GA1UdIwQY
MBaAFD7ncPR/2QOSXYCsWOBeB287qhELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHVkdzlIX1pBNUpkZ0t4WTRGNEhienVxRVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi80MzQzNDQtMzIzZS00OGY4LWFkZTIt
NjI0ZjgzNjgyMTY5LzEvS19uVGh2QjFRUGEtTkZPMU1ibmtTdFlYcERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi80MzQzNDQtMzIzZS00OGY4LWFkZTItNjI0ZjgzNjgyMTY5
LzEvUHVkdzlIX1pBNUpkZ0t4WTRGNEhienVxRVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSYZMA0G
CSqGSIb3DQEBCwUAA4IBAQBr5bKGq1uMpvfi983huK560f/QasDF0GaOQUpAdUod
zA4RfjDXkTkicFadg4ngBjgEhVapDoQ9fOEYdnveuhdTkD1F2qtBv463WGpepEzA
ZtRSsF75K8YU4t46dvtrpH/IiJo7wAkfKGcjpDekeYuCtYSM3I5+bJKJLB0ENTkK
lZUpHU4mCFhWSR++D9h6279FNR0j02IdeinbT3vtX6tvcW8nM/zWVKfKbARE+rev
rLsV3zN7kF8eZTbQwM0Hx9b38xxkHVHKOBak14oXSkdzYajYZ1yFkxlPvhKjpOeZ
6mIewNOPccXCczNUubnrIMpAgDHhiG71Gb95/oTHVS4a
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:37 2025 by rpki-client