Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/3d70znP7o5cQ_Sr6eRmA6Vl0IBU.roa
File:                     3d70znP7o5cQ_Sr6eRmA6Vl0IBU.roa (raw, json)
Hash identifier:          j+rZf2bmlj9QYrtrhsiFdNMWtcMmhTeJyg7GtA/z7dg=
Subject key identifier:   DD:DE:F4:CE:73:FB:A3:97:10:FD:2A:FA:79:19:80:E9:59:74:20:15
Certificate issuer:       /CN=4370d3b699ac5aeff2db88a5cbc1c9d8d09c7231
Certificate serial:       0199593987F16934817B4E21352774F87F9B
Authority key identifier: 43:70:D3:B6:99:AC:5A:EF:F2:DB:88:A5:CB:C1:C9:D8:D0:9C:72:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q3DTtpmsWu_y24ily8HJ2NCccjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/3d70znP7o5cQ_Sr6eRmA6Vl0IBU.roa
Signing time:             Wed 17 Sep 2025 19:49:26 +0000
ROA not before:           Wed 17 Sep 2025 19:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211065
IP address blocks:        185.214.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/Q3DTtpmsWu_y24ily8HJ2NCccjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/Q3DTtpmsWu_y24ily8HJ2NCccjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q3DTtpmsWu_y24ily8HJ2NCccjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:59:39:87:f1:69:34:81:7b:4e:21:35:27:74:f8:7f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4370d3b699ac5aeff2db88a5cbc1c9d8d09c7231
        Validity
            Not Before: Sep 17 19:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dddef4ce73fba39710fd2afa791980e959742015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d0:1e:85:7b:2f:af:73:65:8e:6b:f1:96:d5:
                    3e:f0:d0:e3:81:e7:b7:31:9e:ba:cd:c7:b2:32:34:
                    9b:6f:9d:16:ca:e7:c0:2b:87:d1:de:24:d6:42:4c:
                    dc:f6:a4:94:13:1b:87:4e:a9:24:81:61:ef:6f:9f:
                    e3:ab:e1:25:37:21:3a:9e:be:f1:c5:79:03:88:70:
                    15:08:34:0a:a2:71:36:48:6a:7a:1f:d8:52:c0:9a:
                    d7:89:cc:3e:70:2d:c9:62:f2:48:0f:bc:9a:82:69:
                    01:ba:e8:6a:94:db:98:9b:7d:0d:ef:12:8c:7f:87:
                    8d:6f:42:74:c2:81:6d:36:42:38:7c:04:19:5d:50:
                    b7:38:f7:cb:99:69:11:19:75:c1:d9:c9:b6:09:a7:
                    39:54:93:52:58:1b:ba:81:0d:c2:c4:dd:cc:ae:a1:
                    ba:43:ec:7f:8e:c5:9c:ac:88:69:cb:0c:ac:d6:ed:
                    3a:e5:e6:82:d2:f4:26:47:7c:dc:30:89:65:1f:ea:
                    0c:89:2c:b2:a3:af:d7:e2:a6:2d:22:76:2b:ef:12:
                    ae:46:3e:0f:7a:43:0f:b8:11:b8:16:15:f4:b3:a1:
                    c5:e0:80:4f:35:63:21:a9:8e:d4:bb:74:84:1c:79:
                    04:0a:30:cc:fa:c2:8e:e6:1b:45:c2:f6:ab:be:96:
                    d6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:DE:F4:CE:73:FB:A3:97:10:FD:2A:FA:79:19:80:E9:59:74:20:15
            X509v3 Authority Key Identifier:
                keyid:43:70:D3:B6:99:AC:5A:EF:F2:DB:88:A5:CB:C1:C9:D8:D0:9C:72:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q3DTtpmsWu_y24ily8HJ2NCccjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/3d70znP7o5cQ_Sr6eRmA6Vl0IBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8efed1-8f65-4fb9-8331-145a01278948/1/Q3DTtpmsWu_y24ily8HJ2NCccjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:99:13:d2:a6:62:82:40:51:65:5e:9c:29:38:70:43:07:83:
         81:c1:5a:69:33:a9:1f:de:97:61:e7:85:84:64:52:c6:00:c8:
         3b:4e:8e:32:a6:94:d2:23:16:a9:f3:08:ff:2e:24:fd:05:66:
         96:48:2a:e5:22:62:c5:31:97:01:90:1e:87:e6:4a:ef:bc:4b:
         1d:c9:42:5f:0d:be:7c:35:22:ff:67:c1:5f:ed:52:cd:9f:b1:
         31:16:53:0c:be:dc:bd:58:d1:b0:f6:b9:89:79:b0:97:77:63:
         69:86:6e:1c:30:51:a6:4c:9b:45:39:f1:52:7d:52:61:11:54:
         5d:67:98:99:38:fd:df:1d:4b:c1:24:32:40:4d:c1:be:22:a8:
         d8:c0:ed:a3:e6:b2:c9:f8:56:02:e4:7e:28:f7:fc:b7:0b:f7:
         14:b4:1c:07:c4:02:03:a9:bf:01:c0:e3:cb:34:d6:ae:48:c0:
         02:b4:b3:5a:76:2b:73:8d:9c:14:34:19:73:cc:8d:f2:ba:05:
         a6:a8:13:76:d4:d7:2a:94:fd:d6:dd:ca:bd:16:aa:a2:e2:e6:
         a5:e2:5a:dc:27:ff:42:af:a4:98:e4:a9:ba:a5:33:0c:e2:09:
         2e:a3:bc:2f:90:b0:eb:08:5b:0d:cd:4f:a4:f5:79:64:2a:3c:
         80:96:bf:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlZOYfxaTSBe04hNSd0+H+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNzBkM2I2OTlhYzVhZWZmMmRiODhhNWNiYzFjOWQ4ZDA5
YzcyMzEwHhcNMjUwOTE3MTk0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGRlZjRjZTczZmJhMzk3MTBmZDJhZmE3OTE5ODBlOTU5NzQyMDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltAehXsvr3NljmvxltU+8NDjgee3
MZ66zceyMjSbb50WyufAK4fR3iTWQkzc9qSUExuHTqkkgWHvb5/jq+ElNyE6nr7x
xXkDiHAVCDQKonE2SGp6H9hSwJrXicw+cC3JYvJID7yagmkBuuhqlNuYm30N7xKM
f4eNb0J0woFtNkI4fAQZXVC3OPfLmWkRGXXB2cm2Cac5VJNSWBu6gQ3CxN3MrqG6
Q+x/jsWcrIhpywys1u065eaC0vQmR3zcMIllH+oMiSyyo6/X4qYtInYr7xKuRj4P
ekMPuBG4FhX0s6HF4IBPNWMhqY7Uu3SEHHkECjDM+sKO5htFwvarvpbWawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3e9M5z+6OXEP0q+nkZgOlZdCAVMB8GA1UdIwQY
MBaAFENw07aZrFrv8tuIpcvBydjQnHIxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTNEVHRwbXNXdV95MjRpbHk4SEoyTkNjY2pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84ZWZlZDEtOGY2NS00ZmI5LTgzMzEt
MTQ1YTAxMjc4OTQ4LzEvM2Q3MHpuUDdvNWNRX1NyNmVSbUE2VmwwSUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84ZWZlZDEtOGY2NS00ZmI5LTgzMzEtMTQ1YTAxMjc4OTQ4
LzEvUTNEVHRwbXNXdV95MjRpbHk4SEoyTkNjY2pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZAMA0G
CSqGSIb3DQEBCwUAA4IBAQC4mRPSpmKCQFFlXpwpOHBDB4OBwVppM6kf3pdh54WE
ZFLGAMg7To4yppTSIxap8wj/LiT9BWaWSCrlImLFMZcBkB6H5krvvEsdyUJfDb58
NSL/Z8Ff7VLNn7ExFlMMvty9WNGw9rmJebCXd2Nphm4cMFGmTJtFOfFSfVJhEVRd
Z5iZOP3fHUvBJDJATcG+IqjYwO2j5rLJ+FYC5H4o9/y3C/cUtBwHxAIDqb8BwOPL
NNauSMACtLNaditzjZwUNBlzzI3yugWmqBN21NcqlP3W3cq9Fqqi4ual4lrcJ/9C
r6SY5Km6pTMM4gkuo7wvkLDrCFsNzU+k9XlkKjyAlr/N
-----END CERTIFICATE-----