Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1-Y0rdkdsOlZCp4zCelMCMUJg4J8.roa
File:                     1-Y0rdkdsOlZCp4zCelMCMUJg4J8.roa (raw, json)
Hash identifier:          SzphO213jfbxreBNWtwNEfeT2Nckv1wOef9CyrTOIQA=
Subject key identifier:   F9:8D:2B:76:47:6C:3A:56:42:A7:8C:C2:7A:53:02:31:42:60:E0:9F
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0198339BCF500B1A038261968C7097AB0373
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1-Y0rdkdsOlZCp4zCelMCMUJg4J8.roa
Signing time:             Tue 22 Jul 2025 19:28:25 +0000
ROA not before:           Tue 22 Jul 2025 19:28:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3308
IP address blocks:        194.231.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 00:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:33:9b:cf:50:0b:1a:03:82:61:96:8c:70:97:ab:03:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jul 22 19:28:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f98d2b76476c3a5642a78cc27a5302314260e09f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:17:7e:af:f3:bc:b2:6e:cd:32:9a:fc:fa:bd:
                    a9:f1:6a:33:54:51:71:f7:34:3f:b2:58:6e:1b:80:
                    d6:1a:a9:ef:36:25:cc:95:ec:3f:7c:75:a5:d4:a3:
                    35:01:c1:ec:e0:43:4a:cf:93:13:c6:85:fe:a8:00:
                    cc:ba:1b:28:ef:0e:a0:03:5a:22:61:f6:83:ad:e8:
                    e0:89:19:e0:e6:53:c7:db:92:69:ac:1f:58:c4:0c:
                    cc:3d:6e:18:d6:69:c9:92:e1:7d:b6:b1:c9:78:9b:
                    09:7d:06:bb:46:72:9f:bc:44:55:24:5e:6f:13:85:
                    39:fa:01:ce:9c:06:f7:bc:7c:e5:d7:e2:18:fd:00:
                    d4:b7:68:70:8e:b6:ad:e2:90:a0:61:72:6b:2a:cd:
                    7a:0e:f2:e5:96:32:b8:49:d8:30:b2:ca:8f:22:fb:
                    80:40:b2:6f:79:8b:03:a8:9d:ff:8a:a8:62:49:e3:
                    bc:59:49:79:6c:f0:f6:ca:5c:34:45:fb:1b:0f:dc:
                    95:c5:d9:57:57:cb:77:94:28:a8:9d:ee:b9:99:cc:
                    71:a9:45:98:8d:c1:77:f4:ee:7c:ea:3f:aa:c3:02:
                    ba:45:98:52:ae:5a:80:b1:e4:43:9b:07:9b:36:84:
                    a7:df:fe:79:99:10:20:c2:0f:da:49:56:db:bc:39:
                    99:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:8D:2B:76:47:6C:3A:56:42:A7:8C:C2:7A:53:02:31:42:60:E0:9F
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1-Y0rdkdsOlZCp4zCelMCMUJg4J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:c1:7e:05:4e:77:2c:53:d9:f6:51:e1:db:8d:e7:29:11:30:
         58:8c:b4:2f:ba:48:a5:87:5a:93:b3:16:b4:f8:13:dd:87:9c:
         8f:c6:ea:48:ea:02:24:fd:bb:6b:45:c1:36:a1:f7:e0:d8:a1:
         55:f8:20:4d:1f:d2:f9:f9:78:65:22:5c:4a:6c:69:05:d7:a0:
         af:bd:8f:60:00:0f:29:03:70:d2:6e:cc:52:78:b9:ba:44:86:
         b7:ef:5e:7f:45:8f:a8:c9:cf:38:90:6a:7a:fa:77:61:1b:f0:
         e5:3f:aa:b1:9e:14:c0:a7:fe:9c:1b:52:67:07:45:a9:43:40:
         44:48:be:9d:57:b6:cc:32:01:b7:55:7b:f8:aa:f1:d3:99:5e:
         f5:d5:a4:54:09:2e:01:44:2b:60:1f:99:3e:98:12:e2:2a:47:
         a1:e0:2d:66:0d:42:cc:eb:2f:b2:50:9c:db:ca:3d:3f:a3:7d:
         70:89:30:57:ce:6d:62:58:a9:2f:16:98:83:0d:03:ed:de:e8:
         af:af:93:3f:b4:69:30:5d:4b:3c:27:63:53:25:0f:89:48:43:
         e6:f1:6f:db:21:09:17:67:6f:23:1b:f2:24:a0:96:a2:5d:69:
         d1:bf:9c:9a:33:a6:3d:40:41:3e:86:6f:4f:ce:b0:19:8e:1d:
         22:78:8f:72
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgzm89QCxoDgmGWjHCXqwNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNzIyMTkyODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOThkMmI3NjQ3NmMzYTU2NDJhNzhjYzI3YTUzMDIzMTQyNjBlMDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRd+r/O8sm7NMpr8+r2p8WozVFFx
9zQ/slhuG4DWGqnvNiXMlew/fHWl1KM1AcHs4ENKz5MTxoX+qADMuhso7w6gA1oi
YfaDrejgiRng5lPH25JprB9YxAzMPW4Y1mnJkuF9trHJeJsJfQa7RnKfvERVJF5v
E4U5+gHOnAb3vHzl1+IY/QDUt2hwjrat4pCgYXJrKs16DvLlljK4SdgwssqPIvuA
QLJveYsDqJ3/iqhiSeO8WUl5bPD2ylw0RfsbD9yVxdlXV8t3lCione65mcxxqUWY
jcF39O586j+qwwK6RZhSrlqAseRDmwebNoSn3/55mRAgwg/aSVbbvDmZtwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmNK3ZHbDpWQqeMwnpTAjFCYOCfMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMS1ZMHJka2RzT2xaQ3A0ekNlbE1DTVVKZzRKOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvOWQ1NGE1LTAxMzUtNGIxOC05NjFhLTBjZjEwOTNkNDU0
OC8xL0o1Ml8zMHdndmE2TllSaFdiczUyUkU1RzBYRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMLnnzAN
BgkqhkiG9w0BAQsFAAOCAQEAfMF+BU53LFPZ9lHh243nKREwWIy0L7pIpYdak7MW
tPgT3Yecj8bqSOoCJP27a0XBNqH34NihVfggTR/S+fl4ZSJcSmxpBdegr72PYAAP
KQNw0m7MUni5ukSGt+9ef0WPqMnPOJBqevp3YRvw5T+qsZ4UwKf+nBtSZwdFqUNA
REi+nVe2zDIBt1V7+Krx05le9dWkVAkuAUQrYB+ZPpgS4ipHoeAtZg1CzOsvslCc
28o9P6N9cIkwV85tYlipLxaYgw0D7d7or6+TP7RpMF1LPCdjUyUPiUhD5vFv2yEJ
F2dvIxvyJKCWol1p0b+cmjOmPUBBPoZvT86wGY4dIniPcg==
-----END CERTIFICATE-----