Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/KJUhctcBugCp1-4ql5FvlwimL8w.roa
File:                     KJUhctcBugCp1-4ql5FvlwimL8w.roa (raw, json)
Hash identifier:          Exy/k9uTBiqFKRJOb3x98WIONwIfXm6cNFsgrU7w/yE=
Subject key identifier:   28:95:21:72:D7:01:BA:00:A9:D7:EE:2A:97:91:6F:97:08:A6:2F:CC
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019A0AF9C68C36B9CDBDC2A4FDD681FF586A
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/KJUhctcBugCp1-4ql5FvlwimL8w.roa
Signing time:             Wed 22 Oct 2025 08:12:12 +0000
ROA not before:           Wed 22 Oct 2025 08:12:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        194.231.133.0/24 maxlen: 24
                          194.231.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 08:33:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0a:f9:c6:8c:36:b9:cd:bd:c2:a4:fd:d6:81:ff:58:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 22 08:12:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28952172d701ba00a9d7ee2a97916f9708a62fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f0:53:b7:50:98:58:ef:51:ca:dc:fb:48:22:
                    27:d1:24:93:2f:33:ec:2d:04:bb:5f:c3:37:d8:ab:
                    17:ba:4b:25:bf:b8:3b:43:70:e2:41:48:37:02:0c:
                    35:71:c4:cf:81:44:d2:df:a2:c4:66:5f:0f:3b:05:
                    13:c1:37:35:7f:fe:6e:7d:86:89:24:64:98:4d:95:
                    08:11:68:51:03:c0:b2:2a:fa:b9:e3:08:f1:33:2d:
                    cc:7a:b2:db:70:53:12:e5:97:c9:31:9a:3e:2c:9d:
                    83:6f:34:f6:30:39:c8:78:94:c8:dc:1d:8d:7a:47:
                    cf:62:10:49:2d:c8:5b:23:a6:77:ce:df:b2:cc:c9:
                    d8:6a:a7:97:c8:d3:f5:c1:08:26:3d:6b:40:08:16:
                    81:f7:a9:10:c0:fc:1c:b2:8a:f4:14:08:ee:79:28:
                    6e:86:00:1c:48:07:7b:2e:8f:7f:60:58:34:c1:45:
                    56:ef:69:33:74:fa:e5:dc:2c:6f:cf:d2:b0:b6:4c:
                    ee:f9:09:24:18:f3:7a:b7:f5:78:0e:19:e3:44:fe:
                    93:58:e3:7a:ba:94:4e:67:93:67:d5:9a:db:95:f0:
                    dd:17:d0:d3:d2:96:93:bb:08:c6:c2:fa:d8:dc:07:
                    4a:6e:30:be:38:69:5d:53:44:8e:6b:22:3e:af:3b:
                    8d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:95:21:72:D7:01:BA:00:A9:D7:EE:2A:97:91:6F:97:08:A6:2F:CC
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/KJUhctcBugCp1-4ql5FvlwimL8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.133.0/24
                  194.231.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:39:dc:04:c7:07:2b:d2:aa:88:44:5a:62:1c:27:71:a5:fd:
         49:a4:5d:f1:48:59:48:14:37:3c:74:57:81:e9:41:74:0d:02:
         ae:73:2b:2c:c7:82:5c:d4:ce:1a:0a:c9:af:7a:ef:67:ad:85:
         b8:a1:6e:05:c6:2d:c1:d2:31:e1:01:3a:fa:27:9c:3d:af:5f:
         f1:33:5c:1a:04:b5:09:b1:d4:00:12:01:6b:66:bf:72:88:35:
         39:7e:2b:36:06:74:9f:ac:6e:25:76:50:4b:6a:02:3c:cb:d5:
         5c:86:80:5a:40:03:d2:76:08:7e:a0:40:72:90:ca:cc:71:2d:
         04:b3:82:cc:37:ff:81:a9:f3:b6:ff:da:42:8e:7a:a0:8b:fe:
         f4:e3:75:0f:f7:89:53:27:4c:44:f4:3e:7d:55:62:a7:70:b9:
         b7:c3:4d:b0:67:d2:2e:e4:a0:54:7d:11:25:68:14:1a:c6:a5:
         a2:be:5e:89:cd:b3:68:fc:0f:dc:94:76:d1:31:c5:fa:4e:70:
         22:f3:c4:53:5e:7b:bf:ce:78:f0:18:98:84:4f:c1:18:d2:58:
         29:a0:07:f6:64:65:a3:fd:d8:69:65:4f:69:a5:3b:26:90:75:
         f6:2d:cd:5d:7c:23:02:ae:f5:ab:a1:27:dc:ae:c4:f3:2b:42:
         0f:85:9c:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoK+caMNrnNvcKk/daB/1hqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDIyMDgxMjEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk1MjE3MmQ3MDFiYTAwYTlkN2VlMmE5NzkxNmY5NzA4YTYyZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/BTt1CYWO9Rytz7SCIn0SSTLzPs
LQS7X8M32KsXukslv7g7Q3DiQUg3Agw1ccTPgUTS36LEZl8POwUTwTc1f/5ufYaJ
JGSYTZUIEWhRA8CyKvq54wjxMy3MerLbcFMS5ZfJMZo+LJ2DbzT2MDnIeJTI3B2N
ekfPYhBJLchbI6Z3zt+yzMnYaqeXyNP1wQgmPWtACBaB96kQwPwcsor0FAjueShu
hgAcSAd7Lo9/YFg0wUVW72kzdPrl3Cxvz9Kwtkzu+QkkGPN6t/V4DhnjRP6TWON6
upROZ5Nn1ZrblfDdF9DT0paTuwjGwvrY3AdKbjC+OGldU0SOayI+rzuNpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCiVIXLXAboAqdfuKpeRb5cIpi/MMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvS0pVaGN0Y0J1Z0NwMS00cWw1RnZsd2ltTDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwueFAwQA
wufFMA0GCSqGSIb3DQEBCwUAA4IBAQC8OdwExwcr0qqIRFpiHCdxpf1JpF3xSFlI
FDc8dFeB6UF0DQKucyssx4Jc1M4aCsmveu9nrYW4oW4Fxi3B0jHhATr6J5w9r1/x
M1waBLUJsdQAEgFrZr9yiDU5fis2BnSfrG4ldlBLagI8y9VchoBaQAPSdgh+oEBy
kMrMcS0Es4LMN/+BqfO2/9pCjnqgi/7043UP94lTJ0xE9D59VWKncLm3w02wZ9Iu
5KBUfRElaBQaxqWivl6JzbNo/A/clHbRMcX6TnAi88RTXnu/znjwGJiET8EY0lgp
oAf2ZGWj/dhpZU9ppTsmkHX2Lc1dfCMCrvWroSfcrsTzK0IPhZwZ
-----END CERTIFICATE-----