Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/A7m_7gb6mlqhypAzj5Up4ptS0D4.roa
File:                     A7m_7gb6mlqhypAzj5Up4ptS0D4.roa (raw, json)
Hash identifier:          S5HBveQiLPF5fp05q4fWTN3NJl2O9CCdxxcp0vOb8i8=
Subject key identifier:   03:B9:BF:EE:06:FA:9A:5A:A1:CA:90:33:8F:95:29:E2:9B:52:D0:3E
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DD2F41F0401F4C6989E4093918419972E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/A7m_7gb6mlqhypAzj5Up4ptS0D4.roa
Signing time:             Tue 28 Apr 2026 07:18:27 +0000
ROA not before:           Tue 28 Apr 2026 07:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        194.231.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 15:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d2:f4:1f:04:01:f4:c6:98:9e:40:93:91:84:19:97:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 28 07:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03b9bfee06fa9a5aa1ca90338f9529e29b52d03e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4e:ee:93:9e:97:99:a8:29:cd:52:e5:56:04:
                    57:3b:0e:1a:a2:1e:13:eb:88:16:b9:51:78:72:f9:
                    a3:1e:4f:a6:6f:49:d8:04:68:2f:47:56:e7:fc:25:
                    25:7c:59:86:38:55:21:61:0e:26:4f:e9:bf:e8:1d:
                    05:db:58:26:45:19:e0:b2:37:0c:af:49:11:6a:23:
                    ae:28:cb:ed:bc:b1:a9:09:da:e9:13:78:0b:f0:f0:
                    ad:84:7f:6c:5c:42:1d:d3:81:01:d3:b4:b6:5b:2a:
                    8c:6f:b5:8d:6c:e0:2a:05:22:c3:0a:41:7b:db:6b:
                    83:6d:ec:7b:54:56:06:4c:60:2a:55:f7:2d:ee:0a:
                    07:07:8a:66:9c:da:8b:00:4a:26:83:3a:3e:55:96:
                    1c:b3:96:0f:15:74:87:6f:24:6a:0f:aa:a1:76:04:
                    4a:36:c7:7e:a0:36:7d:f2:1a:32:06:41:ff:33:7a:
                    8e:a6:08:c4:22:7c:17:6b:26:09:97:16:17:dd:2c:
                    80:9e:6c:65:0f:5f:ec:e6:52:90:1a:0e:56:9d:eb:
                    35:84:2a:01:d2:04:f5:05:a8:8f:89:f5:bb:fc:2d:
                    1a:12:40:a4:86:56:e9:e7:74:4b:4a:1d:12:1c:e8:
                    f2:e3:7b:59:fc:b0:1d:1b:7c:c0:f2:16:b9:bd:78:
                    cd:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B9:BF:EE:06:FA:9A:5A:A1:CA:90:33:8F:95:29:E2:9B:52:D0:3E
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/A7m_7gb6mlqhypAzj5Up4ptS0D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:d2:0d:2d:8f:ba:6e:b9:23:0d:0f:ac:5d:06:b5:87:b5:4d:
         6a:df:19:72:70:85:ef:46:dd:bb:30:f6:14:6b:29:a7:e5:22:
         3b:a0:3c:60:bf:f1:58:12:ef:b0:36:e8:e6:93:57:a6:32:00:
         0c:fd:0d:9b:5f:cc:8e:f0:b6:4c:99:26:ce:99:bf:1e:74:27:
         e5:3a:8e:cd:88:24:f3:76:f1:b7:69:9d:4f:5c:88:07:9e:92:
         a8:60:d1:07:08:f0:fe:ff:18:5a:35:f1:b3:cc:ca:71:f6:9e:
         47:83:22:69:70:a8:13:f6:63:85:93:3b:dc:77:55:90:67:c7:
         bb:6a:3e:88:5d:60:02:0f:99:eb:41:ed:09:fb:c2:a9:4a:c0:
         63:2c:76:12:e0:0e:50:8b:4e:08:44:ed:0b:6f:39:12:2d:02:
         ea:17:b3:68:a6:75:c7:e3:36:bc:e7:3c:f5:e7:87:19:2a:c0:
         15:25:5c:79:e2:f7:12:14:ec:5b:80:04:b4:46:6c:97:a8:bf:
         77:1f:d0:ff:0f:01:5a:f6:05:10:dc:d1:df:91:f7:d4:78:1b:
         fb:08:32:73:2a:95:af:d1:0e:97:6e:af:56:71:e2:27:54:95:
         38:c3:12:14:cb:b0:02:e2:6c:44:8e:61:2a:12:4c:91:6a:8e:
         d5:ee:dd:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3S9B8EAfTGmJ5Ak5GEGZcuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDI4MDcxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I5YmZlZTA2ZmE5YTVhYTFjYTkwMzM4Zjk1MjllMjliNTJkMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx07uk56XmagpzVLlVgRXOw4aoh4T
64gWuVF4cvmjHk+mb0nYBGgvR1bn/CUlfFmGOFUhYQ4mT+m/6B0F21gmRRngsjcM
r0kRaiOuKMvtvLGpCdrpE3gL8PCthH9sXEId04EB07S2WyqMb7WNbOAqBSLDCkF7
22uDbex7VFYGTGAqVfct7goHB4pmnNqLAEomgzo+VZYcs5YPFXSHbyRqD6qhdgRK
Nsd+oDZ98hoyBkH/M3qOpgjEInwXayYJlxYX3SyAnmxlD1/s5lKQGg5Wnes1hCoB
0gT1BaiPifW7/C0aEkCkhlbp53RLSh0SHOjy43tZ/LAdG3zA8ha5vXjN0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAO5v+4G+ppaocqQM4+VKeKbUtA+MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvQTdtXzdnYjZtbHFoeXBBemo1VXA0cHRTMEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwufUMA0G
CSqGSIb3DQEBCwUAA4IBAQBB0g0tj7puuSMND6xdBrWHtU1q3xlycIXvRt27MPYU
aymn5SI7oDxgv/FYEu+wNujmk1emMgAM/Q2bX8yO8LZMmSbOmb8edCflOo7NiCTz
dvG3aZ1PXIgHnpKoYNEHCPD+/xhaNfGzzMpx9p5HgyJpcKgT9mOFkzvcd1WQZ8e7
aj6IXWACD5nrQe0J+8KpSsBjLHYS4A5Qi04IRO0LbzkSLQLqF7NopnXH4za85zz1
54cZKsAVJVx54vcSFOxbgAS0RmyXqL93H9D/DwFa9gUQ3NHfkffUeBv7CDJzKpWv
0Q6Xbq9WceInVJU4wxIUy7AC4mxEjmEqEkyRao7V7t3i
-----END CERTIFICATE-----