Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aga7nIEhJZyHRivgK-hJvYFaeBU.roa
File:                     aga7nIEhJZyHRivgK-hJvYFaeBU.roa (raw, json)
Hash identifier:          azX++tt+5POlBJ6Tx7QwJhstcS3rjOafvAfcuzCsQxI=
Subject key identifier:   6A:06:BB:9C:81:21:25:9C:87:46:2B:E0:2B:E8:49:BD:81:5A:78:15
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019A2F7980C232BA9D5BE5605D3959857811
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aga7nIEhJZyHRivgK-hJvYFaeBU.roa
Signing time:             Wed 29 Oct 2025 10:18:03 +0000
ROA not before:           Wed 29 Oct 2025 10:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        194.231.139.0/24 maxlen: 24
                          194.231.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:79:80:c2:32:ba:9d:5b:e5:60:5d:39:59:85:78:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 29 10:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a06bb9c8121259c87462be02be849bd815a7815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c7:d8:3f:aa:7a:fa:56:d1:ba:26:17:ce:00:
                    b9:25:e7:bb:46:63:8d:ef:11:0e:53:63:d0:81:99:
                    de:31:a9:e1:f9:8e:c9:94:ae:43:fd:2d:12:fa:91:
                    a9:e6:b7:c4:1e:5d:79:d0:5b:7f:5b:68:04:ce:b8:
                    c9:55:66:91:ae:50:13:69:1c:be:a4:d5:f3:6e:da:
                    18:18:4e:5e:81:2d:d1:f5:a0:5d:98:e6:b8:dd:88:
                    4e:87:41:5d:32:3b:db:28:3f:c7:85:47:95:1c:be:
                    4f:e3:f7:b1:d8:70:81:37:6d:3c:0d:b7:db:44:f9:
                    4c:95:69:82:12:d2:d1:59:07:27:88:47:d6:55:eb:
                    a8:f0:a1:86:75:4e:21:05:34:51:88:2a:35:69:39:
                    14:88:14:8f:3f:e4:ac:73:43:ae:d3:33:07:74:51:
                    39:ef:aa:47:dc:15:0a:4f:fd:6d:d7:db:61:8f:7e:
                    6e:41:f1:4b:e9:03:10:ac:c7:94:c6:15:84:3d:bb:
                    e9:97:34:7a:79:4a:58:7b:27:65:80:5c:d2:cd:eb:
                    ba:eb:cb:6b:f1:92:b6:fc:82:15:b2:55:d7:06:23:
                    4b:71:47:96:6b:a1:b0:c0:13:62:2e:29:6f:92:40:
                    0a:4f:83:02:76:d8:50:c2:70:4a:c6:93:33:95:6e:
                    dd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:06:BB:9C:81:21:25:9C:87:46:2B:E0:2B:E8:49:BD:81:5A:78:15
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aga7nIEhJZyHRivgK-hJvYFaeBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.139.0/24
                  194.231.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:47:71:9f:5d:37:5e:23:ca:9d:3f:60:b2:cf:ce:7b:cd:fa:
         96:dd:89:bb:2c:05:2c:1a:74:d8:3a:8c:f3:fa:82:63:1b:52:
         3e:b4:c9:8e:e7:34:b7:af:d9:b9:6f:06:dc:45:63:f6:b7:64:
         2a:87:15:f6:3d:a4:44:c1:da:de:76:f3:41:04:70:cd:e8:2f:
         d1:ae:3b:d2:f3:21:7e:6a:58:ba:a2:90:2d:f3:91:7d:b2:6e:
         28:d5:7f:f1:46:70:2b:f6:90:4f:c9:39:75:f1:91:a3:75:e9:
         9e:b2:4a:e9:17:b0:8a:e0:93:b6:31:e1:76:ca:d3:75:5a:40:
         c6:ba:6c:f1:d2:5f:6a:0a:16:96:e5:db:93:35:a6:2c:78:7a:
         e6:6e:02:3f:52:14:68:25:10:dd:22:6e:17:9c:2f:8c:7b:2c:
         eb:fe:03:41:67:5a:79:43:4c:4d:9e:bd:f9:e5:80:cf:a8:0e:
         ed:15:86:34:4f:1b:1d:ab:c7:22:80:46:27:6f:7a:71:96:4f:
         29:85:c9:96:f9:be:e6:54:58:bb:0d:6c:0b:2b:7a:2a:a4:7b:
         96:da:d8:96:a3:9a:40:9d:cc:32:74:34:a2:f3:18:8b:fa:e0:
         da:58:41:9c:e6:4d:f6:a4:7f:b5:57:bd:5c:0c:9f:68:05:df:
         b2:9f:6f:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoveYDCMrqdW+VgXTlZhXgRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDI5MTAxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA2YmI5YzgxMjEyNTljODc0NjJiZTAyYmU4NDliZDgxNWE3ODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cfYP6p6+lbRuiYXzgC5Jee7RmON
7xEOU2PQgZneManh+Y7JlK5D/S0S+pGp5rfEHl150Ft/W2gEzrjJVWaRrlATaRy+
pNXzbtoYGE5egS3R9aBdmOa43YhOh0FdMjvbKD/HhUeVHL5P4/ex2HCBN208Dbfb
RPlMlWmCEtLRWQcniEfWVeuo8KGGdU4hBTRRiCo1aTkUiBSPP+Ssc0Ou0zMHdFE5
76pH3BUKT/1t19thj35uQfFL6QMQrMeUxhWEPbvplzR6eUpYeydlgFzSzeu668tr
8ZK2/IIVslXXBiNLcUeWa6GwwBNiLilvkkAKT4MCdthQwnBKxpMzlW7djwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGoGu5yBISWch0Yr4CvoSb2BWngVMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYWdhN25JRWhKWnlIUml2Z0staEp2WUZhZUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwueLAwQA
wueeMA0GCSqGSIb3DQEBCwUAA4IBAQCfR3GfXTdeI8qdP2Cyz857zfqW3Ym7LAUs
GnTYOozz+oJjG1I+tMmO5zS3r9m5bwbcRWP2t2QqhxX2PaREwdredvNBBHDN6C/R
rjvS8yF+ali6opAt85F9sm4o1X/xRnAr9pBPyTl18ZGjdemeskrpF7CK4JO2MeF2
ytN1WkDGumzx0l9qChaW5duTNaYseHrmbgI/UhRoJRDdIm4XnC+Meyzr/gNBZ1p5
Q0xNnr355YDPqA7tFYY0Txsdq8cigEYnb3pxlk8phcmW+b7mVFi7DWwLK3oqpHuW
2tiWo5pAncwydDSi8xiL+uDaWEGc5k32pH+1V71cDJ9oBd+yn2/A
-----END CERTIFICATE-----