Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/q2tPuw6rk2tz9Oo3Rx2-JB3TRmA.roa
File:                     q2tPuw6rk2tz9Oo3Rx2-JB3TRmA.roa (raw, json)
Hash identifier:          j5g0URUk4RLFEd/BBIsBFOPVGTP4JzmfeMLcw1QVmDM=
Subject key identifier:   AB:6B:4F:BB:0E:AB:93:6B:73:F4:EA:37:47:1D:BE:24:1D:D3:46:60
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019A05F43AFF1BCFE3E0898187FC44C72CA8
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/q2tPuw6rk2tz9Oo3Rx2-JB3TRmA.roa
Signing time:             Tue 21 Oct 2025 08:48:03 +0000
ROA not before:           Tue 21 Oct 2025 08:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        194.231.140.0/24 maxlen: 24
                          194.231.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 08:33:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:f4:3a:ff:1b:cf:e3:e0:89:81:87:fc:44:c7:2c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 21 08:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab6b4fbb0eab936b73f4ea37471dbe241dd34660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b1:52:10:4d:2a:6f:b9:b1:1a:60:dc:58:45:
                    30:17:f7:39:46:eb:4f:56:b5:00:4d:a8:eb:f9:c4:
                    00:20:ea:a0:c4:f1:f9:60:24:a7:87:f1:70:cc:f0:
                    33:08:c6:47:12:fa:a4:c4:99:ae:e0:ae:8b:0d:fe:
                    28:ff:55:5f:4c:f9:8f:d4:aa:02:1a:a2:ac:1d:d7:
                    d3:8a:b5:b7:bf:57:3d:d8:1e:f1:88:b7:40:6b:61:
                    3b:55:0f:1a:6f:ee:a4:3d:64:68:aa:41:d1:fd:35:
                    b0:4a:c4:24:f4:ec:42:4e:b8:cc:50:9e:95:5d:47:
                    a7:45:ff:76:6c:72:21:5b:e1:05:1d:40:07:e4:c3:
                    16:02:91:e9:f1:7f:26:7e:33:ea:77:70:2c:e4:1c:
                    fa:21:50:09:4a:cf:87:26:c8:51:1e:7d:0f:ad:a8:
                    bb:64:55:ae:a8:21:4e:10:26:1d:df:2c:f4:6f:a2:
                    a7:89:c9:72:27:8e:3b:34:51:f7:e4:2c:f2:a9:74:
                    1c:d9:b8:24:38:6e:d2:23:90:07:fe:22:f2:59:e7:
                    c7:7f:43:98:24:26:84:2c:b0:04:53:ef:64:ae:7f:
                    68:17:fc:93:42:2e:6c:db:c0:93:32:0f:d2:00:a1:
                    c6:81:35:3d:ab:22:95:35:fa:9b:e3:3b:cd:6a:6b:
                    44:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:6B:4F:BB:0E:AB:93:6B:73:F4:EA:37:47:1D:BE:24:1D:D3:46:60
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/q2tPuw6rk2tz9Oo3Rx2-JB3TRmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.140.0/24
                  194.231.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:44:96:69:b4:05:a5:cc:7d:0e:b9:b6:49:b3:8c:15:ca:ee:
         56:e9:09:8b:0b:54:34:5e:40:48:28:e2:8f:78:8b:c6:63:6d:
         33:da:53:49:56:eb:ca:57:18:b4:12:ec:96:0b:5b:02:04:ba:
         17:1a:78:44:66:55:e8:62:16:74:9b:21:0c:ff:80:6b:53:63:
         5e:4c:4b:bf:27:f8:80:45:04:b9:c1:33:b8:ae:ec:3d:6c:dc:
         bb:9b:5b:09:d2:e0:31:2b:24:0d:46:05:4c:7d:29:61:29:6d:
         d3:52:06:31:88:f6:9a:61:5d:4b:31:b4:b3:74:6c:fb:38:13:
         56:a4:de:70:43:3e:ed:e6:ab:9b:7a:e1:96:9f:af:ac:36:c1:
         d4:2d:a0:ca:88:39:21:23:4d:6d:ba:d2:23:bc:50:e8:e6:24:
         b7:86:2b:57:b9:b3:97:c1:21:f3:4f:2c:75:97:ec:28:ff:4a:
         dd:9d:83:ea:7e:a1:ad:34:93:dd:d1:7f:df:5a:c9:24:a1:c5:
         54:0d:17:13:21:2a:ad:68:92:c1:bf:51:a0:d7:5c:bf:82:b9:
         4b:61:be:d4:74:3f:8b:8f:cc:d1:5f:f3:47:70:62:7e:d6:f9:
         9d:53:91:d1:af:11:08:2b:6b:be:42:db:2e:07:db:67:95:8b:
         6f:e4:a6:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoF9Dr/G8/j4ImBh/xExyyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDIxMDg0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjZiNGZiYjBlYWI5MzZiNzNmNGVhMzc0NzFkYmUyNDFkZDM0NjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbFSEE0qb7mxGmDcWEUwF/c5RutP
VrUATajr+cQAIOqgxPH5YCSnh/FwzPAzCMZHEvqkxJmu4K6LDf4o/1VfTPmP1KoC
GqKsHdfTirW3v1c92B7xiLdAa2E7VQ8ab+6kPWRoqkHR/TWwSsQk9OxCTrjMUJ6V
XUenRf92bHIhW+EFHUAH5MMWApHp8X8mfjPqd3As5Bz6IVAJSs+HJshRHn0Prai7
ZFWuqCFOECYd3yz0b6KniclyJ447NFH35CzyqXQc2bgkOG7SI5AH/iLyWefHf0OY
JCaELLAEU+9krn9oF/yTQi5s28CTMg/SAKHGgTU9qyKVNfqb4zvNamtEpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKtrT7sOq5Nrc/TqN0cdviQd00ZgMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvcTJ0UHV3NnJrMnR6OU9vM1J4Mi1KQjNUUm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwueMAwQA
wuePMA0GCSqGSIb3DQEBCwUAA4IBAQBaRJZptAWlzH0OubZJs4wVyu5W6QmLC1Q0
XkBIKOKPeIvGY20z2lNJVuvKVxi0EuyWC1sCBLoXGnhEZlXoYhZ0myEM/4BrU2Ne
TEu/J/iARQS5wTO4ruw9bNy7m1sJ0uAxKyQNRgVMfSlhKW3TUgYxiPaaYV1LMbSz
dGz7OBNWpN5wQz7t5qubeuGWn6+sNsHULaDKiDkhI01tutIjvFDo5iS3hitXubOX
wSHzTyx1l+wo/0rdnYPqfqGtNJPd0X/fWskkocVUDRcTISqtaJLBv1Gg11y/grlL
Yb7UdD+Lj8zRX/NHcGJ+1vmdU5HRrxEIK2u+QtsuB9tnlYtv5KZ2
-----END CERTIFICATE-----