Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/a4QeMCYftgA6Sh8vPOFY7e1WqjM.roa
File:                     a4QeMCYftgA6Sh8vPOFY7e1WqjM.roa (raw, json)
Hash identifier:          iQtLFwCJG5ME8ZU6nULgEi7u9EaFwozPHxOgZe7jnMg=
Subject key identifier:   6B:84:1E:30:26:1F:B6:00:3A:4A:1F:2F:3C:E1:58:ED:ED:56:AA:33
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019A703746235A56DE9DD8C15A37CCAE5AC0
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/a4QeMCYftgA6Sh8vPOFY7e1WqjM.roa
Signing time:             Tue 11 Nov 2025 00:01:01 +0000
ROA not before:           Tue 11 Nov 2025 00:01:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        194.231.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 23:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:70:37:46:23:5a:56:de:9d:d8:c1:5a:37:cc:ae:5a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Nov 11 00:01:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b841e30261fb6003a4a1f2f3ce158eded56aa33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ee:b2:e6:5b:a4:89:dc:3a:6e:3b:6d:89:77:
                    54:51:9f:f6:d6:7d:3d:d8:40:72:64:e9:fe:e0:8c:
                    af:9f:a3:11:27:5b:51:22:b7:58:48:31:99:ef:5d:
                    3e:11:68:c9:fb:e4:68:90:bc:6e:b0:7a:91:13:bc:
                    c6:f4:35:af:37:ae:35:54:f7:51:55:81:02:47:f4:
                    14:eb:db:f9:c9:3a:6c:10:fa:bf:92:db:2e:5e:f1:
                    36:bc:10:a4:d8:f6:9e:08:d2:c3:5b:a3:12:6b:14:
                    6e:7a:ff:d4:e5:3e:89:99:74:d9:a8:71:fb:be:b2:
                    3e:bf:6f:76:fc:d2:68:92:ed:fb:72:77:9b:73:af:
                    34:51:92:b7:a7:0f:69:bb:d8:f8:43:84:cc:5d:c6:
                    5e:57:2e:b7:af:e5:f8:7b:2f:27:2c:ae:77:83:58:
                    02:99:08:18:b6:00:27:4d:88:4d:86:9b:bb:c7:ab:
                    32:07:04:93:c6:2d:ec:17:7b:89:52:93:7e:6d:57:
                    a7:09:23:db:74:89:89:85:8f:7b:3d:cd:4c:8c:07:
                    aa:68:0c:5d:07:95:62:b1:5a:a3:03:1e:59:54:b1:
                    1d:0a:e3:55:5d:0e:10:ca:60:dc:2c:a4:8a:e3:88:
                    c6:06:4c:84:b4:cc:55:b6:f6:5e:da:97:9d:97:27:
                    56:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:84:1E:30:26:1F:B6:00:3A:4A:1F:2F:3C:E1:58:ED:ED:56:AA:33
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/a4QeMCYftgA6Sh8vPOFY7e1WqjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:49:0b:2e:d9:a5:45:a3:f4:2b:b4:73:b4:1a:ca:44:47:19:
         49:de:1a:ca:b0:fb:cf:80:37:75:aa:5f:35:ac:22:92:64:61:
         20:63:d0:68:e4:fa:e8:b8:8b:5b:0c:25:61:7a:f4:38:69:b1:
         46:2d:db:2a:a8:7e:f4:48:7b:32:cc:72:0f:d8:7f:4c:37:f3:
         23:2b:e4:b1:95:5b:b6:a8:59:bb:01:60:23:08:6a:ff:ac:01:
         77:a8:9a:7f:66:ea:bc:0a:e0:0b:3b:00:ed:a4:a0:ba:56:1e:
         b5:c7:7f:41:49:a9:1e:7e:0d:8f:b0:23:ea:bb:74:05:d8:da:
         35:98:43:0e:40:af:22:f0:a4:ff:ba:b1:1c:49:8d:c9:2d:de:
         eb:c3:13:e5:1f:2d:94:c9:98:5f:b2:10:69:a0:62:59:29:22:
         e1:08:66:f3:08:ff:c1:db:c2:ca:3d:74:db:51:2a:6e:cb:17:
         96:9b:b2:94:84:af:86:41:07:35:df:b1:af:d5:c1:9e:77:8c:
         1f:fe:42:d9:fd:95:cf:7c:2a:4b:8f:fc:68:a8:9c:46:75:11:
         b9:8e:2f:3e:74:9b:ef:54:a8:1d:9d:d5:73:38:23:e1:1f:2f:
         a7:0f:10:36:61:fb:c2:9d:e3:75:ca:30:ea:47:e5:9a:69:b6:
         9c:33:06:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpwN0YjWlbendjBWjfMrlrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMTExMDAwMTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjg0MWUzMDI2MWZiNjAwM2E0YTFmMmYzY2UxNThlZGVkNTZhYTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmu6y5lukidw6bjttiXdUUZ/21n09
2EByZOn+4Iyvn6MRJ1tRIrdYSDGZ710+EWjJ++RokLxusHqRE7zG9DWvN641VPdR
VYECR/QU69v5yTpsEPq/ktsuXvE2vBCk2PaeCNLDW6MSaxRuev/U5T6JmXTZqHH7
vrI+v292/NJoku37cnebc680UZK3pw9pu9j4Q4TMXcZeVy63r+X4ey8nLK53g1gC
mQgYtgAnTYhNhpu7x6syBwSTxi3sF3uJUpN+bVenCSPbdImJhY97Pc1MjAeqaAxd
B5VisVqjAx5ZVLEdCuNVXQ4QymDcLKSK44jGBkyEtMxVtvZe2pedlydWFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuEHjAmH7YAOkofLzzhWO3tVqozMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYTRRZU1DWWZ0Z0E2U2g4dlBPRlk3ZTFXcWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwufWMA0G
CSqGSIb3DQEBCwUAA4IBAQDRSQsu2aVFo/QrtHO0GspERxlJ3hrKsPvPgDd1ql81
rCKSZGEgY9Bo5ProuItbDCVhevQ4abFGLdsqqH70SHsyzHIP2H9MN/MjK+SxlVu2
qFm7AWAjCGr/rAF3qJp/Zuq8CuALOwDtpKC6Vh61x39BSakefg2PsCPqu3QF2No1
mEMOQK8i8KT/urEcSY3JLd7rwxPlHy2UyZhfshBpoGJZKSLhCGbzCP/B28LKPXTb
USpuyxeWm7KUhK+GQQc137Gv1cGed4wf/kLZ/ZXPfCpLj/xoqJxGdRG5ji8+dJvv
VKgdndVzOCPhHy+nDxA2YfvCneN1yjDqR+WaabacMwYB
-----END CERTIFICATE-----