Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aQBKrlhb7KKJ2AeV_-ozk32REI4.roa
File:                     aQBKrlhb7KKJ2AeV_-ozk32REI4.roa (raw, json)
Hash identifier:          w8xMhfk/DyvECW2Vd/hnyVTfgM60z/yvFMviv4afa4Y=
Subject key identifier:   69:00:4A:AE:58:5B:EC:A2:89:D8:07:95:FF:EA:33:93:7D:91:10:8E
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019A249DF5B01B096C3B686D2DF8993B9ACB
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aQBKrlhb7KKJ2AeV_-ozk32REI4.roa
Signing time:             Mon 27 Oct 2025 07:42:03 +0000
ROA not before:           Mon 27 Oct 2025 07:42:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        194.231.192.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:24:9d:f5:b0:1b:09:6c:3b:68:6d:2d:f8:99:3b:9a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 27 07:42:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69004aae585beca289d80795ffea33937d91108e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9b:c8:ed:ca:10:94:68:6f:23:4a:b1:f8:ee:
                    99:07:52:d7:72:61:00:58:1a:0f:3e:4d:4f:f9:66:
                    32:4e:5c:16:18:37:24:1c:81:02:8a:06:cb:ea:a1:
                    cf:3d:93:54:fe:ca:b3:03:78:db:86:02:fa:94:a8:
                    10:2b:d3:0e:b7:7e:fd:9e:5a:8a:38:4e:e5:cb:3d:
                    25:2a:6a:ec:16:da:bb:92:ab:4d:85:42:4e:17:60:
                    51:4b:a9:55:8c:30:7b:30:bf:e3:ef:21:20:54:38:
                    d4:38:1c:75:02:e8:94:b8:25:f4:38:bf:e6:95:47:
                    3d:5f:6c:66:26:82:f8:d7:69:c4:5e:bc:03:a6:c8:
                    db:f1:7e:91:73:87:83:16:94:2c:33:87:ad:cb:af:
                    ca:65:b8:3a:93:c2:67:1f:e1:17:fc:7b:f2:ae:0d:
                    e4:da:ea:84:a4:4a:1a:bb:f0:ac:98:b1:17:e7:98:
                    01:35:6f:c9:c0:bb:7d:c6:6b:74:ab:48:9c:ad:f4:
                    b4:f4:88:cc:ef:b5:01:ea:62:be:f3:ec:ee:f2:1c:
                    fa:a5:6e:f1:a6:75:5d:92:b5:e4:d3:c8:50:13:34:
                    c8:5e:04:dd:5a:f0:da:b7:bc:b4:09:98:de:43:c8:
                    c2:d3:61:6d:20:a3:c0:d8:c1:5b:44:38:df:e9:b7:
                    72:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:00:4A:AE:58:5B:EC:A2:89:D8:07:95:FF:EA:33:93:7D:91:10:8E
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aQBKrlhb7KKJ2AeV_-ozk32REI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:d9:f4:07:5a:08:68:5d:3f:1a:2f:34:d4:a8:8b:d7:a6:ca:
         b1:3f:e4:bb:1a:c5:79:35:19:70:b7:f9:b7:4d:0e:cd:c3:bd:
         70:03:b2:3c:de:a8:a9:f1:53:dd:67:22:a5:aa:77:bd:63:cc:
         75:ed:20:67:27:f5:d6:7b:29:fb:ea:be:a1:42:04:e8:6a:3b:
         fa:38:69:f1:b3:cd:e0:8f:15:06:a3:44:b8:bc:7a:0f:f6:d2:
         5d:63:7d:64:f8:34:7a:99:0a:a2:77:ce:24:a3:eb:1e:45:05:
         65:2b:bb:10:93:87:0b:c3:7d:bb:bc:a3:bf:e8:d0:c7:d8:b2:
         24:aa:da:74:7a:ce:db:9a:2e:dd:cb:f9:34:1b:a8:c8:bd:ba:
         bf:f6:35:b2:e9:64:c4:f6:86:92:6c:73:14:6e:0d:7b:79:c8:
         32:96:47:d0:78:97:fa:c8:82:bb:26:19:f1:f1:ab:f3:da:a7:
         e7:a4:1c:f1:29:e3:f7:97:49:b3:74:14:48:ba:a6:0e:9c:b2:
         64:c0:38:0e:8c:1c:3c:c4:3c:82:63:f2:8a:99:05:31:7c:54:
         a3:50:d7:5f:f6:7a:b2:40:3a:00:a3:5e:9f:54:58:73:c0:c5:
         3a:11:71:86:2c:59:e6:36:27:4e:ab:46:6a:ca:db:d5:ae:5e:
         d5:4e:54:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoknfWwGwlsO2htLfiZO5rLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDI3MDc0MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAwNGFhZTU4NWJlY2EyODlkODA3OTVmZmVhMzM5MzdkOTExMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJvI7coQlGhvI0qx+O6ZB1LXcmEA
WBoPPk1P+WYyTlwWGDckHIECigbL6qHPPZNU/sqzA3jbhgL6lKgQK9MOt379nlqK
OE7lyz0lKmrsFtq7kqtNhUJOF2BRS6lVjDB7ML/j7yEgVDjUOBx1AuiUuCX0OL/m
lUc9X2xmJoL412nEXrwDpsjb8X6Rc4eDFpQsM4ety6/KZbg6k8JnH+EX/Hvyrg3k
2uqEpEoau/CsmLEX55gBNW/JwLt9xmt0q0icrfS09IjM77UB6mK+8+zu8hz6pW7x
pnVdkrXk08hQEzTIXgTdWvDat7y0CZjeQ8jC02FtIKPA2MFbRDjf6bdymQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkASq5YW+yiidgHlf/qM5N9kRCOMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYVFCS3JsaGI3S0tKMkFlVl8tb3prMzJSRUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwufAMA0G
CSqGSIb3DQEBCwUAA4IBAQBh2fQHWghoXT8aLzTUqIvXpsqxP+S7GsV5NRlwt/m3
TQ7Nw71wA7I83qip8VPdZyKlqne9Y8x17SBnJ/XWeyn76r6hQgToajv6OGnxs83g
jxUGo0S4vHoP9tJdY31k+DR6mQqid84ko+seRQVlK7sQk4cLw327vKO/6NDH2LIk
qtp0es7bmi7dy/k0G6jIvbq/9jWy6WTE9oaSbHMUbg17ecgylkfQeJf6yIK7Jhnx
8avz2qfnpBzxKeP3l0mzdBRIuqYOnLJkwDgOjBw8xDyCY/KKmQUxfFSjUNdf9nqy
QDoAo16fVFhzwMU6EXGGLFnmNidOq0ZqytvVrl7VTlTx
-----END CERTIFICATE-----