Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/e4EIcmTDJ7spbphn4LvFYmh3gAc.roa
File:                     e4EIcmTDJ7spbphn4LvFYmh3gAc.roa (raw, json)
Hash identifier:          gxmDXtCpogq4bb4PV7aCKM3z555J/XUFY5F4SHPEIhc=
Subject key identifier:   7B:81:08:72:64:C3:27:BB:29:6E:98:67:E0:BB:C5:62:68:77:80:07
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019A05F60F68B60C4FF9CD54C88DC3C02C34
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/e4EIcmTDJ7spbphn4LvFYmh3gAc.roa
Signing time:             Tue 21 Oct 2025 08:50:03 +0000
ROA not before:           Tue 21 Oct 2025 08:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63199
IP address blocks:        194.231.134.0/24 maxlen: 24
                          194.231.199.0/24 maxlen: 24
                          194.231.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 08:33:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:f6:0f:68:b6:0c:4f:f9:cd:54:c8:8d:c3:c0:2c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 21 08:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b81087264c327bb296e9867e0bbc56268778007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:10:a8:64:1a:98:17:fd:e2:87:47:d7:a2:dc:
                    ca:1b:a6:44:d0:66:02:ce:71:54:e6:7e:4c:99:40:
                    60:88:e7:e1:cb:51:93:c8:81:c9:c1:2f:27:bc:da:
                    b2:f4:0e:56:0d:6b:b7:b2:f4:03:1c:60:35:24:aa:
                    97:da:79:13:1b:00:2c:3a:a3:87:fb:43:cf:5a:22:
                    ff:0f:c4:d6:29:67:2a:03:7d:15:ab:5f:8f:97:3c:
                    98:6a:77:01:ca:78:e9:c3:de:84:7d:30:6b:30:b2:
                    1b:93:07:d5:3a:b9:c6:d0:de:fb:96:58:fb:05:23:
                    ae:06:d7:3f:f6:84:a1:3e:39:68:ba:aa:4f:d2:84:
                    ac:a3:1c:a3:b2:14:83:9f:d7:66:fb:f0:ad:a8:50:
                    dc:00:ba:f0:f5:87:58:35:3a:06:f5:0d:e2:99:30:
                    7a:03:fe:d9:a7:43:4d:aa:bc:c7:e0:03:ba:4f:99:
                    e9:a7:7b:18:9a:fd:64:fe:5b:84:f5:da:9e:89:79:
                    e2:fc:18:a9:ba:88:50:c9:2a:3e:76:0f:c7:d4:47:
                    35:a5:9b:b1:6d:8d:7b:40:aa:ba:73:b8:01:33:9e:
                    45:1c:a0:6c:8f:fd:19:56:6f:6f:28:42:58:56:a7:
                    eb:a5:76:c7:75:d8:2a:d6:a5:88:3a:36:25:13:a5:
                    4b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:81:08:72:64:C3:27:BB:29:6E:98:67:E0:BB:C5:62:68:77:80:07
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/e4EIcmTDJ7spbphn4LvFYmh3gAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.134.0/24
                  194.231.199.0/24
                  194.231.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:28:e2:61:fa:88:fc:85:db:5c:77:f0:86:99:da:41:2d:75:
         26:15:46:41:c8:0a:df:1e:f4:6f:13:d2:27:50:e2:8e:37:b8:
         2a:3d:b2:3e:d6:49:20:88:be:30:38:7f:42:fa:8e:65:c4:4c:
         9d:f0:40:2d:3e:4e:78:c0:80:49:ad:2a:4c:57:9f:88:33:69:
         68:59:be:30:ec:34:a9:0d:42:35:bc:1f:73:d2:de:64:55:e7:
         b8:05:b2:d4:5d:67:9a:fc:f3:d0:fc:fe:2f:f0:30:83:9a:73:
         ee:5e:4e:18:50:c5:c0:03:e2:61:f1:f3:28:b6:ca:25:5f:57:
         e1:b3:5d:8b:96:f9:b3:fc:31:99:f5:b4:46:0f:b8:a2:aa:2e:
         70:65:ba:f1:e5:c1:cb:16:eb:67:4e:7d:e9:16:84:13:a8:17:
         40:98:08:4e:a7:ce:5c:79:6c:7e:9f:da:44:01:45:f2:75:df:
         55:de:94:11:49:c3:af:ca:06:84:31:05:fb:e0:05:5f:53:d5:
         dd:1b:04:6d:15:bf:b8:b3:d5:d8:c6:db:e1:54:bf:be:0c:fb:
         27:f8:ac:42:f8:3a:4c:28:fe:a2:b9:13:b0:13:31:60:dc:86:
         81:75:d0:d3:23:24:ce:88:c8:33:12:3b:37:0b:7b:7e:d7:07:
         d2:15:22:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoF9g9otgxP+c1UyI3DwCw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDIxMDg1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjgxMDg3MjY0YzMyN2JiMjk2ZTk4NjdlMGJiYzU2MjY4Nzc4MDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hCoZBqYF/3ih0fXotzKG6ZE0GYC
znFU5n5MmUBgiOfhy1GTyIHJwS8nvNqy9A5WDWu3svQDHGA1JKqX2nkTGwAsOqOH
+0PPWiL/D8TWKWcqA30Vq1+PlzyYancBynjpw96EfTBrMLIbkwfVOrnG0N77llj7
BSOuBtc/9oShPjlouqpP0oSsoxyjshSDn9dm+/CtqFDcALrw9YdYNToG9Q3imTB6
A/7Zp0NNqrzH4AO6T5npp3sYmv1k/luE9dqeiXni/BipuohQySo+dg/H1Ec1pZux
bY17QKq6c7gBM55FHKBsj/0ZVm9vKEJYVqfrpXbHddgq1qWIOjYlE6VL4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHuBCHJkwye7KW6YZ+C7xWJod4AHMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvZTRFSWNtVERKN3NwYnBobjRMdkZZbWgzZ0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwueGAwQA
wufHAwQAwufVMA0GCSqGSIb3DQEBCwUAA4IBAQARKOJh+oj8hdtcd/CGmdpBLXUm
FUZByArfHvRvE9InUOKON7gqPbI+1kkgiL4wOH9C+o5lxEyd8EAtPk54wIBJrSpM
V5+IM2loWb4w7DSpDUI1vB9z0t5kVee4BbLUXWea/PPQ/P4v8DCDmnPuXk4YUMXA
A+Jh8fMotsolX1fhs12Llvmz/DGZ9bRGD7iiqi5wZbrx5cHLFutnTn3pFoQTqBdA
mAhOp85ceWx+n9pEAUXydd9V3pQRScOvygaEMQX74AVfU9XdGwRtFb+4s9XYxtvh
VL++DPsn+KxC+DpMKP6iuROwEzFg3IaBddDTIyTOiMgzEjs3C3t+1wfSFSKp
-----END CERTIFICATE-----