Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aOkt23VuvI9NT8Vw6bHnxosExvI.roa
File:                     aOkt23VuvI9NT8Vw6bHnxosExvI.roa (raw, json)
Hash identifier:          vyROJxBFY4cVFPnPP5CdHX/JYO5A0BhIRhdXJwt42VQ=
Subject key identifier:   68:E9:2D:DB:75:6E:BC:8F:4D:4F:C5:70:E9:B1:E7:C6:8B:04:C6:F2
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D77970BF87D05772250F1AC224940F3D2
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aOkt23VuvI9NT8Vw6bHnxosExvI.roa
Signing time:             Fri 10 Apr 2026 13:31:20 +0000
ROA not before:           Fri 10 Apr 2026 13:31:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        194.231.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:97:0b:f8:7d:05:77:22:50:f1:ac:22:49:40:f3:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 10 13:31:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68e92ddb756ebc8f4d4fc570e9b1e7c68b04c6f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ba:49:da:8f:72:58:4f:34:a8:eb:5e:66:57:
                    2b:8c:76:ea:1b:f8:13:f4:3e:52:6b:d1:ab:39:e3:
                    c1:e4:0d:7f:b5:87:cf:71:17:5a:39:a9:e2:80:9c:
                    7c:0e:9c:de:a0:1e:76:ea:1d:60:ce:fb:cb:8a:c0:
                    22:c1:06:4d:b0:fc:bc:00:b5:82:d1:3f:5c:f3:cf:
                    43:03:72:e3:6e:07:bc:32:7e:c9:4a:61:d0:56:5a:
                    9c:39:75:ef:b0:30:7a:f6:a7:29:ad:dc:ea:8b:f0:
                    7b:13:8f:5f:18:37:05:5d:e9:08:8f:24:de:b7:d2:
                    3a:07:6f:cf:fc:96:cb:59:3c:3d:ab:59:b1:38:c4:
                    92:68:47:34:dd:33:97:76:75:96:50:e8:e1:23:73:
                    89:c4:fc:39:0a:b2:64:16:eb:56:43:51:31:53:37:
                    d1:83:5e:ab:d6:78:85:96:59:9d:6d:95:ea:ca:ce:
                    b9:c2:ca:10:a0:19:06:b2:ef:15:05:c4:bc:e2:b7:
                    35:0f:4e:91:d9:ff:56:d2:c3:20:d3:bd:9c:c6:8d:
                    a1:5c:13:19:26:05:13:ff:a4:c0:1d:a9:c6:5d:58:
                    76:42:a3:ee:f9:2c:be:43:7a:5f:de:6f:61:ea:07:
                    82:10:68:93:d6:30:08:9a:97:a7:37:3c:10:2b:ef:
                    7c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E9:2D:DB:75:6E:BC:8F:4D:4F:C5:70:E9:B1:E7:C6:8B:04:C6:F2
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aOkt23VuvI9NT8Vw6bHnxosExvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:17:99:bd:ef:5e:f1:7a:82:74:ce:e1:74:82:d8:a7:52:54:
         f9:76:f7:78:31:6c:86:2a:c4:ef:ac:32:59:19:4d:0d:dd:6f:
         8f:76:f0:60:ad:f0:64:e5:a8:4c:cd:81:44:92:41:31:cd:ca:
         64:3c:a6:23:b3:2a:4d:99:0d:01:c2:0e:8d:90:ae:df:f4:43:
         0a:bb:1b:cc:c2:c6:1d:e9:f1:e9:95:98:cb:5d:ff:f9:e6:1a:
         3e:2c:ba:91:18:3f:7d:ab:cb:75:61:52:b1:48:ad:fe:ae:2c:
         b8:78:2e:87:f5:76:4d:64:74:36:ea:ce:67:78:99:79:11:43:
         eb:dd:c7:76:f8:68:8e:49:03:a0:9a:13:a2:05:fc:72:cf:ab:
         9b:7d:65:61:e4:1d:0d:97:fd:00:d6:50:b4:05:3f:bb:49:19:
         f2:f5:24:3f:38:94:31:dd:25:09:ab:a8:52:28:46:88:20:d8:
         d8:38:0b:e8:2a:5b:e6:55:5a:53:7e:3b:b4:ce:87:1a:b1:7a:
         35:64:82:a2:26:bb:c8:aa:8c:8c:e9:7c:e5:ad:15:17:5b:19:
         38:50:32:5b:ea:7f:4d:5b:b6:a4:d7:db:e0:85:20:ae:c5:a1:
         57:31:33:64:34:05:51:6c:c2:de:e8:10:f3:e1:3d:19:cc:74:
         95:05:cd:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ13lwv4fQV3IlDxrCJJQPPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDEwMTMzMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGU5MmRkYjc1NmViYzhmNGQ0ZmM1NzBlOWIxZTdjNjhiMDRjNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLpJ2o9yWE80qOteZlcrjHbqG/gT
9D5Sa9GrOePB5A1/tYfPcRdaOanigJx8DpzeoB526h1gzvvLisAiwQZNsPy8ALWC
0T9c889DA3Ljbge8Mn7JSmHQVlqcOXXvsDB69qcprdzqi/B7E49fGDcFXekIjyTe
t9I6B2/P/JbLWTw9q1mxOMSSaEc03TOXdnWWUOjhI3OJxPw5CrJkFutWQ1ExUzfR
g16r1niFllmdbZXqys65wsoQoBkGsu8VBcS84rc1D06R2f9W0sMg072cxo2hXBMZ
JgUT/6TAHanGXVh2QqPu+Sy+Q3pf3m9h6geCEGiT1jAImpenNzwQK+98ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjpLdt1bryPTU/FcOmx58aLBMbyMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYU9rdDIzVnV2STlOVDhWdzZiSG54b3NFeHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueWMA0G
CSqGSIb3DQEBCwUAA4IBAQCTF5m9717xeoJ0zuF0gtinUlT5dvd4MWyGKsTvrDJZ
GU0N3W+PdvBgrfBk5ahMzYFEkkExzcpkPKYjsypNmQ0Bwg6NkK7f9EMKuxvMwsYd
6fHplZjLXf/55ho+LLqRGD99q8t1YVKxSK3+riy4eC6H9XZNZHQ26s5neJl5EUPr
3cd2+GiOSQOgmhOiBfxyz6ubfWVh5B0Nl/0A1lC0BT+7SRny9SQ/OJQx3SUJq6hS
KEaIINjYOAvoKlvmVVpTfju0zocasXo1ZIKiJrvIqoyM6XzlrRUXWxk4UDJb6n9N
W7ak19vghSCuxaFXMTNkNAVRbMLe6BDz4T0ZzHSVBc0n
-----END CERTIFICATE-----