Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Kh7_RRMHNKw1zEChxIALmphbAq4.roa
File:                     Kh7_RRMHNKw1zEChxIALmphbAq4.roa (raw, json)
Hash identifier:          YqrSQmUv1j3pDapimFKI2MP2lRIwI5oZtR1d7jLReuo=
Subject key identifier:   2A:1E:FF:45:13:07:34:AC:35:CC:40:A1:C4:80:0B:9A:98:5B:02:AE
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019E1E5D150852C787898BCAD1E1617D05C4
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Kh7_RRMHNKw1zEChxIALmphbAq4.roa
Signing time:             Tue 12 May 2026 22:44:37 +0000
ROA not before:           Tue 12 May 2026 22:44:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        194.231.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1e:5d:15:08:52:c7:87:89:8b:ca:d1:e1:61:7d:05:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: May 12 22:44:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a1eff45130734ac35cc40a1c4800b9a985b02ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:b5:d0:48:14:1b:f9:40:46:d7:92:97:78:b7:
                    cd:8f:aa:f8:7a:5b:f4:52:ad:e9:00:8f:60:ff:af:
                    75:db:08:a5:e9:48:58:61:11:27:de:ab:cc:d0:db:
                    7b:d9:cb:5b:f6:56:b8:38:7c:3b:c8:c8:d5:15:bd:
                    26:51:05:5a:f7:da:ef:ba:66:81:97:0b:0a:53:5d:
                    c9:9e:4a:58:1e:8a:6e:2b:b9:8b:5b:84:9f:b2:0d:
                    cd:85:b3:f6:aa:0f:17:82:8b:af:95:6a:78:61:7f:
                    8a:b6:3e:a1:f2:44:7f:53:c4:d9:33:53:7a:29:77:
                    14:6a:e4:7d:0d:65:7c:a8:fe:3f:19:ee:00:77:a2:
                    76:45:a3:3a:7e:70:d4:28:0f:ec:ef:5f:9e:d5:72:
                    50:d0:65:c5:da:37:7d:f9:ca:8e:88:63:9b:ad:81:
                    9b:87:bf:98:7a:bf:e3:ba:6c:98:4e:e2:2b:c8:60:
                    16:00:b1:54:c5:8f:8a:7f:cf:9d:31:6d:fd:ad:e1:
                    13:de:32:34:f2:ca:fd:e7:32:86:7a:77:4e:a5:e4:
                    df:60:b4:25:e2:5d:97:8d:7a:1c:f1:7c:7a:7c:a0:
                    06:24:87:19:75:d7:45:b5:5a:a5:82:94:e9:45:2c:
                    74:ed:ca:81:8f:67:9b:26:e7:ed:61:99:f3:cd:20:
                    1e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:1E:FF:45:13:07:34:AC:35:CC:40:A1:C4:80:0B:9A:98:5B:02:AE
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Kh7_RRMHNKw1zEChxIALmphbAq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:cd:f1:0b:e8:b4:e9:b9:37:76:87:ed:94:91:0b:88:d7:64:
         31:19:c3:20:8c:c1:e0:28:f8:db:10:38:ac:ce:d5:c4:13:43:
         45:e6:f9:8e:06:2c:8e:96:76:4a:1a:52:1e:15:3c:79:60:67:
         88:4c:1a:39:a3:b7:93:f0:37:98:9a:a6:71:5e:96:f3:6d:28:
         be:09:90:c6:d8:1c:57:92:4a:2b:96:20:f2:20:61:61:43:db:
         03:e2:1c:a1:02:7a:31:07:6d:ef:a2:eb:93:e5:11:cc:6b:5c:
         5f:07:d5:f9:0b:37:ac:85:42:38:4a:6e:58:b1:6e:c7:4b:21:
         f4:43:80:e3:23:aa:f1:d4:94:13:85:1a:c6:95:5c:f0:6c:4c:
         72:8b:f2:4a:8b:ab:bd:f9:e3:4d:1a:57:58:e4:f8:f9:0e:ab:
         84:3a:fc:86:fd:0d:1e:04:2f:44:c3:ac:b0:f5:49:ce:27:25:
         5d:3d:14:a0:9a:73:04:8f:64:b7:63:52:f0:8a:2e:1a:e9:8b:
         83:45:ef:44:09:a8:cb:15:f0:ad:c0:be:21:8f:e3:ed:24:ed:
         63:bf:ee:9a:fb:75:bc:5d:c6:31:c3:e6:24:f7:8e:49:d0:72:
         f8:a1:01:db:cb:6f:d1:2b:a4:71:8a:0b:fd:cb:58:27:9c:7d:
         15:8f:cd:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4eXRUIUseHiYvK0eFhfQXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNTEyMjI0NDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFlZmY0NTEzMDczNGFjMzVjYzQwYTFjNDgwMGI5YTk4NWIwMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bXQSBQb+UBG15KXeLfNj6r4elv0
Uq3pAI9g/6912wil6UhYYREn3qvM0Nt72ctb9la4OHw7yMjVFb0mUQVa99rvumaB
lwsKU13JnkpYHopuK7mLW4Sfsg3NhbP2qg8XgouvlWp4YX+Ktj6h8kR/U8TZM1N6
KXcUauR9DWV8qP4/Ge4Ad6J2RaM6fnDUKA/s71+e1XJQ0GXF2jd9+cqOiGObrYGb
h7+Yer/jumyYTuIryGAWALFUxY+Kf8+dMW39reET3jI08sr95zKGendOpeTfYLQl
4l2XjXoc8Xx6fKAGJIcZdddFtVqlgpTpRSx07cqBj2ebJuftYZnzzSAeHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoe/0UTBzSsNcxAocSAC5qYWwKuMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvS2g3X1JSTUhOS3cxekVDaHhJQUxtcGhiQXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueGMA0G
CSqGSIb3DQEBCwUAA4IBAQCgzfEL6LTpuTd2h+2UkQuI12QxGcMgjMHgKPjbEDis
ztXEE0NF5vmOBiyOlnZKGlIeFTx5YGeITBo5o7eT8DeYmqZxXpbzbSi+CZDG2BxX
kkorliDyIGFhQ9sD4hyhAnoxB23vouuT5RHMa1xfB9X5CzeshUI4Sm5YsW7HSyH0
Q4DjI6rx1JQThRrGlVzwbExyi/JKi6u9+eNNGldY5Pj5DquEOvyG/Q0eBC9Ew6yw
9UnOJyVdPRSgmnMEj2S3Y1Lwii4a6YuDRe9ECajLFfCtwL4hj+PtJO1jv+6a+3W8
XcYxw+Yk945J0HL4oQHby2/RK6Rxigv9y1gnnH0Vj82E
-----END CERTIFICATE-----