Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/CHsdF6PupZ5d9E4HeS4XE1gMONw.roa
File:                     CHsdF6PupZ5d9E4HeS4XE1gMONw.roa (raw, json)
Hash identifier:          GVrMhuyiUmWUY1iZsXPDshxV2RKC0oHiqa2uS9gFrDg=
Subject key identifier:   08:7B:1D:17:A3:EE:A5:9E:5D:F4:4E:07:79:2E:17:13:58:0C:38:DC
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019993D215A8969FC3279D5F363A19BBCBE1
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/CHsdF6PupZ5d9E4HeS4XE1gMONw.roa
Signing time:             Mon 29 Sep 2025 04:54:02 +0000
ROA not before:           Mon 29 Sep 2025 04:54:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203020
IP address blocks:        195.86.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:93:d2:15:a8:96:9f:c3:27:9d:5f:36:3a:19:bb:cb:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Sep 29 04:54:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=087b1d17a3eea59e5df44e07792e1713580c38dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:aa:b2:85:2f:74:8e:72:e9:a0:c4:db:16:b6:
                    6b:aa:7a:d3:8a:01:f6:40:6d:d9:04:1b:33:a6:fd:
                    2e:9f:89:a7:a5:a6:1b:f1:ba:e9:8d:c5:d2:6f:94:
                    29:6b:29:8d:3f:01:38:84:08:2f:fa:b6:a1:b2:e1:
                    5a:cf:3f:18:f9:8d:63:03:03:1f:c5:67:8a:0b:fc:
                    c0:c1:c4:17:de:a5:c0:76:87:b0:54:ac:77:51:65:
                    e1:7e:26:8d:d3:5b:9c:f6:b5:74:b5:3f:98:67:53:
                    71:10:f7:c2:eb:fa:97:11:55:03:5f:74:f5:27:ba:
                    de:4e:b3:c6:c6:d9:4b:f2:97:92:8f:30:24:bb:55:
                    b8:f5:10:00:2f:0a:d8:3e:82:45:9a:d4:61:0d:3f:
                    f9:51:71:e8:c2:f5:a2:09:72:ab:eb:ac:df:fa:92:
                    87:23:a7:8a:a9:6e:21:84:25:89:f3:b6:2f:fb:47:
                    3f:8b:df:23:65:23:69:19:db:d8:9d:f9:3e:f5:50:
                    22:2a:58:17:eb:23:cf:98:ff:c0:bb:76:2e:1a:57:
                    69:1c:79:c7:87:03:c5:f7:73:12:b7:db:16:f6:12:
                    a6:bb:1a:e0:c3:56:00:bd:58:10:6f:89:80:79:fe:
                    59:58:c6:ba:f5:0d:1f:82:77:80:cf:16:54:54:76:
                    03:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:7B:1D:17:A3:EE:A5:9E:5D:F4:4E:07:79:2E:17:13:58:0C:38:DC
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/CHsdF6PupZ5d9E4HeS4XE1gMONw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.86.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:45:92:b0:88:49:09:90:b8:71:de:84:da:24:b1:ec:a1:47:
         f9:90:0d:8d:09:59:e6:04:80:4a:54:57:15:79:57:d0:e3:5e:
         9c:71:d1:a3:8f:4e:a4:b9:b6:fc:3a:15:a9:c1:a8:f2:b3:29:
         55:03:98:64:da:83:54:c8:c4:05:d1:d5:9d:3a:e7:82:19:fd:
         d2:ea:5c:b2:ec:c5:cd:03:05:33:b0:51:c1:8f:71:fb:52:73:
         44:0e:66:d7:14:e5:cf:fb:5a:92:25:a1:db:d0:6d:9a:ce:31:
         8a:a3:08:5c:80:81:80:c8:78:7d:3e:28:38:d6:7c:1d:85:e0:
         78:47:25:74:00:34:50:9c:29:57:b2:c6:69:05:e3:f3:68:ae:
         78:76:af:71:b9:19:7c:26:e1:31:64:5b:87:bf:a7:05:48:65:
         c6:a6:ae:29:92:43:10:64:f1:3f:bd:d0:51:d3:75:fc:31:e5:
         8e:b2:4d:d3:10:19:e5:e9:5f:d8:58:dc:d5:3b:35:3f:08:09:
         f9:b5:ca:f4:b6:e4:7c:8b:da:fa:f6:12:de:ce:5a:5a:5c:6f:
         8f:15:3d:95:6b:6b:df:02:d7:ca:df:49:f4:82:99:64:7e:09:
         8e:25:d1:6a:fb:23:4b:bd:1f:f8:59:04:09:0b:4b:df:2b:5e:
         c8:74:32:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmT0hWolp/DJ51fNjoZu8vhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwOTI5MDQ1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODdiMWQxN2EzZWVhNTllNWRmNDRlMDc3OTJlMTcxMzU4MGMzOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaqyhS90jnLpoMTbFrZrqnrTigH2
QG3ZBBszpv0un4mnpaYb8brpjcXSb5QpaymNPwE4hAgv+rahsuFazz8Y+Y1jAwMf
xWeKC/zAwcQX3qXAdoewVKx3UWXhfiaN01uc9rV0tT+YZ1NxEPfC6/qXEVUDX3T1
J7reTrPGxtlL8peSjzAku1W49RAALwrYPoJFmtRhDT/5UXHowvWiCXKr66zf+pKH
I6eKqW4hhCWJ87Yv+0c/i98jZSNpGdvYnfk+9VAiKlgX6yPPmP/Au3YuGldpHHnH
hwPF93MSt9sW9hKmuxrgw1YAvVgQb4mAef5ZWMa69Q0fgneAzxZUVHYDmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAh7HRej7qWeXfROB3kuFxNYDDjcMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvQ0hzZEY2UHVwWjVkOUU0SGVTNFhFMWdNT053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1ahMA0G
CSqGSIb3DQEBCwUAA4IBAQAWRZKwiEkJkLhx3oTaJLHsoUf5kA2NCVnmBIBKVFcV
eVfQ416ccdGjj06kubb8OhWpwajysylVA5hk2oNUyMQF0dWdOueCGf3S6lyy7MXN
AwUzsFHBj3H7UnNEDmbXFOXP+1qSJaHb0G2azjGKowhcgIGAyHh9Pig41nwdheB4
RyV0ADRQnClXssZpBePzaK54dq9xuRl8JuExZFuHv6cFSGXGpq4pkkMQZPE/vdBR
03X8MeWOsk3TEBnl6V/YWNzVOzU/CAn5tcr0tuR8i9r69hLezlpaXG+PFT2Va2vf
AtfK30n0gplkfgmOJdFq+yNLvR/4WQQJC0vfK17IdDL4
-----END CERTIFICATE-----