Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/BxddjahH2171w7GmMqbZNhomPyU.roa
File:                     BxddjahH2171w7GmMqbZNhomPyU.roa (raw, json)
Hash identifier:          ypnvvUnvoitkABSpz4FhkhnQBDw9HkjmFGp+6NUX7eo=
Subject key identifier:   07:17:5D:8D:A8:47:DB:5E:F5:C3:B1:A6:32:A6:D9:36:1A:26:3F:25
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D196F3076BB1FE59E74CA4BBEB4418415
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/BxddjahH2171w7GmMqbZNhomPyU.roa
Signing time:             Mon 23 Mar 2026 06:43:30 +0000
ROA not before:           Mon 23 Mar 2026 06:43:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        194.231.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:6f:30:76:bb:1f:e5:9e:74:ca:4b:be:b4:41:84:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Mar 23 06:43:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07175d8da847db5ef5c3b1a632a6d9361a263f25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:95:04:ef:a5:d1:f5:09:0e:bb:48:58:65:70:
                    2d:fd:fc:c7:46:51:04:74:86:b7:a1:04:84:ce:4f:
                    9e:82:9c:46:5a:03:90:8c:b9:c7:81:db:65:05:bf:
                    9e:9c:23:a3:73:4a:de:22:c1:fc:6e:a5:e6:36:c9:
                    cb:7d:55:7a:17:f6:a8:b8:97:3e:55:d1:5e:af:f4:
                    35:e6:eb:83:b9:2b:00:2a:1c:dc:98:6c:4b:25:d2:
                    f2:61:43:9c:c2:1c:37:89:d9:0b:ac:1f:03:f0:d8:
                    0d:6c:07:e7:53:89:39:5b:ec:cb:44:91:9d:bf:0d:
                    6f:b4:47:6f:cf:f7:56:50:2c:28:62:57:a2:4b:6c:
                    c7:3a:2e:36:51:4e:48:0a:ca:b4:35:df:66:b1:a7:
                    66:db:00:b7:bd:94:5a:12:54:d9:fc:8a:46:a9:2b:
                    79:9c:30:5e:69:aa:18:8e:5f:80:b9:08:5a:5d:a9:
                    62:90:63:a2:a2:5b:c1:e4:90:56:05:1d:97:a6:20:
                    fd:10:5a:b3:37:28:55:5c:ff:64:f6:e4:de:89:37:
                    b6:35:61:e6:6f:d9:ef:2a:2c:8e:bc:1c:1a:8a:73:
                    ab:af:fe:8d:7c:65:19:e4:9f:f8:42:70:e8:2b:eb:
                    4e:1a:92:30:83:2d:1f:ea:a0:b3:cf:ed:32:3a:c9:
                    7e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:17:5D:8D:A8:47:DB:5E:F5:C3:B1:A6:32:A6:D9:36:1A:26:3F:25
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/BxddjahH2171w7GmMqbZNhomPyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:81:7d:9a:1a:2b:87:e3:c3:52:34:69:6b:2a:e0:ab:f3:bc:
         3a:80:d7:67:77:af:15:51:7d:7c:a7:60:47:f1:b0:18:f7:6e:
         f4:30:83:f7:13:95:03:3d:61:c5:0a:0d:56:24:07:0f:8a:ac:
         aa:63:00:15:da:77:88:93:44:56:8b:44:34:8d:8b:80:a5:f4:
         fe:3a:21:9e:de:6b:ab:fa:63:47:e5:50:6b:8a:c9:e2:67:d9:
         c5:6d:89:c5:61:af:68:11:bb:97:19:ac:42:8a:da:a4:db:db:
         08:9f:d4:b2:01:f2:67:f6:79:a9:2b:38:9e:84:10:d0:81:1d:
         c1:c4:a6:e4:f3:60:83:da:e2:fb:02:d5:27:3d:81:b8:08:ab:
         00:eb:4e:f2:a6:4b:81:e6:d7:cb:64:03:47:2a:25:7f:64:41:
         6f:42:3f:01:90:a8:f1:5b:c5:32:ed:1d:91:00:cf:fd:c1:e6:
         03:b8:ff:e9:4a:be:85:43:db:77:53:b1:a4:1b:34:97:9a:42:
         1a:e8:05:60:1d:11:05:8d:2a:8e:6f:88:a3:a2:53:9b:28:28:
         73:9b:13:40:15:00:00:5a:b7:4a:bf:bc:ce:a1:2a:38:84:8f:
         8d:94:42:e9:28:b4:48:c0:38:be:61:08:2e:9f:7f:a3:67:8b:
         22:57:94:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ZbzB2ux/lnnTKS760QYQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMzIzMDY0MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzE3NWQ4ZGE4NDdkYjVlZjVjM2IxYTYzMmE2ZDkzNjFhMjYzZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZUE76XR9QkOu0hYZXAt/fzHRlEE
dIa3oQSEzk+egpxGWgOQjLnHgdtlBb+enCOjc0reIsH8bqXmNsnLfVV6F/aouJc+
VdFer/Q15uuDuSsAKhzcmGxLJdLyYUOcwhw3idkLrB8D8NgNbAfnU4k5W+zLRJGd
vw1vtEdvz/dWUCwoYleiS2zHOi42UU5ICsq0Nd9msadm2wC3vZRaElTZ/IpGqSt5
nDBeaaoYjl+AuQhaXalikGOiolvB5JBWBR2XpiD9EFqzNyhVXP9k9uTeiTe2NWHm
b9nvKiyOvBwainOrr/6NfGUZ5J/4QnDoK+tOGpIwgy0f6qCzz+0yOsl+KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcXXY2oR9te9cOxpjKm2TYaJj8lMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvQnhkZGphaEgyMTcxdzdHbU1xYlpOaG9tUHlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueIMA0G
CSqGSIb3DQEBCwUAA4IBAQAogX2aGiuH48NSNGlrKuCr87w6gNdnd68VUX18p2BH
8bAY9270MIP3E5UDPWHFCg1WJAcPiqyqYwAV2neIk0RWi0Q0jYuApfT+OiGe3mur
+mNH5VBrisniZ9nFbYnFYa9oEbuXGaxCitqk29sIn9SyAfJn9nmpKziehBDQgR3B
xKbk82CD2uL7AtUnPYG4CKsA607ypkuB5tfLZANHKiV/ZEFvQj8BkKjxW8Uy7R2R
AM/9weYDuP/pSr6FQ9t3U7GkGzSXmkIa6AVgHREFjSqOb4ijolObKChzmxNAFQAA
WrdKv7zOoSo4hI+NlELpKLRIwDi+YQgun3+jZ4siV5S9
-----END CERTIFICATE-----