Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/89MAqRkvy-GVjsIVKSKJvXSHzuU.roa
File:                     89MAqRkvy-GVjsIVKSKJvXSHzuU.roa (raw, json)
Hash identifier:          LJCIfS1pILXbJBnZfZLyvlq568BtJwrXWx1hw4AyEKY=
Subject key identifier:   F3:D3:00:A9:19:2F:CB:E1:95:8E:C2:15:29:22:89:BD:74:87:CE:E5
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019932E9EA90962FD26CA69C955D219151FD
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/89MAqRkvy-GVjsIVKSKJvXSHzuU.roa
Signing time:             Wed 10 Sep 2025 09:16:54 +0000
ROA not before:           Wed 10 Sep 2025 09:16:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140641
IP address blocks:        194.231.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:32:e9:ea:90:96:2f:d2:6c:a6:9c:95:5d:21:91:51:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Sep 10 09:16:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3d300a9192fcbe1958ec215292289bd7487cee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fc:d1:3d:3d:1e:e9:26:bb:11:4e:0e:0f:0f:
                    04:0d:1f:05:bb:3a:2a:05:51:25:e1:e0:31:03:51:
                    9f:3e:79:fa:2c:f4:5d:b0:30:6b:e0:e2:09:2a:1a:
                    1d:8b:8e:ba:3c:36:8a:4a:b6:0d:c0:37:56:54:03:
                    50:68:32:3d:ad:3c:ba:84:69:c3:d5:1e:78:58:2a:
                    1d:70:a3:ba:ba:54:ee:ea:9b:f8:0b:46:13:da:58:
                    10:ee:4f:bc:bb:56:92:36:20:df:07:22:91:05:13:
                    4b:eb:ab:53:5d:a6:7d:78:fb:24:8f:c3:34:58:78:
                    88:20:1d:56:65:bf:c7:6c:42:8a:7c:29:85:4b:d1:
                    86:e7:c0:9b:9d:68:51:af:ed:cf:fa:19:87:fb:7a:
                    85:84:eb:f3:88:d4:fb:04:c6:4d:b8:cf:b7:a8:96:
                    46:fa:b2:f2:d3:52:96:71:91:73:1d:85:83:ab:0a:
                    f1:30:b4:05:d6:9d:df:74:b2:51:f2:be:87:45:5c:
                    91:e0:25:23:6a:ab:51:72:66:77:4d:31:c4:0d:f9:
                    7c:fe:2e:b8:c1:3b:89:ca:a6:8c:87:c1:fd:ac:2f:
                    62:21:54:be:ef:4f:27:55:18:59:a3:f5:9c:c6:db:
                    13:b4:52:a5:d0:96:fa:d0:47:6e:f7:64:6f:d2:14:
                    5c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D3:00:A9:19:2F:CB:E1:95:8E:C2:15:29:22:89:BD:74:87:CE:E5
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/89MAqRkvy-GVjsIVKSKJvXSHzuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:b1:b9:e6:6c:27:0a:68:cb:06:bd:7e:47:86:0a:05:9e:db:
         7a:8c:c5:5c:f1:82:99:62:a3:3a:5f:55:51:f5:57:ee:d5:c9:
         6b:5e:bc:01:7b:cd:c0:ae:1c:e2:a9:fc:f5:e5:68:77:4f:e2:
         9f:02:43:56:e6:0b:57:4b:fc:27:e8:a9:e3:3b:5b:78:8c:07:
         de:06:4c:74:a3:04:71:35:4c:cd:1a:78:23:d4:15:ac:fe:60:
         f6:bd:5f:93:d4:d3:a3:a6:78:dc:62:e3:ad:20:90:e1:de:b6:
         d6:32:6a:46:e8:5a:42:65:3a:fc:89:5c:4a:b0:d3:32:cf:a6:
         ae:12:a6:7b:7b:bf:2d:9e:0d:e2:c5:01:ce:86:95:d5:0a:f3:
         61:f2:a2:e7:65:b7:02:bd:5a:48:78:2f:2c:eb:c5:70:46:aa:
         03:99:8f:bf:fe:21:f9:3a:f8:63:dc:54:a6:71:c0:46:e8:69:
         83:be:d6:3e:72:51:6c:f3:cc:51:11:29:e2:df:bd:27:a2:e8:
         8b:af:30:38:25:36:5b:a1:b5:69:6c:38:14:2f:40:62:66:0e:
         60:74:13:17:71:5c:a1:33:e7:2f:d0:f7:f2:b2:8a:70:fe:29:
         5e:da:cc:75:30:7d:fd:b5:2e:54:94:fb:8e:59:12:d1:53:74:
         32:aa:a7:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZky6eqQli/SbKaclV0hkVH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwOTEwMDkxNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2QzMDBhOTE5MmZjYmUxOTU4ZWMyMTUyOTIyODliZDc0ODdjZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfzRPT0e6Sa7EU4ODw8EDR8Fuzoq
BVEl4eAxA1GfPnn6LPRdsDBr4OIJKhodi466PDaKSrYNwDdWVANQaDI9rTy6hGnD
1R54WCodcKO6ulTu6pv4C0YT2lgQ7k+8u1aSNiDfByKRBRNL66tTXaZ9ePskj8M0
WHiIIB1WZb/HbEKKfCmFS9GG58CbnWhRr+3P+hmH+3qFhOvziNT7BMZNuM+3qJZG
+rLy01KWcZFzHYWDqwrxMLQF1p3fdLJR8r6HRVyR4CUjaqtRcmZ3TTHEDfl8/i64
wTuJyqaMh8H9rC9iIVS+708nVRhZo/WcxtsTtFKl0Jb60Edu92Rv0hRcgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPTAKkZL8vhlY7CFSkiib10h87lMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvODlNQXFSa3Z5LUdWanNJVktTS0p2WFNIenVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueNMA0G
CSqGSIb3DQEBCwUAA4IBAQBTsbnmbCcKaMsGvX5HhgoFntt6jMVc8YKZYqM6X1VR
9Vfu1clrXrwBe83Arhziqfz15Wh3T+KfAkNW5gtXS/wn6KnjO1t4jAfeBkx0owRx
NUzNGngj1BWs/mD2vV+T1NOjpnjcYuOtIJDh3rbWMmpG6FpCZTr8iVxKsNMyz6au
EqZ7e78tng3ixQHOhpXVCvNh8qLnZbcCvVpIeC8s68VwRqoDmY+//iH5Ovhj3FSm
ccBG6GmDvtY+clFs88xRESni370nouiLrzA4JTZbobVpbDgUL0BiZg5gdBMXcVyh
M+cv0Pfysopw/ile2sx1MH39tS5UlPuOWRLRU3QyqqeL
-----END CERTIFICATE-----