Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/6siOHcdlS5RitqPjNF4POa_gY58.roa
File:                     6siOHcdlS5RitqPjNF4POa_gY58.roa (raw, json)
Hash identifier:          ajTavDxoD5dYLP/t2umsdl7OjHkopuBBC6oziMQyVVQ=
Subject key identifier:   EA:C8:8E:1D:C7:65:4B:94:62:B6:A3:E3:34:5E:0F:39:AF:E0:63:9F
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019898A5458E3D7E96F13AE35A1C5361C353
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/6siOHcdlS5RitqPjNF4POa_gY58.roa
Signing time:             Mon 11 Aug 2025 10:20:24 +0000
ROA not before:           Mon 11 Aug 2025 10:20:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        194.231.156.0/22 maxlen: 24
                          194.231.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 23:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:a5:45:8e:3d:7e:96:f1:3a:e3:5a:1c:53:61:c3:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Aug 11 10:20:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eac88e1dc7654b9462b6a3e3345e0f39afe0639f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:bd:b6:12:cd:cd:c8:b7:0e:36:2f:65:f6:1d:
                    3f:82:f0:23:e4:7c:75:a6:4f:52:2a:3d:c5:ad:3c:
                    2a:61:c3:39:0e:b3:40:4b:15:a2:83:ac:8e:34:d0:
                    a2:0a:c4:66:0d:fb:05:26:e0:fb:4f:10:2d:fe:f1:
                    c6:31:ad:23:be:62:e9:5f:84:26:79:5a:fd:ba:1c:
                    c9:bb:4a:6e:00:fc:ea:20:01:3a:c8:fd:6c:c9:8c:
                    c0:00:69:1c:9a:66:14:f6:8c:5f:23:59:89:cf:99:
                    f8:ac:80:8d:6a:ce:45:33:77:e2:27:ef:c7:cd:f2:
                    a1:5b:29:06:0d:67:53:75:b4:d8:e7:32:d1:3e:e8:
                    70:45:d7:3a:58:16:b3:1f:85:e4:70:3a:14:5b:70:
                    20:c5:9a:a7:3b:90:25:27:53:7a:18:26:96:46:1f:
                    ef:b9:cd:28:6a:b1:06:a1:40:60:00:b1:66:7d:19:
                    cd:d4:8b:54:03:c6:34:9c:3e:02:90:95:b0:0f:db:
                    e2:8c:ec:b1:a3:70:d1:2d:13:97:cd:1d:07:0c:86:
                    db:c8:a1:8b:49:5d:0c:30:bf:f7:02:3e:2b:70:39:
                    77:dd:e8:c4:1b:0f:e5:f1:49:3a:8a:66:ea:3d:e5:
                    62:25:1f:85:8f:6b:d0:3a:cf:a8:f8:c3:7b:90:0a:
                    52:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C8:8E:1D:C7:65:4B:94:62:B6:A3:E3:34:5E:0F:39:AF:E0:63:9F
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/6siOHcdlS5RitqPjNF4POa_gY58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.156.0/22
                  194.231.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cc:69:40:ed:01:29:29:39:df:bc:8e:d7:4a:b4:a8:4a:03:49:
         66:84:96:ed:36:84:58:cd:79:bf:b3:fa:e3:42:48:5d:4b:d8:
         d1:f5:59:b1:92:ae:ca:52:3e:f8:1d:70:63:d2:43:11:cf:d0:
         bd:c8:6c:40:92:c5:0b:9c:4d:5f:82:20:5b:c1:50:c7:51:d1:
         6e:86:bb:46:25:85:6c:1f:39:84:37:cc:52:79:6a:7a:87:97:
         cd:57:ac:d7:2f:2b:f8:c8:a9:3c:24:ea:cf:6b:e5:11:3a:f0:
         7e:0c:83:1f:fb:91:cf:64:ce:5f:65:d3:29:9e:45:71:0e:12:
         c9:07:39:59:ee:e0:f3:33:cd:33:5a:ae:0b:67:1e:88:a3:bb:
         b8:c1:47:11:46:4d:37:57:d8:19:c3:bd:3f:fe:47:e7:ce:4c:
         87:a9:6f:8b:96:6d:2f:bc:56:21:bb:78:81:d5:12:d4:8b:dd:
         53:3d:51:4e:68:26:05:6e:4e:26:43:5a:9c:ec:36:01:47:a8:
         7c:f2:ec:fb:b1:24:5e:90:20:2b:0b:a2:da:c2:f0:a3:ab:8b:
         48:98:89:57:9c:75:1f:c4:9e:8f:94:f3:89:58:83:9f:9b:b6:
         d1:00:a1:6c:03:3f:55:03:e4:ac:89:a5:21:3d:41:bf:8a:ba:
         31:39:80:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiYpUWOPX6W8TrjWhxTYcNTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwODExMTAyMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWM4OGUxZGM3NjU0Yjk0NjJiNmEzZTMzNDVlMGYzOWFmZTA2MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub22Es3NyLcONi9l9h0/gvAj5Hx1
pk9SKj3FrTwqYcM5DrNASxWig6yONNCiCsRmDfsFJuD7TxAt/vHGMa0jvmLpX4Qm
eVr9uhzJu0puAPzqIAE6yP1syYzAAGkcmmYU9oxfI1mJz5n4rICNas5FM3fiJ+/H
zfKhWykGDWdTdbTY5zLRPuhwRdc6WBazH4XkcDoUW3AgxZqnO5AlJ1N6GCaWRh/v
uc0oarEGoUBgALFmfRnN1ItUA8Y0nD4CkJWwD9vijOyxo3DRLROXzR0HDIbbyKGL
SV0MML/3Aj4rcDl33ejEGw/l8Uk6imbqPeViJR+Fj2vQOs+o+MN7kApSnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOrIjh3HZUuUYraj4zReDzmv4GOfMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvNnNpT0hjZGxTNVJpdHFQak5GNFBPYV9nWTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwuecAwQC
wufcMA0GCSqGSIb3DQEBCwUAA4IBAQDMaUDtASkpOd+8jtdKtKhKA0lmhJbtNoRY
zXm/s/rjQkhdS9jR9Vmxkq7KUj74HXBj0kMRz9C9yGxAksULnE1fgiBbwVDHUdFu
hrtGJYVsHzmEN8xSeWp6h5fNV6zXLyv4yKk8JOrPa+UROvB+DIMf+5HPZM5fZdMp
nkVxDhLJBzlZ7uDzM80zWq4LZx6Io7u4wUcRRk03V9gZw70//kfnzkyHqW+Llm0v
vFYhu3iB1RLUi91TPVFOaCYFbk4mQ1qc7DYBR6h88uz7sSRekCArC6LawvCjq4tI
mIlXnHUfxJ6PlPOJWIOfm7bRAKFsAz9VA+SsiaUhPUG/iroxOYAg
-----END CERTIFICATE-----