Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/CxsYaJnloyFKelFYtbE4029Umdw.roa
File:                     CxsYaJnloyFKelFYtbE4029Umdw.roa (raw, json)
Hash identifier:          GZrL1PIFZCyVJlhyQxqRYzepwEpy5zKLkCCvwj+J/FY=
Subject key identifier:   0B:1B:18:68:99:E5:A3:21:4A:7A:51:58:B5:B1:38:D3:6F:54:99:DC
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DDE586B4DC68D5C0730382A3CF64FBF02
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/CxsYaJnloyFKelFYtbE4029Umdw.roa
Signing time:             Thu 30 Apr 2026 12:23:49 +0000
ROA not before:           Thu 30 Apr 2026 12:23:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        194.231.192.0/23 maxlen: 24
                          194.231.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:58:6b:4d:c6:8d:5c:07:30:38:2a:3c:f6:4f:bf:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 30 12:23:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b1b186899e5a3214a7a5158b5b138d36f5499dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:29:df:13:1d:20:1a:da:83:9a:5d:e7:ad:1b:
                    d8:8f:6b:d3:8f:7f:9e:4e:32:3f:46:2a:27:9f:43:
                    ee:66:67:a9:47:96:f8:e8:c5:22:fd:c3:0e:45:b0:
                    70:bb:ad:66:59:85:66:2e:2c:21:11:61:e8:80:93:
                    0c:2f:1c:78:c0:ac:10:ae:39:56:80:64:0d:d7:46:
                    f7:a1:e4:a6:f2:b3:0d:ac:a0:38:54:4e:9d:59:bf:
                    12:38:56:b6:6a:6a:d2:f2:f5:f9:13:75:cd:bb:81:
                    b4:ed:bd:4f:ab:e6:c9:be:4e:09:1e:e5:0a:af:79:
                    0e:32:f8:81:43:77:c2:5d:3e:76:14:23:56:61:51:
                    a2:93:2b:bf:27:b0:c0:3d:d5:98:55:f4:24:04:fa:
                    b3:e0:19:11:97:ab:27:a6:9e:b0:4b:28:24:25:cd:
                    77:d3:02:92:d2:cc:c3:08:42:b9:66:7c:3b:42:dd:
                    8b:47:1b:82:f6:26:89:fe:08:3a:9a:57:eb:8d:67:
                    0b:9f:99:8e:12:57:4a:7b:d6:c6:31:c1:3d:1e:17:
                    2c:46:3c:70:02:96:02:07:69:b7:9f:da:f2:c9:0e:
                    e9:11:a5:9b:6c:35:1b:fb:6a:30:86:eb:e8:9d:9c:
                    4d:3e:9b:7f:3f:1d:25:8f:83:0b:e1:bb:f7:a4:45:
                    c7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:1B:18:68:99:E5:A3:21:4A:7A:51:58:B5:B1:38:D3:6F:54:99:DC
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/CxsYaJnloyFKelFYtbE4029Umdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.192.0/23
                  194.231.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d1:0a:b2:ab:c7:2a:a0:4c:01:71:d5:e0:c5:d5:ee:88:e1:fa:
         52:b4:d4:15:3b:8b:0a:ed:4c:88:6d:60:2e:b0:bf:ba:33:17:
         ef:d9:92:53:e0:d7:b0:ae:71:56:64:17:ff:97:5c:28:ee:1d:
         9f:76:c4:3a:1e:48:c2:96:59:f4:7e:5c:dc:23:ed:3d:e9:0c:
         a8:bc:86:cd:2e:c8:2b:68:34:44:ae:46:ca:0b:98:ad:bb:14:
         28:d3:03:eb:67:0c:d9:01:9c:4f:37:e7:74:7f:9e:2f:50:ca:
         56:ed:83:31:90:8e:08:a1:1c:0e:0a:4d:ab:fc:08:a6:88:b7:
         4c:18:35:a9:ba:4d:da:8c:37:44:87:dc:6e:53:c5:22:1b:d0:
         a2:ae:ce:91:4d:83:09:cb:08:8b:b9:10:b5:be:8f:68:a9:ff:
         c4:48:14:9c:fa:b1:4e:e2:3a:9a:ff:83:d8:60:4b:b1:a6:19:
         d0:98:47:7c:5f:23:c1:4e:e9:76:ce:3e:78:24:3e:b2:5d:40:
         0f:9a:5c:ec:a4:c3:58:f9:4d:20:e8:91:d9:29:d3:dc:48:7f:
         9b:9f:18:1d:77:5b:df:90:40:de:62:9e:93:db:cb:25:1d:ef:
         c7:2d:c0:c7:0d:d3:7b:ac:42:7e:db:87:82:d9:4b:e8:df:1d:
         ba:b3:ad:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3eWGtNxo1cBzA4Kjz2T78CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDMwMTIyMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjFiMTg2ODk5ZTVhMzIxNGE3YTUxNThiNWIxMzhkMzZmNTQ5OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSnfEx0gGtqDml3nrRvYj2vTj3+e
TjI/Rionn0PuZmepR5b46MUi/cMORbBwu61mWYVmLiwhEWHogJMMLxx4wKwQrjlW
gGQN10b3oeSm8rMNrKA4VE6dWb8SOFa2amrS8vX5E3XNu4G07b1Pq+bJvk4JHuUK
r3kOMviBQ3fCXT52FCNWYVGikyu/J7DAPdWYVfQkBPqz4BkRl6snpp6wSygkJc13
0wKS0szDCEK5Znw7Qt2LRxuC9iaJ/gg6mlfrjWcLn5mOEldKe9bGMcE9HhcsRjxw
ApYCB2m3n9ryyQ7pEaWbbDUb+2owhuvonZxNPpt/Px0lj4ML4bv3pEXHqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAsbGGiZ5aMhSnpRWLWxONNvVJncMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvQ3hzWWFKbmxveUZLZWxGWXRiRTQwMjlVbWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwufAAwQC
wufQMA0GCSqGSIb3DQEBCwUAA4IBAQDRCrKrxyqgTAFx1eDF1e6I4fpStNQVO4sK
7UyIbWAusL+6Mxfv2ZJT4NewrnFWZBf/l1wo7h2fdsQ6HkjClln0flzcI+096Qyo
vIbNLsgraDRErkbKC5ituxQo0wPrZwzZAZxPN+d0f54vUMpW7YMxkI4IoRwOCk2r
/AimiLdMGDWpuk3ajDdEh9xuU8UiG9Cirs6RTYMJywiLuRC1vo9oqf/ESBSc+rFO
4jqa/4PYYEuxphnQmEd8XyPBTul2zj54JD6yXUAPmlzspMNY+U0g6JHZKdPcSH+b
nxgdd1vfkEDeYp6T28slHe/HLcDHDdN7rEJ+24eC2Uvo3x26s63e
-----END CERTIFICATE-----