Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/s95azqBldXNHT3oLv7RnWflqgkw.roa
File:                     s95azqBldXNHT3oLv7RnWflqgkw.roa (raw, json)
Hash identifier:          vlBLLZY3Z17etycbC7o1bPdi6osnErZLL/ZebSbc0Tw=
Subject key identifier:   B3:DE:5A:CE:A0:65:75:73:47:4F:7A:0B:BF:B4:67:59:F9:6A:82:4C
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0199946AFAE0A5C207EE4652447E4BA39D41
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/s95azqBldXNHT3oLv7RnWflqgkw.roa
Signing time:             Mon 29 Sep 2025 07:41:02 +0000
ROA not before:           Mon 29 Sep 2025 07:41:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        194.231.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:6a:fa:e0:a5:c2:07:ee:46:52:44:7e:4b:a3:9d:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Sep 29 07:41:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3de5acea0657573474f7a0bbfb46759f96a824c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4f:49:72:70:d4:43:67:34:61:68:ba:12:f8:
                    87:5a:92:89:1c:9c:7a:01:73:55:19:ec:76:d8:55:
                    69:67:3c:05:cd:a0:46:f2:80:ea:b3:18:d2:f1:3f:
                    93:60:ea:55:31:78:13:59:dc:c7:67:c8:fb:83:a4:
                    6d:8b:03:d2:2f:a8:64:c3:2e:07:c4:a7:a1:43:bd:
                    92:a8:d3:8b:ee:f1:e1:12:6a:9b:7f:fc:f5:f3:6f:
                    42:45:75:a7:3a:05:ac:c1:c9:b1:2b:f3:9b:fd:3d:
                    3c:47:5b:b4:f6:1e:6c:af:51:4e:55:be:15:24:c7:
                    4c:49:ae:3d:fb:aa:05:0b:20:be:ba:0d:08:38:f5:
                    64:82:da:a7:4e:6a:98:a3:d4:d7:83:4c:42:cf:6f:
                    7e:f6:95:e4:8f:02:b4:1c:1b:e6:a4:32:8b:15:23:
                    5f:da:03:07:9b:fc:a3:96:ec:8e:d3:41:df:2d:07:
                    ab:29:5b:6e:c9:79:fb:a0:91:92:5b:e2:e2:e8:2f:
                    d8:aa:11:c2:43:2b:ac:f3:07:bb:13:3e:d6:b9:ba:
                    e7:7f:58:19:23:7c:4a:d5:a0:5a:04:ab:04:24:a7:
                    4d:3a:47:5e:d7:83:e5:30:67:6f:27:0b:1d:74:13:
                    88:e0:46:a5:5d:22:6c:83:24:61:50:b2:89:24:7f:
                    60:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:DE:5A:CE:A0:65:75:73:47:4F:7A:0B:BF:B4:67:59:F9:6A:82:4C
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/s95azqBldXNHT3oLv7RnWflqgkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:86:c6:89:e4:b4:fd:63:02:a2:09:e9:0b:75:c3:55:59:cc:
         25:e4:d1:f4:78:08:99:78:fb:fa:b3:3d:2e:61:bc:2c:e7:c8:
         83:a8:31:f9:23:d1:df:75:f1:60:71:db:9d:37:33:d6:71:75:
         36:55:f4:3f:92:ce:89:91:16:b4:1a:67:ec:d5:98:3e:37:ee:
         32:4c:87:b5:49:d2:0e:e7:97:48:92:a4:b3:b1:2a:9a:f6:86:
         61:79:31:1c:8d:a0:63:50:96:e7:c8:5c:87:84:cf:99:7e:5c:
         62:ff:30:f0:f8:7c:7a:b8:74:ad:74:f0:9c:25:5e:22:ba:08:
         97:3a:8b:04:56:87:00:fd:7b:2f:d7:93:b1:c7:45:8a:ab:1f:
         b8:78:ee:69:f8:8d:75:2b:43:2b:fe:69:06:d6:1d:2a:af:0d:
         43:da:cc:be:e0:62:4a:10:b8:a3:82:57:48:25:c3:c1:39:e8:
         fd:b0:1c:c3:b1:7e:03:95:c4:01:0d:6f:87:24:12:ce:4c:72:
         ae:ed:a4:25:1e:63:5a:41:fb:db:30:1b:74:2b:6c:cd:d6:47:
         b1:c4:b4:5b:3c:93:7b:00:7e:0b:cb:45:1d:7a:c3:d0:dd:ee:
         be:f0:9c:87:d6:5c:0b:6d:34:31:e1:13:30:51:73:2e:fc:50:
         d5:84:15:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUavrgpcIH7kZSRH5Lo51BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwOTI5MDc0MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2RlNWFjZWEwNjU3NTczNDc0ZjdhMGJiZmI0Njc1OWY5NmE4MjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU9JcnDUQ2c0YWi6EviHWpKJHJx6
AXNVGex22FVpZzwFzaBG8oDqsxjS8T+TYOpVMXgTWdzHZ8j7g6RtiwPSL6hkwy4H
xKehQ72SqNOL7vHhEmqbf/z1829CRXWnOgWswcmxK/Ob/T08R1u09h5sr1FOVb4V
JMdMSa49+6oFCyC+ug0IOPVkgtqnTmqYo9TXg0xCz29+9pXkjwK0HBvmpDKLFSNf
2gMHm/yjluyO00HfLQerKVtuyXn7oJGSW+Li6C/YqhHCQyus8we7Ez7Wubrnf1gZ
I3xK1aBaBKsEJKdNOkde14PlMGdvJwsddBOI4EalXSJsgyRhULKJJH9gCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPeWs6gZXVzR096C7+0Z1n5aoJMMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvczk1YXpxQmxkWE5IVDNvTHY3Um5XZmxxZ2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuecMA0G
CSqGSIb3DQEBCwUAA4IBAQDUhsaJ5LT9YwKiCekLdcNVWcwl5NH0eAiZePv6sz0u
Ybws58iDqDH5I9HfdfFgcdudNzPWcXU2VfQ/ks6JkRa0Gmfs1Zg+N+4yTIe1SdIO
55dIkqSzsSqa9oZheTEcjaBjUJbnyFyHhM+Zflxi/zDw+Hx6uHStdPCcJV4iugiX
OosEVocA/Xsv15Oxx0WKqx+4eO5p+I11K0Mr/mkG1h0qrw1D2sy+4GJKELijgldI
JcPBOej9sBzDsX4DlcQBDW+HJBLOTHKu7aQlHmNaQfvbMBt0K2zN1kexxLRbPJN7
AH4Ly0UdesPQ3e6+8JyH1lwLbTQx4RMwUXMu/FDVhBXx
-----END CERTIFICATE-----