Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/UOdTQSZxfm--uaqhBJ5tKihulZA.roa
File:                     UOdTQSZxfm--uaqhBJ5tKihulZA.roa (raw, json)
Hash identifier:          oSvbFXv2P/pEnwHKTAQMK+Hr1KS0XU2BSxi38QIJHHw=
Subject key identifier:   50:E7:53:41:26:71:7E:6F:BE:B9:AA:A1:04:9E:6D:2A:28:6E:95:90
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019DDE4F42CB9C21E24637CDB5F773AC81F1
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/UOdTQSZxfm--uaqhBJ5tKihulZA.roa
Signing time:             Thu 30 Apr 2026 12:13:49 +0000
ROA not before:           Thu 30 Apr 2026 12:13:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399955
IP address blocks:        194.231.192.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:4f:42:cb:9c:21:e2:46:37:cd:b5:f7:73:ac:81:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr 30 12:13:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50e7534126717e6fbeb9aaa1049e6d2a286e9590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2c:f6:a1:4f:32:55:e3:5b:60:7b:60:d5:c5:
                    1f:be:c4:c4:6d:4d:e8:f2:32:71:a2:06:04:f6:b9:
                    7f:c6:bc:fe:bf:94:bc:5d:f2:ad:93:f6:56:a8:97:
                    bc:e4:00:9c:15:cb:03:ac:cb:cb:3a:10:e8:ca:63:
                    e5:a6:83:94:c5:bb:76:e3:de:fd:b4:a4:8c:33:6e:
                    9d:0b:d3:12:33:48:67:c7:21:ba:17:50:c5:b2:53:
                    6d:d2:d3:0e:cc:63:b1:d2:30:c4:a4:ef:d2:0b:81:
                    37:0e:07:0b:3a:c6:a7:8a:e7:2a:31:65:23:cd:3d:
                    6d:3e:3b:32:a2:94:54:8d:51:62:c7:f3:c1:b6:fc:
                    79:12:88:e2:8e:d5:0d:02:1b:15:5d:53:8a:12:f1:
                    3a:2b:1d:e4:48:bd:1c:c8:58:be:a7:99:cc:4a:c9:
                    f0:b7:3d:97:8c:5a:00:15:51:d7:39:ac:61:87:85:
                    67:c9:14:81:5f:f7:63:b1:55:62:07:66:1d:8d:8d:
                    74:b6:ac:19:b2:af:d0:8d:da:1c:9d:a8:18:74:bd:
                    cd:9c:2a:34:50:01:b5:ab:07:06:9a:fb:88:dc:06:
                    82:be:2b:6b:e1:3e:d4:e9:a9:b4:4a:23:77:dc:d4:
                    8a:4c:28:18:d1:cf:dc:f0:4b:8a:52:db:88:37:35:
                    b0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E7:53:41:26:71:7E:6F:BE:B9:AA:A1:04:9E:6D:2A:28:6E:95:90
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/UOdTQSZxfm--uaqhBJ5tKihulZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:a2:cc:72:2b:22:b6:4c:2c:fc:c1:cd:86:72:d6:94:29:1c:
         59:4e:39:cf:3e:0f:de:e8:f9:42:32:4d:4b:42:94:d8:ba:90:
         36:43:60:75:82:43:af:ee:0e:55:52:9c:f4:e3:44:3a:1c:e1:
         b3:4a:e4:54:42:b7:b6:c5:74:82:ad:c8:31:19:a9:58:4d:aa:
         14:dc:5e:7c:2c:a6:0f:83:32:1e:51:15:a3:fa:63:10:56:63:
         98:d0:14:46:88:a7:d9:c9:ad:5c:62:79:12:37:c4:31:95:2a:
         61:a5:30:91:b7:f7:a8:86:6f:f0:22:0a:62:47:79:7f:6a:f7:
         b9:ad:72:34:a1:46:7d:d4:82:1e:1d:af:ed:5f:48:52:75:5d:
         51:92:bb:6b:0c:61:19:6a:58:c9:db:02:48:a4:be:24:9f:f8:
         5a:51:26:1c:36:42:b0:a8:e1:b4:24:19:3e:68:a6:cf:34:01:
         73:d2:22:8f:86:bd:f0:e8:2a:d8:22:f8:11:fd:29:5b:d6:ab:
         ed:fa:21:fd:47:f9:b1:36:25:41:e7:2d:e4:15:e4:54:43:2c:
         44:53:a3:07:b9:07:b7:48:fb:4d:c1:4e:42:d6:63:31:32:44:
         e7:ad:c0:8e:e5:45:19:91:53:d2:05:d7:e7:a9:71:73:f7:03:
         22:db:cb:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3eT0LLnCHiRjfNtfdzrIHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDMwMTIxMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGU3NTM0MTI2NzE3ZTZmYmViOWFhYTEwNDllNmQyYTI4NmU5NTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyz2oU8yVeNbYHtg1cUfvsTEbU3o
8jJxogYE9rl/xrz+v5S8XfKtk/ZWqJe85ACcFcsDrMvLOhDoymPlpoOUxbt24979
tKSMM26dC9MSM0hnxyG6F1DFslNt0tMOzGOx0jDEpO/SC4E3DgcLOsaniucqMWUj
zT1tPjsyopRUjVFix/PBtvx5EojijtUNAhsVXVOKEvE6Kx3kSL0cyFi+p5nMSsnw
tz2XjFoAFVHXOaxhh4VnyRSBX/djsVViB2YdjY10tqwZsq/QjdocnagYdL3NnCo0
UAG1qwcGmvuI3AaCvitr4T7U6am0SiN33NSKTCgY0c/c8EuKUtuINzWwJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDnU0EmcX5vvrmqoQSebSoobpWQMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvVU9kVFFTWnhmbS0tdWFxaEJKNXRLaWh1bFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwufAMA0G
CSqGSIb3DQEBCwUAA4IBAQA9osxyKyK2TCz8wc2GctaUKRxZTjnPPg/e6PlCMk1L
QpTYupA2Q2B1gkOv7g5VUpz040Q6HOGzSuRUQre2xXSCrcgxGalYTaoU3F58LKYP
gzIeURWj+mMQVmOY0BRGiKfZya1cYnkSN8QxlSphpTCRt/eohm/wIgpiR3l/ave5
rXI0oUZ91IIeHa/tX0hSdV1RkrtrDGEZaljJ2wJIpL4kn/haUSYcNkKwqOG0JBk+
aKbPNAFz0iKPhr3w6CrYIvgR/Slb1qvt+iH9R/mxNiVB5y3kFeRUQyxEU6MHuQe3
SPtNwU5C1mMxMkTnrcCO5UUZkVPSBdfnqXFz9wMi28sq
-----END CERTIFICATE-----