Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Kw_rZGCdqHqrhBAB0oKMbt5fEJ0.roa
File:                     Kw_rZGCdqHqrhBAB0oKMbt5fEJ0.roa (raw, json)
Hash identifier:          SJkv69Ppwz0e+MhWzWKdD+rtKP55vKlF42hgfxr8/dg=
Subject key identifier:   2B:0F:EB:64:60:9D:A8:7A:AB:84:10:01:D2:82:8C:6E:DE:5F:10:9D
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       01991A282C38AFB46FA1EDAA66E01DB3C3F7
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Kw_rZGCdqHqrhBAB0oKMbt5fEJ0.roa
Signing time:             Fri 05 Sep 2025 13:54:24 +0000
ROA not before:           Fri 05 Sep 2025 13:54:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        194.231.156.0/22 maxlen: 24
                          194.231.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 07:45:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:28:2c:38:af:b4:6f:a1:ed:aa:66:e0:1d:b3:c3:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Sep  5 13:54:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b0feb64609da87aab841001d2828c6ede5f109d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d5:01:e0:39:82:0c:46:14:06:c2:02:89:04:
                    a8:8f:83:01:73:b7:4e:2f:f7:d5:7b:04:9e:d7:ed:
                    e1:4f:1e:f0:56:3a:00:3b:10:f6:7e:a3:0c:6c:12:
                    ed:78:89:b4:21:a0:55:95:8d:f1:2e:ad:73:62:c5:
                    2c:2e:66:f0:00:f6:2a:09:29:3a:1a:6c:c4:9d:7a:
                    f2:ed:5b:12:a0:23:ab:d5:d9:29:f2:76:32:5b:dd:
                    73:e1:a0:f7:f0:af:df:ca:83:af:23:4f:9a:32:8b:
                    72:66:8a:b0:cd:25:fc:14:45:1a:14:3f:f1:c9:a3:
                    55:1b:16:3f:2c:98:22:49:4a:68:10:dc:14:a1:0f:
                    88:60:3f:5e:4d:c9:65:5b:f2:0e:db:a2:96:2f:55:
                    60:79:0c:1b:b5:6e:d0:9c:54:c8:b2:54:40:e2:c8:
                    28:2c:13:c6:14:d4:6d:20:e9:40:9e:07:cb:99:32:
                    30:61:10:93:b1:73:4a:d3:7f:4a:0f:0f:72:2c:2e:
                    23:b7:7b:18:54:a5:c6:65:bc:77:b4:96:13:ac:2d:
                    1f:7d:53:a5:3e:da:01:55:bd:0b:d6:31:5b:ed:95:
                    41:f6:d9:66:15:6c:39:56:d3:80:74:bd:2f:8f:2e:
                    c6:25:d1:3c:53:7a:68:2a:c2:7f:d6:04:31:b7:8a:
                    c6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0F:EB:64:60:9D:A8:7A:AB:84:10:01:D2:82:8C:6E:DE:5F:10:9D
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Kw_rZGCdqHqrhBAB0oKMbt5fEJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.156.0/22
                  194.231.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:8a:d1:38:6c:a9:82:be:e3:d9:42:64:a1:f6:77:e9:d2:23:
         ac:0d:62:fc:21:05:e8:18:68:21:a4:b4:d9:cb:33:08:69:2b:
         0d:8b:87:6d:0c:7d:e7:6a:eb:f6:95:ac:ab:3b:f2:c7:54:7b:
         01:e5:4e:95:a9:64:b8:ce:90:5a:f9:ba:02:f1:97:ac:10:74:
         25:ea:7a:49:32:de:73:81:ce:af:41:80:f2:60:be:86:8a:d4:
         b4:1c:c6:12:8d:ca:ea:6f:fc:76:08:1e:0f:5e:fd:93:52:9d:
         a8:86:58:23:2c:60:4e:8c:6e:60:cc:54:4d:ab:39:4a:74:a5:
         df:4d:dc:2b:4f:71:40:2d:56:4d:ed:a8:2c:e3:b4:50:44:52:
         85:bd:34:25:26:30:9d:1a:02:af:10:df:a6:56:28:14:0a:ff:
         ef:e4:ff:03:8d:4c:e7:0c:31:9a:49:af:ae:cf:d8:33:af:81:
         a2:df:17:93:52:c8:68:49:68:8f:6d:c5:9a:34:c5:b5:22:77:
         53:94:ab:69:1e:c7:7e:5a:36:7c:0a:29:48:55:ff:7d:e8:d1:
         7f:94:92:c7:d3:37:6e:e7:d3:6b:48:e8:dd:39:ba:f2:b3:1d:
         77:b4:d4:26:eb:12:be:c5:a3:f7:c5:74:3d:19:77:15:22:07:
         52:e9:cc:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkaKCw4r7Rvoe2qZuAds8P3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwOTA1MTM1NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBmZWI2NDYwOWRhODdhYWI4NDEwMDFkMjgyOGM2ZWRlNWYxMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtUB4DmCDEYUBsICiQSoj4MBc7dO
L/fVewSe1+3hTx7wVjoAOxD2fqMMbBLteIm0IaBVlY3xLq1zYsUsLmbwAPYqCSk6
GmzEnXry7VsSoCOr1dkp8nYyW91z4aD38K/fyoOvI0+aMotyZoqwzSX8FEUaFD/x
yaNVGxY/LJgiSUpoENwUoQ+IYD9eTcllW/IO26KWL1VgeQwbtW7QnFTIslRA4sgo
LBPGFNRtIOlAngfLmTIwYRCTsXNK039KDw9yLC4jt3sYVKXGZbx3tJYTrC0ffVOl
PtoBVb0L1jFb7ZVB9tlmFWw5VtOAdL0vjy7GJdE8U3poKsJ/1gQxt4rG1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCsP62Rgnah6q4QQAdKCjG7eXxCdMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvS3dfclpHQ2RxSHFyaEJBQjBvS01idDVmRUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwuecAwQC
wufcMA0GCSqGSIb3DQEBCwUAA4IBAQCJitE4bKmCvuPZQmSh9nfp0iOsDWL8IQXo
GGghpLTZyzMIaSsNi4dtDH3nauv2layrO/LHVHsB5U6VqWS4zpBa+boC8ZesEHQl
6npJMt5zgc6vQYDyYL6GitS0HMYSjcrqb/x2CB4PXv2TUp2ohlgjLGBOjG5gzFRN
qzlKdKXfTdwrT3FALVZN7ags47RQRFKFvTQlJjCdGgKvEN+mVigUCv/v5P8DjUzn
DDGaSa+uz9gzr4Gi3xeTUshoSWiPbcWaNMW1IndTlKtpHsd+WjZ8CilIVf996NF/
lJLH0zdu59NrSOjdObrysx13tNQm6xK+xaP3xXQ9GXcVIgdS6czx
-----END CERTIFICATE-----