Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/lDDajLDi6SdWHSY71XDvE6ZwBFo.roa
File:                     lDDajLDi6SdWHSY71XDvE6ZwBFo.roa (raw, json)
Hash identifier:          y32SCFAoMXLCt5dB7M7FrFz27zGHZxqmgKt1ibHWTf0=
Subject key identifier:   94:30:DA:8C:B0:E2:E9:27:56:1D:26:3B:D5:70:EF:13:A6:70:04:5A
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0199D5728CB166A3671CEC1777276A6CE94D
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/lDDajLDi6SdWHSY71XDvE6ZwBFo.roa
Signing time:             Sat 11 Oct 2025 22:44:38 +0000
ROA not before:           Sat 11 Oct 2025 22:44:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        194.231.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Oct 2025 14:17:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d5:72:8c:b1:66:a3:67:1c:ec:17:77:27:6a:6c:e9:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 11 22:44:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9430da8cb0e2e927561d263bd570ef13a670045a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9c:47:16:44:b6:69:0c:23:13:61:d2:d9:04:
                    ff:c8:a9:72:6d:e8:ab:fc:e1:b6:7c:60:47:6e:d8:
                    c0:12:56:3f:30:9d:cc:da:7d:12:4d:bd:2b:87:c4:
                    2a:23:54:e7:e8:45:86:23:24:37:bc:69:e6:07:90:
                    78:9a:c5:aa:cb:8f:ae:50:92:b8:d4:d7:1e:62:60:
                    3f:18:50:13:cc:32:f3:c6:1e:31:19:60:b5:d5:ba:
                    81:85:4e:39:a5:08:3d:b8:43:88:86:97:23:ea:b4:
                    05:8f:38:6a:e9:f9:80:57:01:33:32:04:69:49:e2:
                    7f:12:aa:eb:8e:e7:a3:6e:26:a7:01:b0:c4:b7:d5:
                    87:00:e4:c8:45:e4:77:30:d4:42:e3:70:85:08:c8:
                    e3:20:b9:39:da:67:d0:a7:bb:c4:3d:11:33:29:03:
                    6a:80:92:24:b0:e5:df:3d:e3:fb:ed:6e:0a:18:11:
                    34:13:a8:9e:70:11:46:8e:85:cc:fa:2d:40:7c:fb:
                    78:33:10:56:ea:f5:11:dd:fd:5e:a3:54:bf:c3:39:
                    90:63:a9:b2:33:d6:b7:0c:29:7f:1d:6e:17:03:69:
                    76:29:e1:3e:30:cf:17:19:b2:58:9b:5c:ab:56:19:
                    0e:8b:82:f2:e7:eb:17:fb:20:34:ab:9a:9c:4d:8d:
                    cc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:30:DA:8C:B0:E2:E9:27:56:1D:26:3B:D5:70:EF:13:A6:70:04:5A
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/lDDajLDi6SdWHSY71XDvE6ZwBFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:b5:e2:cc:a7:9e:be:79:78:fc:ae:67:40:78:8c:91:d8:b4:
         fd:f8:f8:0d:82:48:04:94:79:fa:77:30:98:f6:4a:57:d4:ee:
         57:9e:86:07:55:f0:98:30:07:fc:2e:85:9e:a7:83:c6:2e:69:
         bb:c8:e2:b6:8d:7c:1f:37:1f:bf:c7:32:4d:b1:a1:22:27:40:
         3b:0b:7d:e4:b6:09:81:a4:f0:cf:70:40:d2:36:71:e5:f3:9c:
         7f:78:cc:88:93:0e:48:2a:2d:28:a6:ab:b9:82:9b:be:a5:5c:
         fd:1e:e5:e6:1c:37:03:d3:ba:6e:d8:2e:bb:61:fc:16:07:26:
         ab:02:d4:6c:7f:80:c9:08:ae:a0:90:92:40:1f:9c:cf:57:af:
         c9:2e:36:4b:35:c8:c4:8e:cf:b8:24:13:03:60:d2:65:f9:66:
         66:f1:7d:44:20:a5:c1:3f:62:5e:e1:cc:cf:4a:14:d0:c9:a1:
         3c:5f:92:d2:cd:15:23:b6:94:87:9d:d5:53:e5:ed:01:c1:5f:
         b5:cb:3e:ec:8e:7f:95:27:61:de:dc:56:04:b3:fc:f3:cb:ba:
         83:67:6b:a0:1d:7b:7b:37:a8:7d:a4:b4:65:3d:04:f4:ab:bd:
         0c:f8:8f:f1:89:7f:79:98:2b:51:fe:d8:a8:a6:13:5c:cb:66:
         94:e5:00:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnVcoyxZqNnHOwXdydqbOlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDExMjI0NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDMwZGE4Y2IwZTJlOTI3NTYxZDI2M2JkNTcwZWYxM2E2NzAwNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JxHFkS2aQwjE2HS2QT/yKlybeir
/OG2fGBHbtjAElY/MJ3M2n0STb0rh8QqI1Tn6EWGIyQ3vGnmB5B4msWqy4+uUJK4
1NceYmA/GFATzDLzxh4xGWC11bqBhU45pQg9uEOIhpcj6rQFjzhq6fmAVwEzMgRp
SeJ/EqrrjuejbianAbDEt9WHAOTIReR3MNRC43CFCMjjILk52mfQp7vEPREzKQNq
gJIksOXfPeP77W4KGBE0E6iecBFGjoXM+i1AfPt4MxBW6vUR3f1eo1S/wzmQY6my
M9a3DCl/HW4XA2l2KeE+MM8XGbJYm1yrVhkOi4Ly5+sX+yA0q5qcTY3MSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQw2oyw4uknVh0mO9Vw7xOmcARaMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvbEREYWpMRGk2U2RXSFNZNzFYRHZFNlp3QkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueFMA0G
CSqGSIb3DQEBCwUAA4IBAQAHteLMp56+eXj8rmdAeIyR2LT9+PgNgkgElHn6dzCY
9kpX1O5XnoYHVfCYMAf8LoWep4PGLmm7yOK2jXwfNx+/xzJNsaEiJ0A7C33ktgmB
pPDPcEDSNnHl85x/eMyIkw5IKi0opqu5gpu+pVz9HuXmHDcD07pu2C67YfwWByar
AtRsf4DJCK6gkJJAH5zPV6/JLjZLNcjEjs+4JBMDYNJl+WZm8X1EIKXBP2Je4czP
ShTQyaE8X5LSzRUjtpSHndVT5e0BwV+1yz7sjn+VJ2He3FYEs/zzy7qDZ2ugHXt7
N6h9pLRlPQT0q70M+I/xiX95mCtR/tiophNcy2aU5QCP
-----END CERTIFICATE-----