Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bVq999FzG3eKNN2dqm5wnJeAUoI.roa
File:                     bVq999FzG3eKNN2dqm5wnJeAUoI.roa (raw, json)
Hash identifier:          ACrAkeww5d+LYG8Q2QbStBkUAuOlg41ZT2U9quBLd3E=
Subject key identifier:   6D:5A:BD:F7:D1:73:1B:77:8A:34:DD:9D:AA:6E:70:9C:97:80:52:82
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DB93627C2E4EA86E3616F3882DEEDB91E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bVq999FzG3eKNN2dqm5wnJeAUoI.roa
Signing time:             Thu 23 Apr 2026 07:20:27 +0000
ROA not before:           Thu 23 Apr 2026 07:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199030
IP address blocks:        194.231.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:36:27:c2:e4:ea:86:e3:61:6f:38:82:de:ed:b9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 23 07:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d5abdf7d1731b778a34dd9daa6e709c97805282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ca:a3:0c:d9:db:41:16:95:81:6a:b7:3b:9a:
                    6d:38:66:30:5e:ec:fa:48:03:6c:98:3d:d5:dd:74:
                    59:fe:44:bf:2f:fc:51:56:e3:ad:f7:c0:68:0f:50:
                    5f:d4:1d:f2:a8:c2:0f:63:cc:6e:d8:3f:29:c2:ce:
                    f3:f9:b5:3c:3e:ac:9a:10:06:ab:4f:f2:46:ce:2f:
                    78:8d:88:63:7c:91:7c:88:d9:61:9b:1f:8f:bf:73:
                    ec:6b:43:8f:11:f6:08:1f:bf:4f:67:03:c4:9f:1c:
                    57:c9:7d:64:7e:00:92:72:65:0d:f7:67:58:49:a5:
                    09:cd:88:c6:e0:1e:49:50:a9:d0:03:3b:a8:5b:b0:
                    e7:b0:97:d4:cb:9c:35:3b:97:54:8e:61:4f:4c:8d:
                    a7:ee:e4:ac:c4:da:c8:93:69:86:80:3c:42:50:76:
                    46:0f:ef:ff:f2:38:c1:c4:78:31:9a:4e:10:e0:4d:
                    f4:f2:47:0a:cc:85:b5:64:d5:4c:38:a4:96:58:ec:
                    5a:b2:d4:22:e4:17:d7:1e:dc:78:f8:03:a1:70:57:
                    6d:fc:96:07:b5:83:e8:1a:03:2c:79:a8:78:62:b7:
                    bb:6c:86:20:53:72:b2:4e:1e:30:76:0e:bc:2d:9b:
                    0d:3e:b6:42:28:74:17:48:17:1c:cd:fb:6b:c3:65:
                    f8:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:5A:BD:F7:D1:73:1B:77:8A:34:DD:9D:AA:6E:70:9C:97:80:52:82
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bVq999FzG3eKNN2dqm5wnJeAUoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:f6:ac:df:d8:3d:59:96:99:09:07:ed:3f:06:79:e4:b0:59:
         30:f2:42:a0:e2:98:79:e5:32:f9:c7:17:77:dc:60:8e:03:14:
         20:60:f0:18:26:b6:3f:df:cd:06:d8:ab:da:33:fa:09:19:9c:
         53:83:37:e8:d6:6d:df:67:e5:88:53:e9:0c:44:22:0e:05:de:
         0b:a8:cc:96:5a:12:75:97:d2:f2:1f:d9:04:ed:10:3c:8b:61:
         49:00:e6:3b:ba:1b:34:bb:26:f8:06:51:22:1d:b9:8f:73:a2:
         e2:64:d8:ae:c4:02:29:47:32:00:33:ee:28:22:b6:76:7e:2e:
         cc:51:95:02:72:ae:4d:4e:f7:cf:ca:d1:a6:68:9d:a7:f9:c2:
         f3:e6:1b:01:7f:b5:dd:94:97:ba:99:8a:32:17:5c:84:b8:39:
         31:44:bc:95:01:51:f6:96:e0:43:1d:82:16:7a:a1:f4:1a:11:
         0f:a0:ab:2b:1a:01:0b:bc:f8:12:6a:8e:46:24:b0:67:3d:c0:
         b8:12:56:51:59:cf:ea:74:c4:a9:f7:63:67:f9:3f:80:cc:04:
         03:ed:6f:5d:56:57:cb:b2:16:7c:de:f6:c9:94:43:54:8d:cc:
         ae:20:99:cd:25:96:b4:fa:ae:64:56:75:fe:82:00:67:29:cf:
         65:72:3a:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ25NifC5OqG42FvOILe7bkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDIzMDcyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDVhYmRmN2QxNzMxYjc3OGEzNGRkOWRhYTZlNzA5Yzk3ODA1MjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMqjDNnbQRaVgWq3O5ptOGYwXuz6
SANsmD3V3XRZ/kS/L/xRVuOt98BoD1Bf1B3yqMIPY8xu2D8pws7z+bU8PqyaEAar
T/JGzi94jYhjfJF8iNlhmx+Pv3Psa0OPEfYIH79PZwPEnxxXyX1kfgCScmUN92dY
SaUJzYjG4B5JUKnQAzuoW7DnsJfUy5w1O5dUjmFPTI2n7uSsxNrIk2mGgDxCUHZG
D+//8jjBxHgxmk4Q4E308kcKzIW1ZNVMOKSWWOxastQi5BfXHtx4+AOhcFdt/JYH
tYPoGgMseah4Yre7bIYgU3KyTh4wdg68LZsNPrZCKHQXSBcczftrw2X4jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1avffRcxt3ijTdnapucJyXgFKCMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYlZxOTk5RnpHM2VLTk4yZHFtNXduSmVBVW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueXMA0G
CSqGSIb3DQEBCwUAA4IBAQAp9qzf2D1ZlpkJB+0/BnnksFkw8kKg4ph55TL5xxd3
3GCOAxQgYPAYJrY/380G2KvaM/oJGZxTgzfo1m3fZ+WIU+kMRCIOBd4LqMyWWhJ1
l9LyH9kE7RA8i2FJAOY7uhs0uyb4BlEiHbmPc6LiZNiuxAIpRzIAM+4oIrZ2fi7M
UZUCcq5NTvfPytGmaJ2n+cLz5hsBf7XdlJe6mYoyF1yEuDkxRLyVAVH2luBDHYIW
eqH0GhEPoKsrGgELvPgSao5GJLBnPcC4ElZRWc/qdMSp92Nn+T+AzAQD7W9dVlfL
shZ83vbJlENUjcyuIJnNJZa0+q5kVnX+ggBnKc9lcjpg
-----END CERTIFICATE-----