Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/7d_b6brpsPKRcDS4aF1RfBDndpY.roa
File:                     7d_b6brpsPKRcDS4aF1RfBDndpY.roa (raw, json)
Hash identifier:          Qb49YZdrf2dAufA9bSq06vsKQzXOh8NmpfK+veXg0Ww=
Subject key identifier:   ED:DF:DB:E9:BA:E9:B0:F2:91:70:34:B8:68:5D:51:7C:10:E7:76:96
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019A05F52577F7EBE85589EBC86E4A0EE42C
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/7d_b6brpsPKRcDS4aF1RfBDndpY.roa
Signing time:             Tue 21 Oct 2025 08:49:03 +0000
ROA not before:           Tue 21 Oct 2025 08:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        194.231.156.0/24 maxlen: 24
                          194.231.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 08:33:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:f5:25:77:f7:eb:e8:55:89:eb:c8:6e:4a:0e:e4:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 21 08:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eddfdbe9bae9b0f2917034b8685d517c10e77696
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:05:52:69:84:f6:47:9a:11:c5:5d:98:5a:04:
                    c7:df:97:a8:93:3a:27:07:a4:1a:6e:15:80:af:ba:
                    b5:87:9e:c8:fa:a4:49:9e:fb:b4:ac:d2:8f:b3:50:
                    e7:e5:f1:e1:8c:43:5e:a1:fb:13:98:b1:aa:6b:ce:
                    85:e4:d5:b8:61:f2:fa:0f:47:b9:77:c5:33:04:dd:
                    5e:7a:cc:10:bf:67:03:db:12:17:3b:f6:da:ef:fd:
                    00:29:c0:b9:ce:76:8c:4f:e1:c4:45:8d:57:cc:67:
                    bc:a0:0c:6b:a4:e3:f2:8d:41:b3:b8:14:a6:a8:4c:
                    b6:0b:52:ef:65:0b:b7:cc:7d:db:bc:5a:d4:1f:5c:
                    21:a0:43:85:d7:e0:4f:cd:ea:8c:4e:c7:fa:76:f0:
                    c3:df:0a:53:e4:c2:22:50:d9:b0:5d:43:ce:01:09:
                    82:70:50:7e:ef:4d:f8:aa:63:2e:0d:79:82:7f:65:
                    6d:8d:7e:1e:4e:14:1d:eb:74:13:2e:ed:9b:bf:55:
                    b1:d0:5f:5a:3e:59:0e:a9:d8:6f:81:0f:c1:97:ef:
                    95:5e:ef:e0:41:90:63:4e:69:3e:16:ae:79:10:e2:
                    0a:20:fb:b0:d6:39:50:25:6a:c1:d2:be:fd:a7:ce:
                    f2:01:c5:86:8a:cc:ab:0e:64:aa:06:5a:ef:0f:fb:
                    dd:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:DF:DB:E9:BA:E9:B0:F2:91:70:34:B8:68:5D:51:7C:10:E7:76:96
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/7d_b6brpsPKRcDS4aF1RfBDndpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.156.0/24
                  194.231.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:28:1b:b4:4b:e9:24:dc:19:4b:9a:e7:c0:6c:96:fb:e3:06:
         92:4a:6b:1b:da:5b:22:8a:df:e5:07:0d:de:98:b6:4f:3f:e5:
         d9:47:29:1a:81:61:5b:49:b1:21:58:1c:1e:32:71:1d:c4:0a:
         18:14:a3:31:aa:fd:f8:88:18:30:46:e6:b2:64:52:6b:c3:f7:
         db:43:49:38:3d:7c:59:97:02:19:85:ac:ef:e4:99:01:ff:6d:
         c7:04:dc:41:6b:5b:4f:71:47:f4:83:3b:61:3b:3c:b3:3e:99:
         10:bb:ab:4e:74:95:02:07:65:22:f2:65:4d:2b:26:13:8f:c1:
         22:d6:3e:d3:7d:8c:8f:d0:18:9b:ca:26:fe:62:83:e0:fe:32:
         a4:a0:e0:81:44:21:b4:a1:8c:fc:bc:29:36:95:00:4d:0a:b6:
         4c:ad:2a:97:60:89:f1:a1:ae:f5:be:a4:16:64:de:8c:30:f0:
         a2:c4:ee:f1:83:51:6f:2b:1a:01:04:0b:f5:7c:22:e4:fa:da:
         28:c5:ae:86:a0:bc:2e:c7:b9:88:61:78:c9:38:89:ae:c0:f1:
         97:bc:f7:60:0d:33:a9:84:84:f3:20:1a:59:6a:c1:be:a7:78:
         37:62:83:fe:76:4c:d1:59:ff:31:e5:d0:ba:33:42:ca:db:29:
         53:88:94:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoF9SV39+voVYnryG5KDuQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDIxMDg0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGRmZGJlOWJhZTliMGYyOTE3MDM0Yjg2ODVkNTE3YzEwZTc3Njk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwVSaYT2R5oRxV2YWgTH35eokzon
B6QabhWAr7q1h57I+qRJnvu0rNKPs1Dn5fHhjENeofsTmLGqa86F5NW4YfL6D0e5
d8UzBN1eeswQv2cD2xIXO/ba7/0AKcC5znaMT+HERY1XzGe8oAxrpOPyjUGzuBSm
qEy2C1LvZQu3zH3bvFrUH1whoEOF1+BPzeqMTsf6dvDD3wpT5MIiUNmwXUPOAQmC
cFB+7034qmMuDXmCf2VtjX4eThQd63QTLu2bv1Wx0F9aPlkOqdhvgQ/Bl++VXu/g
QZBjTmk+Fq55EOIKIPuw1jlQJWrB0r79p87yAcWGisyrDmSqBlrvD/vdXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO3f2+m66bDykXA0uGhdUXwQ53aWMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvN2RfYjZicnBzUEtSY0RTNGFGMVJmQkRuZHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwuecAwQA
wufeMA0GCSqGSIb3DQEBCwUAA4IBAQBCKBu0S+kk3BlLmufAbJb74waSSmsb2lsi
it/lBw3emLZPP+XZRykagWFbSbEhWBweMnEdxAoYFKMxqv34iBgwRuayZFJrw/fb
Q0k4PXxZlwIZhazv5JkB/23HBNxBa1tPcUf0gzthOzyzPpkQu6tOdJUCB2Ui8mVN
KyYTj8Ei1j7TfYyP0Bibyib+YoPg/jKkoOCBRCG0oYz8vCk2lQBNCrZMrSqXYInx
oa71vqQWZN6MMPCixO7xg1FvKxoBBAv1fCLk+tooxa6GoLwux7mIYXjJOImuwPGX
vPdgDTOphITzIBpZasG+p3g3YoP+dkzRWf8x5dC6M0LK2ylTiJQs
-----END CERTIFICATE-----