Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/lbxPO2W_NtCEboxkcxhbbbqVY5s.roa
File:                     lbxPO2W_NtCEboxkcxhbbbqVY5s.roa (raw, json)
Hash identifier:          S4PbHCoQNLjHwGV5tUJqbUdtMJ3zAcJ4/zbL5cA2GSk=
Subject key identifier:   95:BC:4F:3B:65:BF:36:D0:84:6E:8C:64:73:18:5B:6D:BA:95:63:9B
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0199D55D7E0F4B22CD635B0911AE797D47B0
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/lbxPO2W_NtCEboxkcxhbbbqVY5s.roa
Signing time:             Sat 11 Oct 2025 22:21:38 +0000
ROA not before:           Sat 11 Oct 2025 22:21:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        194.231.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d5:5d:7e:0f:4b:22:cd:63:5b:09:11:ae:79:7d:47:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 11 22:21:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95bc4f3b65bf36d0846e8c6473185b6dba95639b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:92:99:e6:0d:ac:cd:8b:ca:c2:30:f5:b4:04:
                    2e:d6:48:57:3d:86:6b:96:97:4e:97:7f:b1:62:f5:
                    36:2d:f8:43:99:33:97:35:3b:4e:3d:c1:20:af:b1:
                    6d:90:6e:12:04:b1:98:d2:fc:a5:d7:db:2b:e1:21:
                    42:41:07:57:10:03:b6:31:a1:f3:be:67:5b:c4:59:
                    31:3a:8b:c5:07:0f:8d:f0:ba:05:09:02:6a:80:d2:
                    ce:0b:dc:a5:48:8c:a2:49:14:5c:1c:8a:d6:6c:30:
                    f8:b7:07:e4:7a:6a:de:67:b7:f8:5f:6d:5f:b8:21:
                    86:13:c7:ab:91:ac:7c:60:a0:09:8e:48:db:87:68:
                    96:78:bc:3b:08:fb:d4:67:6f:59:0e:89:cb:b8:d9:
                    b7:cf:76:a6:93:f9:d2:df:f3:de:64:3b:9d:26:a3:
                    b6:e8:ea:f9:33:48:b2:5a:3d:9b:03:35:b2:35:00:
                    15:7b:48:e9:90:f4:0d:a3:ed:1b:b2:c4:24:4d:7f:
                    0c:dd:8b:f6:81:dd:08:d5:3b:46:c1:60:eb:b3:aa:
                    dc:f5:ae:87:0c:d6:16:46:89:c0:8a:33:9a:dd:c9:
                    68:7a:89:15:48:b6:96:0c:a9:40:5f:66:95:2a:bb:
                    b8:b3:96:05:28:1b:9a:dc:ac:4a:3f:d1:27:c5:a7:
                    62:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:BC:4F:3B:65:BF:36:D0:84:6E:8C:64:73:18:5B:6D:BA:95:63:9B
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/lbxPO2W_NtCEboxkcxhbbbqVY5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:c0:e7:24:36:66:e1:0f:73:c9:0e:69:3d:5c:a1:79:22:2c:
         21:69:ca:f6:24:b6:d4:e2:06:bf:26:32:28:c9:93:1a:47:a9:
         c4:8a:c1:e3:65:9c:f8:db:d1:4d:35:17:5b:75:06:c4:ab:10:
         69:96:7b:b2:0e:9c:27:fd:7c:9a:b5:5b:b5:8f:8b:a7:2c:a3:
         51:30:35:3d:d0:f5:1f:46:6e:5b:ca:ff:eb:1f:aa:de:df:5a:
         c4:71:a3:7c:22:7e:f2:a7:2a:45:55:12:ac:60:db:17:5d:0d:
         f7:b3:83:e0:6e:8b:3c:24:a6:f7:8d:f9:83:92:1f:e0:b4:53:
         74:db:c9:36:a6:ed:9d:7b:6d:e7:54:f4:9c:10:90:f5:46:46:
         0f:55:bd:4a:81:f1:1e:82:26:57:7e:a6:da:44:39:6c:6a:aa:
         e8:fc:be:73:46:4e:25:f9:4b:21:3c:5c:96:a8:59:45:f1:c2:
         8e:73:48:4f:87:06:f6:6d:9f:f0:90:7a:66:4d:26:f9:7a:07:
         7b:18:9f:71:78:cd:38:9f:92:e8:84:66:e5:25:0c:13:c2:c8:
         4b:ca:c8:08:74:0f:6b:4e:e0:be:21:81:04:47:8a:74:47:37:
         6f:e8:1e:71:9d:87:a2:56:70:9a:ac:a7:04:a6:6b:b2:21:83:
         6e:14:84:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnVXX4PSyLNY1sJEa55fUewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDExMjIyMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWJjNGYzYjY1YmYzNmQwODQ2ZThjNjQ3MzE4NWI2ZGJhOTU2MzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZKZ5g2szYvKwjD1tAQu1khXPYZr
lpdOl3+xYvU2LfhDmTOXNTtOPcEgr7FtkG4SBLGY0vyl19sr4SFCQQdXEAO2MaHz
vmdbxFkxOovFBw+N8LoFCQJqgNLOC9ylSIyiSRRcHIrWbDD4twfkemreZ7f4X21f
uCGGE8erkax8YKAJjkjbh2iWeLw7CPvUZ29ZDonLuNm3z3amk/nS3/PeZDudJqO2
6Or5M0iyWj2bAzWyNQAVe0jpkPQNo+0bssQkTX8M3Yv2gd0I1TtGwWDrs6rc9a6H
DNYWRonAijOa3cloeokVSLaWDKlAX2aVKru4s5YFKBua3KxKP9EnxadiaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW8TztlvzbQhG6MZHMYW226lWObMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvbGJ4UE8yV19OdENFYm94a2N4aGJiYnFWWTVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuebMA0G
CSqGSIb3DQEBCwUAA4IBAQC8wOckNmbhD3PJDmk9XKF5Iiwhacr2JLbU4ga/JjIo
yZMaR6nEisHjZZz429FNNRdbdQbEqxBplnuyDpwn/XyatVu1j4unLKNRMDU90PUf
Rm5byv/rH6re31rEcaN8In7ypypFVRKsYNsXXQ33s4Pgbos8JKb3jfmDkh/gtFN0
28k2pu2de23nVPScEJD1RkYPVb1KgfEegiZXfqbaRDlsaqro/L5zRk4l+UshPFyW
qFlF8cKOc0hPhwb2bZ/wkHpmTSb5egd7GJ9xeM04n5LohGblJQwTwshLysgIdA9r
TuC+IYEER4p0Rzdv6B5xnYeiVnCarKcEpmuyIYNuFIRx
-----END CERTIFICATE-----