Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/nTsLjcbteT1uh2YipDjjr64ekuY.roa
File:                     nTsLjcbteT1uh2YipDjjr64ekuY.roa (raw, json)
Hash identifier:          pf2QaglzOaKbCrgZLbsT7Bi/DDLmmR/ICttZy+T5iQo=
Subject key identifier:   9D:3B:0B:8D:C6:ED:79:3D:6E:87:66:22:A4:38:E3:AF:AE:1E:92:E6
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D0604C96FE52BF66015FACF523CAF57B0
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/nTsLjcbteT1uh2YipDjjr64ekuY.roa
Signing time:             Thu 19 Mar 2026 12:14:30 +0000
ROA not before:           Thu 19 Mar 2026 12:14:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        194.231.135.0/24 maxlen: 24
                          194.231.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:04:c9:6f:e5:2b:f6:60:15:fa:cf:52:3c:af:57:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Mar 19 12:14:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d3b0b8dc6ed793d6e876622a438e3afae1e92e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d5:ae:6f:23:1f:cf:b1:4d:74:13:ad:3f:eb:
                    c1:1c:47:19:35:36:9c:34:80:5e:e4:30:9a:af:31:
                    4e:9b:f6:41:52:a4:28:bc:e3:41:5d:91:9b:91:30:
                    4d:12:f7:f4:c0:60:09:24:32:95:8a:2e:15:61:3c:
                    a7:f2:8e:54:23:7d:2b:21:07:1b:26:ff:13:84:3a:
                    9c:af:b0:eb:1f:21:39:63:49:62:65:de:7b:2a:30:
                    87:7a:fc:1f:c8:da:91:be:c2:8b:d2:4e:00:06:b7:
                    49:d5:29:f5:dc:ff:65:41:f9:9d:7d:c8:b6:82:25:
                    6e:0e:15:55:bc:e2:d7:92:a3:8b:e7:1c:9f:44:0e:
                    f8:e5:96:5f:d5:41:f3:3b:e2:72:2c:d1:d4:3b:9e:
                    89:81:5b:b3:ba:a9:08:a1:7f:ea:c7:b8:18:f8:1d:
                    3e:0c:43:09:eb:6e:e1:4b:64:a2:18:5a:34:17:e5:
                    c9:e0:73:ca:ae:b1:88:0c:96:6a:e7:3c:22:13:df:
                    0a:d6:f8:d4:e7:46:31:50:1e:28:07:32:1a:5f:31:
                    f7:98:50:64:93:16:4b:e9:26:ff:35:9c:d6:9c:e7:
                    16:b8:cb:91:31:d7:19:44:fd:50:5d:4e:e0:76:7f:
                    03:68:ca:74:97:d5:52:4e:fe:12:03:11:91:41:0c:
                    0b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3B:0B:8D:C6:ED:79:3D:6E:87:66:22:A4:38:E3:AF:AE:1E:92:E6
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/nTsLjcbteT1uh2YipDjjr64ekuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.135.0/24
                  194.231.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:07:70:81:4d:87:67:bb:f2:32:fb:b3:ee:c7:a9:53:cb:fa:
         0d:fc:e5:f3:f4:aa:62:6a:54:42:e7:4f:fe:6c:ad:e1:f9:46:
         f8:73:17:09:86:25:8b:de:11:97:fd:fb:1e:f1:a0:db:0d:8f:
         3a:50:3e:a3:94:73:b2:d4:22:aa:5d:b5:7a:98:0a:51:4c:5d:
         fe:49:b3:fc:26:6e:1d:17:80:43:21:1e:66:77:48:89:be:e5:
         82:63:6b:7c:ac:67:0c:ac:13:12:af:c2:42:d2:cf:a9:60:c5:
         37:53:a2:39:fa:3c:31:fb:98:21:25:21:a3:94:e9:d2:10:ff:
         84:86:cc:bc:be:52:6f:e2:46:66:4c:68:80:b1:ca:c0:ad:8f:
         a3:3c:71:06:82:1e:50:5e:85:38:59:7e:d2:91:46:2d:9e:c7:
         8d:d3:22:c8:77:46:0f:e3:94:a4:b6:e5:a9:e2:b3:fd:c4:36:
         0f:03:a5:5e:80:36:51:32:02:20:77:ae:4c:78:b2:ed:9e:ea:
         91:c9:6f:99:39:1b:b6:c5:1d:65:c6:a2:d7:19:bb:f3:c7:07:
         3d:9b:84:3c:4e:e9:da:7e:ed:d1:66:92:83:2f:8f:d1:71:6b:
         78:12:eb:1f:ae:d5:ce:15:04:cf:d4:ff:fe:eb:5e:38:40:bd:
         59:18:50:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0GBMlv5Sv2YBX6z1I8r1ewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMzE5MTIxNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNiMGI4ZGM2ZWQ3OTNkNmU4NzY2MjJhNDM4ZTNhZmFlMWU5MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9WubyMfz7FNdBOtP+vBHEcZNTac
NIBe5DCarzFOm/ZBUqQovONBXZGbkTBNEvf0wGAJJDKVii4VYTyn8o5UI30rIQcb
Jv8ThDqcr7DrHyE5Y0liZd57KjCHevwfyNqRvsKL0k4ABrdJ1Sn13P9lQfmdfci2
giVuDhVVvOLXkqOL5xyfRA745ZZf1UHzO+JyLNHUO56JgVuzuqkIoX/qx7gY+B0+
DEMJ627hS2SiGFo0F+XJ4HPKrrGIDJZq5zwiE98K1vjU50YxUB4oBzIaXzH3mFBk
kxZL6Sb/NZzWnOcWuMuRMdcZRP1QXU7gdn8DaMp0l9VSTv4SAxGRQQwLSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ07C43G7Xk9bodmIqQ446+uHpLmMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvblRzTGpjYnRlVDF1aDJZaXBEampyNjRla3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwueHAwQA
wufGMA0GCSqGSIb3DQEBCwUAA4IBAQDeB3CBTYdnu/Iy+7Pux6lTy/oN/OXz9Kpi
alRC50/+bK3h+Ub4cxcJhiWL3hGX/fse8aDbDY86UD6jlHOy1CKqXbV6mApRTF3+
SbP8Jm4dF4BDIR5md0iJvuWCY2t8rGcMrBMSr8JC0s+pYMU3U6I5+jwx+5ghJSGj
lOnSEP+Ehsy8vlJv4kZmTGiAscrArY+jPHEGgh5QXoU4WX7SkUYtnseN0yLId0YP
45SktuWp4rP9xDYPA6VegDZRMgIgd65MeLLtnuqRyW+ZORu2xR1lxqLXGbvzxwc9
m4Q8Tunafu3RZpKDL4/RcWt4EusfrtXOFQTP1P/+6144QL1ZGFA5
-----END CERTIFICATE-----