Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ymMYirHKTUVtmPeZEPGvk2cTCYc.roa
File:                     ymMYirHKTUVtmPeZEPGvk2cTCYc.roa (raw, json)
Hash identifier:          /YASzKkxO3OUUm9/lEMK4bfGJyLGLtSM4QJQYN2e7+I=
Subject key identifier:   CA:63:18:8A:B1:CA:4D:45:6D:98:F7:99:10:F1:AF:93:67:13:09:87
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0198339BCFD2815BF8546F79DB801A598CB8
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ymMYirHKTUVtmPeZEPGvk2cTCYc.roa
Signing time:             Tue 22 Jul 2025 19:28:25 +0000
ROA not before:           Tue 22 Jul 2025 19:28:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        194.231.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 00:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:33:9b:cf:d2:81:5b:f8:54:6f:79:db:80:1a:59:8c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jul 22 19:28:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca63188ab1ca4d456d98f79910f1af9367130987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d7:15:73:71:3b:93:ee:75:9e:a2:6f:0a:3a:
                    2d:1f:a2:ad:c1:5a:6b:ac:a7:dd:39:f6:91:6c:e8:
                    75:91:a3:d6:11:0c:f0:fc:6c:71:f4:37:34:71:b6:
                    2c:22:83:5a:11:13:1c:0d:93:40:0b:65:f0:fe:4a:
                    43:df:6f:cf:15:07:32:b1:81:d0:5c:25:95:d6:b9:
                    39:f1:54:2c:62:b3:34:43:cc:64:ad:c4:6e:e9:54:
                    db:e2:cf:55:d3:c5:00:43:e8:a9:9d:d5:d0:40:3b:
                    e2:3b:4c:4c:27:98:6d:f8:6b:9d:5c:8b:26:cd:be:
                    03:1c:b8:6f:55:77:d8:92:e5:78:1f:56:27:60:ed:
                    9b:ae:b5:e1:85:53:81:e0:5e:da:42:46:cf:4e:d7:
                    8c:d3:33:41:18:f6:ce:6d:2d:7d:2d:d9:e0:ae:ac:
                    a5:8e:90:7b:2c:d6:3b:95:cd:98:3d:b7:55:c2:db:
                    e4:8f:fe:e5:26:7f:5f:a6:22:b6:84:78:33:8a:6a:
                    29:2d:bf:41:9d:c9:17:58:94:a6:af:4a:f4:1a:cc:
                    b8:1d:6c:3e:bb:f7:3c:d8:b0:3d:45:8c:4c:ed:d9:
                    ba:d6:35:54:bd:8b:6e:00:ac:b5:e0:86:05:af:46:
                    58:b6:41:64:46:2c:9b:1b:94:01:0f:b1:f5:8c:35:
                    e3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:63:18:8A:B1:CA:4D:45:6D:98:F7:99:10:F1:AF:93:67:13:09:87
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/ymMYirHKTUVtmPeZEPGvk2cTCYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:e9:5c:eb:6f:b2:c3:de:fe:ea:ba:ff:3f:ee:32:01:51:86:
         da:da:f0:06:0d:b7:90:5f:e8:34:b0:81:4d:8b:fc:49:3d:c6:
         39:7c:a7:47:73:59:ff:32:89:7e:31:93:77:bd:f2:60:0a:a2:
         bc:c1:bf:66:52:b2:4f:e4:40:0a:95:03:f2:fa:31:66:78:d7:
         44:e5:be:f8:28:26:2f:5b:6c:c1:34:b5:5d:62:76:06:30:32:
         6c:d5:41:80:6b:ad:87:b1:ae:ab:70:c9:eb:07:54:18:46:b9:
         82:ae:f5:72:dc:ec:0d:c3:12:b4:65:46:a1:d4:d6:07:21:9d:
         94:e1:26:02:81:fb:41:b8:31:6c:31:cd:f6:a2:d2:a4:00:d4:
         cc:22:88:49:a5:bc:99:e7:02:75:ce:e5:74:21:55:59:5c:56:
         7a:75:35:15:79:80:f0:cd:f3:fb:0b:3a:b8:36:0c:00:b3:3d:
         74:da:d8:92:0e:5b:6a:8c:38:8d:0f:08:30:eb:68:fd:c9:78:
         34:3a:d9:2c:c0:fc:51:ed:21:2a:06:3d:be:76:de:c5:3c:b2:
         82:6a:5b:50:db:ed:7b:3e:e3:70:6a:49:27:4b:bc:68:ec:bd:
         84:74:ef:7d:76:2f:9b:a6:e4:f7:7e:30:08:25:65:96:f4:7f:
         db:5a:35:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgzm8/SgVv4VG9524AaWYy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNzIyMTkyODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTYzMTg4YWIxY2E0ZDQ1NmQ5OGY3OTkxMGYxYWY5MzY3MTMwOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9cVc3E7k+51nqJvCjotH6KtwVpr
rKfdOfaRbOh1kaPWEQzw/Gxx9Dc0cbYsIoNaERMcDZNAC2Xw/kpD32/PFQcysYHQ
XCWV1rk58VQsYrM0Q8xkrcRu6VTb4s9V08UAQ+ipndXQQDviO0xMJ5ht+GudXIsm
zb4DHLhvVXfYkuV4H1YnYO2brrXhhVOB4F7aQkbPTteM0zNBGPbObS19Ldngrqyl
jpB7LNY7lc2YPbdVwtvkj/7lJn9fpiK2hHgzimopLb9BnckXWJSmr0r0Gsy4HWw+
u/c82LA9RYxM7dm61jVUvYtuAKy14IYFr0ZYtkFkRiybG5QBD7H1jDXjVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpjGIqxyk1FbZj3mRDxr5NnEwmHMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEveW1NWWlySEtUVVZ0bVBlWkVQR3ZrMmNUQ1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuefMA0G
CSqGSIb3DQEBCwUAA4IBAQAN6Vzrb7LD3v7quv8/7jIBUYba2vAGDbeQX+g0sIFN
i/xJPcY5fKdHc1n/Mol+MZN3vfJgCqK8wb9mUrJP5EAKlQPy+jFmeNdE5b74KCYv
W2zBNLVdYnYGMDJs1UGAa62Hsa6rcMnrB1QYRrmCrvVy3OwNwxK0ZUah1NYHIZ2U
4SYCgftBuDFsMc32otKkANTMIohJpbyZ5wJ1zuV0IVVZXFZ6dTUVeYDwzfP7Czq4
NgwAsz102tiSDltqjDiNDwgw62j9yXg0OtkswPxR7SEqBj2+dt7FPLKCaltQ2+17
PuNwakknS7xo7L2EdO99di+bpuT3fjAIJWWW9H/bWjXr
-----END CERTIFICATE-----