Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/OHlinCBHUt_IloIbSyDScLNp0BE.roa
File:                     OHlinCBHUt_IloIbSyDScLNp0BE.roa (raw, json)
Hash identifier:          5Hadisq52Le7ev0hbJiYMOc3sJSK7i4kxbvSGMXhUxw=
Subject key identifier:   38:79:62:9C:20:47:52:DF:C8:96:82:1B:4B:20:D2:70:B3:69:D0:11
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0199946AFA58F17DCF6BC37AC5A7CB147DDE
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/OHlinCBHUt_IloIbSyDScLNp0BE.roa
Signing time:             Mon 29 Sep 2025 07:41:02 +0000
ROA not before:           Mon 29 Sep 2025 07:41:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        194.231.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:6a:fa:58:f1:7d:cf:6b:c3:7a:c5:a7:cb:14:7d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Sep 29 07:41:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3879629c204752dfc896821b4b20d270b369d011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:54:4b:6d:6e:2c:c0:10:6a:d5:72:34:1b:b9:
                    16:00:4a:0b:7f:4a:e4:b0:51:4d:25:fa:0b:b5:b4:
                    6c:22:14:aa:98:c7:f0:63:f9:77:8b:f7:e1:01:f7:
                    cd:90:6b:c3:91:92:fc:e6:06:00:96:14:53:4f:c3:
                    b8:a5:83:c3:4c:66:90:3a:96:b3:fa:eb:24:50:d5:
                    cf:ac:ee:b5:1c:59:41:3f:ee:e8:36:e8:39:08:31:
                    c6:05:31:53:58:56:79:ad:bd:d4:2d:2e:53:fb:13:
                    d7:29:7a:82:f2:ee:c0:39:58:aa:cb:21:c3:d4:de:
                    0f:0f:e0:fb:ec:ce:e1:06:c9:9c:87:e2:cb:15:e7:
                    1c:2b:a0:36:a4:43:98:95:6d:2e:2a:96:9c:ed:8d:
                    05:ca:82:f2:e4:dc:c9:76:0b:5b:60:59:4a:19:cc:
                    26:e0:a1:80:ea:2c:bb:47:11:b0:fa:83:2b:c6:c5:
                    40:49:5e:7d:b9:cc:13:9a:75:5f:81:b4:89:f6:53:
                    f5:7f:43:d8:5d:b9:4a:d2:2d:cf:8f:b3:0e:45:0d:
                    53:ae:8c:3e:5d:e4:70:f5:7b:04:32:01:c1:d2:68:
                    53:15:52:6f:4d:e6:cb:f8:1b:c2:90:d3:29:bc:b7:
                    8b:bd:0a:bb:08:cf:f3:27:64:06:67:69:2a:af:53:
                    9a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:79:62:9C:20:47:52:DF:C8:96:82:1B:4B:20:D2:70:B3:69:D0:11
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/OHlinCBHUt_IloIbSyDScLNp0BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:4e:28:bf:cf:c8:88:4c:8a:21:6b:9c:5f:e0:4d:e6:f0:8b:
         7d:78:a2:f8:06:76:e1:9f:05:3c:b5:32:f1:55:07:2d:29:ab:
         f3:3b:33:83:97:81:c2:7a:fe:66:99:6a:9b:be:35:03:6c:a7:
         66:ed:6c:9d:2f:f1:bb:bd:72:e3:c7:ac:27:aa:74:18:06:0c:
         70:a8:d2:8e:26:de:ca:6a:8a:de:bc:6d:60:ad:2a:ea:3e:ac:
         4c:08:1f:31:62:f8:de:45:a1:d9:48:35:75:5e:23:84:94:f2:
         2d:4e:f7:0c:34:2c:b4:db:5c:6c:42:c0:72:2c:d5:79:7e:78:
         bd:97:6e:f9:39:af:c6:52:ae:00:9c:1b:ef:7e:97:3a:94:a0:
         a2:80:64:b2:0e:f4:05:dd:e6:8d:7d:9c:41:7b:87:81:90:e0:
         53:d1:78:ae:33:ce:8c:32:13:4b:72:b7:17:2a:78:e6:f7:7c:
         e5:07:56:ca:f5:10:1b:16:57:4e:83:be:01:63:3a:3b:3c:f8:
         ca:67:f1:db:33:8c:96:ba:22:c7:28:01:bf:5d:50:39:31:19:
         88:61:71:24:d9:ee:95:6c:58:a2:b1:e1:a3:a2:a4:8b:04:3c:
         67:c1:85:fe:5a:72:46:c5:ca:12:ce:43:ad:de:db:ab:f4:4f:
         5b:ce:2c:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUavpY8X3Pa8N6xafLFH3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwOTI5MDc0MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODc5NjI5YzIwNDc1MmRmYzg5NjgyMWI0YjIwZDI3MGIzNjlkMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFRLbW4swBBq1XI0G7kWAEoLf0rk
sFFNJfoLtbRsIhSqmMfwY/l3i/fhAffNkGvDkZL85gYAlhRTT8O4pYPDTGaQOpaz
+uskUNXPrO61HFlBP+7oNug5CDHGBTFTWFZ5rb3ULS5T+xPXKXqC8u7AOViqyyHD
1N4PD+D77M7hBsmch+LLFeccK6A2pEOYlW0uKpac7Y0FyoLy5NzJdgtbYFlKGcwm
4KGA6iy7RxGw+oMrxsVASV59ucwTmnVfgbSJ9lP1f0PYXblK0i3Pj7MORQ1Trow+
XeRw9XsEMgHB0mhTFVJvTebL+BvCkNMpvLeLvQq7CM/zJ2QGZ2kqr1OaJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDh5YpwgR1LfyJaCG0sg0nCzadARMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvT0hsaW5DQkhVdF9JbG9JYlN5RFNjTE5wMEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuecMA0G
CSqGSIb3DQEBCwUAA4IBAQDWTii/z8iITIoha5xf4E3m8It9eKL4BnbhnwU8tTLx
VQctKavzOzODl4HCev5mmWqbvjUDbKdm7WydL/G7vXLjx6wnqnQYBgxwqNKOJt7K
aorevG1grSrqPqxMCB8xYvjeRaHZSDV1XiOElPItTvcMNCy021xsQsByLNV5fni9
l275Oa/GUq4AnBvvfpc6lKCigGSyDvQF3eaNfZxBe4eBkOBT0XiuM86MMhNLcrcX
Knjm93zlB1bK9RAbFldOg74BYzo7PPjKZ/HbM4yWuiLHKAG/XVA5MRmIYXEk2e6V
bFiiseGjoqSLBDxnwYX+WnJGxcoSzkOt3tur9E9bziy9
-----END CERTIFICATE-----