Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PdlM6zjCvV7tf66Xsvx3fLdulgQ.roa
File:                     PdlM6zjCvV7tf66Xsvx3fLdulgQ.roa (raw, json)
Hash identifier:          G9dOktuY5S2rnf+N1Mw1feLfQumDHSukNZmM8cOrZpc=
Subject key identifier:   3D:D9:4C:EB:38:C2:BD:5E:ED:7F:AE:97:B2:FC:77:7C:B7:6E:96:04
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       01991A26573CC14F7FCB2A795E79F76DF649
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PdlM6zjCvV7tf66Xsvx3fLdulgQ.roa
Signing time:             Fri 05 Sep 2025 13:52:24 +0000
ROA not before:           Fri 05 Sep 2025 13:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        194.231.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 07:45:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:26:57:3c:c1:4f:7f:cb:2a:79:5e:79:f7:6d:f6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Sep  5 13:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dd94ceb38c2bd5eed7fae97b2fc777cb76e9604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8d:20:76:0e:6f:69:f2:be:74:d6:18:29:a7:
                    b5:7e:65:3f:da:86:d2:68:c1:b6:7e:b6:4e:bc:27:
                    87:a6:e2:ef:e9:c8:94:fd:9f:17:d4:4e:3f:48:7e:
                    e9:07:34:a7:9a:4f:d4:38:39:33:74:49:15:dd:81:
                    26:8b:84:56:bc:31:e8:7c:72:d1:8b:b2:2c:47:f2:
                    b1:37:2b:5e:da:ae:ef:af:75:75:20:d0:c4:79:b7:
                    aa:84:f5:28:57:e0:07:bb:95:b3:23:84:40:04:bc:
                    54:a3:50:83:94:37:f2:5e:34:d3:c9:7d:ea:92:fe:
                    84:a0:38:b9:46:88:9c:08:4e:a3:97:09:4a:98:f0:
                    b6:83:f9:09:9f:19:3d:26:0d:84:50:24:cc:85:14:
                    c9:00:af:8b:25:72:b8:8c:59:ef:60:89:c7:ec:72:
                    31:9a:84:6b:98:66:d2:cf:2d:bd:aa:c5:71:7f:1c:
                    eb:ba:21:5f:ab:08:8a:00:50:1a:18:27:b4:e6:71:
                    6b:45:17:44:50:4b:7d:11:4b:02:66:71:c8:b4:10:
                    c2:83:79:21:78:a6:c3:8a:c0:83:5f:e1:79:63:95:
                    e8:52:08:43:e2:c6:fd:ff:1a:b4:24:45:32:9b:c5:
                    e2:06:fe:7b:66:18:02:c3:53:8e:c1:fb:0f:9c:a0:
                    15:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D9:4C:EB:38:C2:BD:5E:ED:7F:AE:97:B2:FC:77:7C:B7:6E:96:04
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PdlM6zjCvV7tf66Xsvx3fLdulgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:92:d9:35:56:7a:6c:03:71:9d:4b:b3:6a:4e:37:bb:d2:a6:
         80:a7:00:9c:3e:8c:6e:39:fb:b1:d0:12:ab:2b:56:b4:90:ab:
         ae:9e:e8:1e:ca:56:df:6f:dd:bd:e4:5b:cb:1a:5b:27:18:62:
         5e:e3:69:d3:35:92:57:d0:9b:81:9d:f1:de:80:44:d4:8f:1c:
         01:b7:52:b9:c5:48:b0:d8:25:04:5a:92:01:aa:1c:e0:50:f0:
         49:2c:9b:1e:85:cd:e6:01:03:8e:f2:d3:f5:ac:3b:b9:c8:10:
         8f:30:20:80:58:eb:4e:03:ac:f4:05:9f:bc:cf:4d:56:f8:e5:
         eb:8d:39:76:0e:fb:bb:e0:f3:be:26:6e:e7:61:d9:9e:0e:87:
         0a:03:f6:e4:f1:fc:22:70:3e:c4:b8:6e:74:3d:3d:22:04:4a:
         82:7d:03:8c:44:48:f0:e7:4d:1b:10:33:3f:52:25:7f:57:12:
         1c:50:a6:77:03:18:82:70:8e:3d:86:c6:19:a8:f9:75:36:01:
         b3:f3:1d:36:10:21:f1:40:cd:b2:fa:74:0b:29:20:93:c1:72:
         ff:b3:8e:db:10:4b:c3:45:0e:5b:92:45:ff:59:d5:d3:ac:52:
         7f:fa:1f:59:61:dd:bd:80:4e:78:a8:9e:ce:38:94:02:58:c8:
         71:f1:6f:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkaJlc8wU9/yyp5Xnn3bfZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwOTA1MTM1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ5NGNlYjM4YzJiZDVlZWQ3ZmFlOTdiMmZjNzc3Y2I3NmU5NjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY0gdg5vafK+dNYYKae1fmU/2obS
aMG2frZOvCeHpuLv6ciU/Z8X1E4/SH7pBzSnmk/UODkzdEkV3YEmi4RWvDHofHLR
i7IsR/KxNyte2q7vr3V1INDEebeqhPUoV+AHu5WzI4RABLxUo1CDlDfyXjTTyX3q
kv6EoDi5RoicCE6jlwlKmPC2g/kJnxk9Jg2EUCTMhRTJAK+LJXK4jFnvYInH7HIx
moRrmGbSzy29qsVxfxzruiFfqwiKAFAaGCe05nFrRRdEUEt9EUsCZnHItBDCg3kh
eKbDisCDX+F5Y5XoUghD4sb9/xq0JEUym8XiBv57ZhgCw1OOwfsPnKAVJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3ZTOs4wr1e7X+ul7L8d3y3bpYEMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUGRsTTZ6akN2Vjd0ZjY2WHN2eDNmTGR1bGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwueAMA0G
CSqGSIb3DQEBCwUAA4IBAQCDktk1VnpsA3GdS7NqTje70qaApwCcPoxuOfux0BKr
K1a0kKuunugeylbfb9295FvLGlsnGGJe42nTNZJX0JuBnfHegETUjxwBt1K5xUiw
2CUEWpIBqhzgUPBJLJsehc3mAQOO8tP1rDu5yBCPMCCAWOtOA6z0BZ+8z01W+OXr
jTl2Dvu74PO+Jm7nYdmeDocKA/bk8fwicD7EuG50PT0iBEqCfQOMREjw500bEDM/
UiV/VxIcUKZ3AxiCcI49hsYZqPl1NgGz8x02ECHxQM2y+nQLKSCTwXL/s47bEEvD
RQ5bkkX/WdXTrFJ/+h9ZYd29gE54qJ7OOJQCWMhx8W/E
-----END CERTIFICATE-----