Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/BdJsQb2Wyhj6V0MXrOpAeFMeHNc.roa
File:                     BdJsQb2Wyhj6V0MXrOpAeFMeHNc.roa (raw, json)
Hash identifier:          BCOWfpe+Hm7MDisoXCkcr8quTvjHMSMJ8WxC+uEAJgk=
Subject key identifier:   05:D2:6C:41:BD:96:CA:18:FA:57:43:17:AC:EA:40:78:53:1E:1C:D7
Certificate issuer:       /CN=37431f1be9fdc2419098479cde457bbf79571759
Certificate serial:       019937E93AB9C4D16EE10F281BADC1D57D1E
Authority key identifier: 37:43:1F:1B:E9:FD:C2:41:90:98:47:9C:DE:45:7B:BF:79:57:17:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/BdJsQb2Wyhj6V0MXrOpAeFMeHNc.roa
Signing time:             Thu 11 Sep 2025 08:34:15 +0000
ROA not before:           Thu 11 Sep 2025 08:34:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140224
IP address blocks:        185.211.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:e9:3a:b9:c4:d1:6e:e1:0f:28:1b:ad:c1:d5:7d:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37431f1be9fdc2419098479cde457bbf79571759
        Validity
            Not Before: Sep 11 08:34:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05d26c41bd96ca18fa574317acea4078531e1cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8a:d1:0e:3b:99:fc:ef:ec:46:03:e4:97:1b:
                    28:f4:c4:70:fa:82:fe:72:42:cb:0f:50:1c:46:d6:
                    8a:12:ec:6f:73:4b:f6:9b:4b:ac:98:82:eb:6c:4b:
                    df:9f:37:7c:db:a4:fd:24:88:5e:9e:db:b6:98:14:
                    a0:6c:81:a4:d0:43:64:89:5b:f2:ad:b2:40:e6:e3:
                    b3:16:8d:7a:15:30:c6:9f:57:f4:85:df:bd:4c:8e:
                    8f:db:dc:f3:6d:c8:ea:a7:85:8d:99:3b:4c:7f:77:
                    96:d1:94:a1:88:ae:6f:67:cb:5b:16:48:81:69:cc:
                    9a:24:ab:89:e9:eb:8a:46:f2:06:56:06:33:0f:a4:
                    01:df:60:33:69:70:31:d0:d5:24:ee:01:ef:64:a0:
                    e8:20:5c:39:9f:71:6a:91:df:44:4a:59:db:41:e8:
                    c1:42:97:29:72:26:3d:ac:d6:f5:75:17:54:d9:ff:
                    8a:d1:b2:ce:1d:0e:d3:27:67:1e:ac:05:7a:53:3c:
                    db:ab:2d:9e:22:57:ae:2d:32:6a:22:02:f3:dc:d5:
                    08:1c:12:1c:a9:f3:97:ea:e4:61:33:5e:a6:68:00:
                    bb:4b:26:5b:6c:3a:ec:01:27:76:de:03:88:ab:73:
                    15:68:54:a9:a6:59:ea:b4:eb:f0:c0:b1:f1:21:a6:
                    6a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:D2:6C:41:BD:96:CA:18:FA:57:43:17:AC:EA:40:78:53:1E:1C:D7
            X509v3 Authority Key Identifier:
                keyid:37:43:1F:1B:E9:FD:C2:41:90:98:47:9C:DE:45:7B:BF:79:57:17:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/BdJsQb2Wyhj6V0MXrOpAeFMeHNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:81:e6:cb:2c:33:7e:83:be:82:e7:ab:d9:03:68:dd:fa:bd:
         d5:94:25:87:37:8a:13:63:83:c0:bb:a0:e4:3c:16:f1:d4:7a:
         54:46:32:30:c9:be:1e:e1:54:eb:ea:71:0f:50:66:4c:34:db:
         39:84:28:ca:96:c8:4a:e2:5c:2b:af:a1:ba:17:cb:ab:51:93:
         66:17:c3:3d:b6:8c:dc:e4:94:b7:64:32:f6:26:18:8c:b4:dd:
         e5:e0:98:01:9f:fa:1e:f7:bb:14:31:cb:d1:b8:59:c1:d0:df:
         8b:d8:df:59:f8:d2:a5:d9:50:7a:0a:e8:c0:65:0e:c6:4e:48:
         d7:2f:ca:87:58:c6:c2:9b:07:6a:68:3e:58:b4:15:ff:3a:19:
         f5:55:26:53:b5:c5:71:6d:c7:43:8f:f3:61:e8:0e:ab:37:35:
         74:9b:c0:da:e9:64:4b:7e:86:33:28:9e:ef:6c:df:f4:e0:5d:
         f1:54:9f:83:bb:b1:c1:28:25:a7:f9:6d:8e:5e:9d:a3:ab:49:
         bd:8b:98:89:a1:52:8b:a9:9c:01:60:e9:d9:2f:fb:1e:d3:80:
         09:c8:75:ad:50:9c:e2:4b:05:a9:e2:8a:52:8f:fa:94:57:aa:
         a3:04:84:a0:99:bb:7e:16:a8:a8:07:db:3a:c9:63:39:7b:3b:
         fa:29:d6:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk36Tq5xNFu4Q8oG63B1X0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NDMxZjFiZTlmZGMyNDE5MDk4NDc5Y2RlNDU3YmJmNzk1
NzE3NTkwHhcNMjUwOTExMDgzNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQyNmM0MWJkOTZjYTE4ZmE1NzQzMTdhY2VhNDA3ODUzMWUxY2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4rRDjuZ/O/sRgPklxso9MRw+oL+
ckLLD1AcRtaKEuxvc0v2m0usmILrbEvfnzd826T9JIhentu2mBSgbIGk0ENkiVvy
rbJA5uOzFo16FTDGn1f0hd+9TI6P29zzbcjqp4WNmTtMf3eW0ZShiK5vZ8tbFkiB
acyaJKuJ6euKRvIGVgYzD6QB32AzaXAx0NUk7gHvZKDoIFw5n3Fqkd9ESlnbQejB
QpcpciY9rNb1dRdU2f+K0bLOHQ7TJ2cerAV6Uzzbqy2eIleuLTJqIgLz3NUIHBIc
qfOX6uRhM16maAC7SyZbbDrsASd23gOIq3MVaFSpplnqtOvwwLHxIaZq7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXSbEG9lsoY+ldDF6zqQHhTHhzXMB8GA1UdIwQY
MBaAFDdDHxvp/cJBkJhHnN5Fe795VxdZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjBNZkctbjl3a0dRbUVlYzNrVjd2M2xYRjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iNTM1NDctZDM0MC00MzkyLWFmNDYt
NjE1OTYxMzEyYjUyLzEvQmRKc1FiMld5aGo2VjBNWHJPcEFlRk1lSE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iNTM1NDctZDM0MC00MzkyLWFmNDYtNjE1OTYxMzEyYjUy
LzEvTjBNZkctbjl3a0dRbUVlYzNrVjd2M2xYRjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudOGMA0G
CSqGSIb3DQEBCwUAA4IBAQAbgebLLDN+g76C56vZA2jd+r3VlCWHN4oTY4PAu6Dk
PBbx1HpURjIwyb4e4VTr6nEPUGZMNNs5hCjKlshK4lwrr6G6F8urUZNmF8M9tozc
5JS3ZDL2JhiMtN3l4JgBn/oe97sUMcvRuFnB0N+L2N9Z+NKl2VB6CujAZQ7GTkjX
L8qHWMbCmwdqaD5YtBX/Ohn1VSZTtcVxbcdDj/Nh6A6rNzV0m8Da6WRLfoYzKJ7v
bN/04F3xVJ+Du7HBKCWn+W2OXp2jq0m9i5iJoVKLqZwBYOnZL/se04AJyHWtUJzi
SwWp4opSj/qUV6qjBISgmbt+FqioB9s6yWM5ezv6KdaW
-----END CERTIFICATE-----