Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/c7HpEh24YUWtOYV_6obYB9Mz0m8.roa
File:                     c7HpEh24YUWtOYV_6obYB9Mz0m8.roa (raw, json)
Hash identifier:          qq6DU8xYL4tqIgpLueomWtTiS3sOX6A6waEInhdwerI=
Subject key identifier:   73:B1:E9:12:1D:B8:61:45:AD:39:85:7F:EA:86:D8:07:D3:33:D2:6F
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DBA06E654FD13B5F8E8AB937284255D3E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/c7HpEh24YUWtOYV_6obYB9Mz0m8.roa
Signing time:             Thu 23 Apr 2026 11:08:27 +0000
ROA not before:           Thu 23 Apr 2026 11:08:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51082
IP address blocks:        194.231.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Apr 2026 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:06:e6:54:fd:13:b5:f8:e8:ab:93:72:84:25:5d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 23 11:08:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73b1e9121db86145ad39857fea86d807d333d26f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:27:36:c2:dd:73:a1:69:62:a1:5c:b8:56:3a:
                    64:f2:74:3e:71:5f:c7:04:d8:2c:bb:a7:a2:0d:32:
                    f1:6a:e5:d8:93:52:f9:06:51:24:04:de:02:bc:bb:
                    f8:df:2e:b9:78:d1:92:6b:a7:a8:25:b7:87:5a:f4:
                    ec:88:26:ec:3c:a5:ec:e1:71:a5:fe:83:db:f2:eb:
                    b6:f7:9b:58:3c:09:28:38:48:df:9b:76:b3:1a:db:
                    97:59:2e:ce:69:b2:f7:0a:0d:fb:8d:7d:97:25:02:
                    3c:e9:cd:b5:6d:4b:c8:72:88:88:d7:19:13:5c:fc:
                    a2:5a:a2:b0:b6:f5:9c:42:ef:f8:8e:d8:91:bc:e7:
                    da:71:a7:e2:b1:8c:01:55:c5:9f:bc:a7:f5:f8:b4:
                    ee:45:35:cc:ee:e7:c4:ef:0c:e8:3a:1b:d0:35:a6:
                    ba:1e:11:7d:68:0a:43:24:93:3e:96:e9:fa:99:02:
                    80:4c:86:48:e0:aa:37:aa:45:e9:b3:42:4a:0c:bb:
                    52:45:50:17:87:03:e9:38:e7:0c:5c:7f:67:c1:61:
                    cb:54:9c:a3:70:39:96:65:d1:09:28:1c:6a:cc:20:
                    b9:6c:69:f0:f7:ef:fb:ba:e7:24:a6:a1:1c:c9:f0:
                    78:93:5b:22:9c:db:c1:c7:ef:f2:21:b5:31:ce:c4:
                    a4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B1:E9:12:1D:B8:61:45:AD:39:85:7F:EA:86:D8:07:D3:33:D2:6F
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/c7HpEh24YUWtOYV_6obYB9Mz0m8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:04:30:11:72:56:45:ac:b0:85:78:8e:6f:af:f9:33:d0:e1:
         61:c3:c4:86:99:02:fb:0b:0f:b5:12:01:37:00:72:8a:c9:f8:
         1f:62:3d:07:16:ae:20:6c:fd:03:9b:8a:ee:fa:b6:e2:b2:28:
         e2:e1:a6:12:4a:5a:8e:d7:e9:84:5e:b2:53:ac:50:be:d5:41:
         18:9e:a3:7e:8a:07:e8:81:f7:ea:09:96:06:be:9f:23:23:73:
         d0:93:36:5a:55:3f:1a:03:8a:c9:ef:d1:c9:b4:f4:aa:1d:2b:
         e7:b1:d4:38:4c:71:8f:72:e9:f5:f3:64:f4:d5:fb:42:56:05:
         77:40:21:87:b0:df:be:69:50:1b:c8:ee:b9:af:78:4c:97:10:
         3d:e0:30:8e:2f:18:a2:5e:4e:ae:e9:a8:60:ae:7a:98:9b:e3:
         2e:80:54:64:17:ca:d7:fd:6e:22:db:f6:37:10:7b:52:95:aa:
         d5:03:e2:bc:2b:68:da:b8:a2:5c:e6:28:46:8a:5c:19:86:d1:
         d4:de:ff:97:5b:4d:43:fe:2d:ab:ea:72:0c:7a:a8:b4:3b:f3:
         21:e3:3f:e7:59:0c:de:5a:21:fc:8b:61:e6:0a:20:1c:fa:7b:
         3a:34:39:97:94:4f:05:21:ee:1c:48:fe:e7:de:ba:01:fe:84:
         df:fa:c5:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ26BuZU/RO1+Oirk3KEJV0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDIzMTEwODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2IxZTkxMjFkYjg2MTQ1YWQzOTg1N2ZlYTg2ZDgwN2QzMzNkMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yc2wt1zoWlioVy4Vjpk8nQ+cV/H
BNgsu6eiDTLxauXYk1L5BlEkBN4CvLv43y65eNGSa6eoJbeHWvTsiCbsPKXs4XGl
/oPb8uu295tYPAkoOEjfm3azGtuXWS7OabL3Cg37jX2XJQI86c21bUvIcoiI1xkT
XPyiWqKwtvWcQu/4jtiRvOfacafisYwBVcWfvKf1+LTuRTXM7ufE7wzoOhvQNaa6
HhF9aApDJJM+lun6mQKATIZI4Ko3qkXps0JKDLtSRVAXhwPpOOcMXH9nwWHLVJyj
cDmWZdEJKBxqzCC5bGnw9+/7uuckpqEcyfB4k1sinNvBx+/yIbUxzsSk8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOx6RIduGFFrTmFf+qG2AfTM9JvMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYzdIcEVoMjRZVVd0T1lWXzZvYllCOU16MG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueUMA0G
CSqGSIb3DQEBCwUAA4IBAQDCBDARclZFrLCFeI5vr/kz0OFhw8SGmQL7Cw+1EgE3
AHKKyfgfYj0HFq4gbP0Dm4ru+rbisiji4aYSSlqO1+mEXrJTrFC+1UEYnqN+igfo
gffqCZYGvp8jI3PQkzZaVT8aA4rJ79HJtPSqHSvnsdQ4THGPcun182T01ftCVgV3
QCGHsN++aVAbyO65r3hMlxA94DCOLxiiXk6u6ahgrnqYm+MugFRkF8rX/W4i2/Y3
EHtSlarVA+K8K2jauKJc5ihGilwZhtHU3v+XW01D/i2r6nIMeqi0O/Mh4z/nWQze
WiH8i2HmCiAc+ns6NDmXlE8FIe4cSP7n3roB/oTf+sWZ
-----END CERTIFICATE-----