Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/n6H2_LtThO74WYylgbhN-ge0ejI.roa
File:                     n6H2_LtThO74WYylgbhN-ge0ejI.roa (raw, json)
Hash identifier:          xtVAIpIIKuZ9XQjmBX+xxhytX4spjUL06nJ9AG70n7s=
Subject key identifier:   9F:A1:F6:FC:BB:53:84:EE:F8:59:8C:A5:81:B8:4D:FA:07:B4:7A:32
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DD9E83F4CDE478F5AF5DAA336A3E41151
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/n6H2_LtThO74WYylgbhN-ge0ejI.roa
Signing time:             Wed 29 Apr 2026 15:42:49 +0000
ROA not before:           Wed 29 Apr 2026 15:42:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402298
IP address blocks:        194.231.159.0/24 maxlen: 24
                          194.231.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 12:23:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:e8:3f:4c:de:47:8f:5a:f5:da:a3:36:a3:e4:11:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 29 15:42:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9fa1f6fcbb5384eef8598ca581b84dfa07b47a32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bd:c1:35:f3:05:c2:34:73:69:2b:c2:ee:4a:
                    92:c2:50:e9:dd:e8:cd:83:c2:32:42:36:a8:24:da:
                    ef:14:21:9f:72:e8:bd:05:c1:78:b9:ae:54:0a:2e:
                    a4:47:da:fb:29:a2:b5:7c:02:29:7b:2e:5b:6d:97:
                    8a:88:48:ca:a5:60:83:2c:71:06:36:57:dc:93:8d:
                    e9:36:ba:12:d7:d9:07:de:97:55:1f:8c:65:ee:42:
                    56:ab:3d:ef:91:3a:c0:fe:e1:7f:b8:20:a5:e2:12:
                    2e:d3:6a:92:f7:af:01:ec:e2:b6:95:77:a2:27:67:
                    6a:ad:fa:a3:de:54:29:92:c8:9a:d5:9b:bb:26:3c:
                    a3:b7:2f:3f:df:c0:96:84:ab:e4:33:7b:47:ab:8e:
                    6f:ce:5a:73:45:be:0d:de:56:39:40:79:47:be:28:
                    b6:87:ba:a9:f4:31:18:81:43:1c:6e:1d:89:b4:d2:
                    a2:4c:59:1d:32:06:63:12:9e:e3:ad:3e:0e:ef:60:
                    b0:cd:c7:b8:c3:1a:96:61:c4:62:c3:24:bb:83:c8:
                    c7:60:80:3f:5f:7a:a4:c8:83:bd:e9:ec:5b:05:21:
                    85:15:a3:27:a9:9b:c9:48:a9:69:07:29:a5:3b:95:
                    22:c6:53:bb:fd:2d:26:7b:7d:e8:ac:82:90:79:ac:
                    0a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A1:F6:FC:BB:53:84:EE:F8:59:8C:A5:81:B8:4D:FA:07:B4:7A:32
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/n6H2_LtThO74WYylgbhN-ge0ejI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.159.0/24
                  194.231.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:c4:b0:19:79:a7:50:e4:a5:de:a5:7c:6e:c8:05:d0:3d:8b:
         dd:8b:d9:d9:54:4e:bc:b0:24:46:72:0a:9b:07:cf:cb:9f:70:
         94:b7:60:cd:c2:95:23:6b:05:87:18:5f:ca:42:1f:cc:5b:23:
         dc:16:35:cd:8e:09:da:41:11:fd:76:38:bf:dd:82:91:16:59:
         89:b7:04:97:9b:29:b5:3e:2c:f1:f4:24:d3:8d:70:8f:4f:c5:
         0c:6d:c9:cb:29:1e:4d:88:fe:42:fc:dc:e3:74:9c:2f:6b:ee:
         36:6b:96:b7:b3:2f:0a:69:aa:ba:36:5e:9d:5c:63:ce:f9:72:
         59:c5:81:b6:96:a2:49:92:cf:a8:f5:b4:68:20:ed:a7:68:3a:
         f9:3d:66:01:9a:9f:7f:d0:5b:10:de:c3:73:46:dc:6a:6e:4f:
         eb:2c:f8:7f:ed:f6:3c:25:22:8c:0f:f3:0d:92:c6:b7:32:fe:
         33:09:26:f5:f1:cc:82:5d:fe:e5:f4:14:49:2a:06:99:ab:4a:
         4e:c0:cc:ba:ef:df:48:4b:68:ee:2b:35:1b:7a:d9:94:4e:f4:
         15:fc:ba:1f:4b:4e:20:ef:8d:06:d7:f1:f0:2b:c9:74:55:50:
         13:43:16:68:a3:ac:b4:c4:5e:50:e6:09:6a:2b:b3:c0:ee:d9:
         21:47:47:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3Z6D9M3kePWvXaozaj5BFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDI5MTU0MjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmExZjZmY2JiNTM4NGVlZjg1OThjYTU4MWI4NGRmYTA3YjQ3YTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2r3BNfMFwjRzaSvC7kqSwlDp3ejN
g8IyQjaoJNrvFCGfcui9BcF4ua5UCi6kR9r7KaK1fAIpey5bbZeKiEjKpWCDLHEG
Nlfck43pNroS19kH3pdVH4xl7kJWqz3vkTrA/uF/uCCl4hIu02qS968B7OK2lXei
J2dqrfqj3lQpksia1Zu7Jjyjty8/38CWhKvkM3tHq45vzlpzRb4N3lY5QHlHvii2
h7qp9DEYgUMcbh2JtNKiTFkdMgZjEp7jrT4O72Cwzce4wxqWYcRiwyS7g8jHYIA/
X3qkyIO96exbBSGFFaMnqZvJSKlpBymlO5UixlO7/S0me33orIKQeawKmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ+h9vy7U4Tu+FmMpYG4TfoHtHoyMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvbjZIMl9MdFRoTzc0V1l5bGdiaE4tZ2UwZWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwuefAwQA
wufLMA0GCSqGSIb3DQEBCwUAA4IBAQCyxLAZeadQ5KXepXxuyAXQPYvdi9nZVE68
sCRGcgqbB8/Ln3CUt2DNwpUjawWHGF/KQh/MWyPcFjXNjgnaQRH9dji/3YKRFlmJ
twSXmym1Pizx9CTTjXCPT8UMbcnLKR5NiP5C/NzjdJwva+42a5a3sy8Kaaq6Nl6d
XGPO+XJZxYG2lqJJks+o9bRoIO2naDr5PWYBmp9/0FsQ3sNzRtxqbk/rLPh/7fY8
JSKMD/MNksa3Mv4zCSb18cyCXf7l9BRJKgaZq0pOwMy6799IS2juKzUbetmUTvQV
/LofS04g740G1/HwK8l0VVATQxZoo6y0xF5Q5glqK7PA7tkhR0fu
-----END CERTIFICATE-----