Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yx_ImxoxuTf1H498QOMY5X1AqIA.roa
File:                     yx_ImxoxuTf1H498QOMY5X1AqIA.roa (raw, json)
Hash identifier:          ocX5O+fxkealTTNXPFzcJ6G3RpR5MVkPWLNky9bwN7Y=
Subject key identifier:   CB:1F:C8:9B:1A:31:B9:37:F5:1F:8F:7C:40:E3:18:E5:7D:40:A8:80
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0199EBBC6F338E22539760C84904CB2BC525
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yx_ImxoxuTf1H498QOMY5X1AqIA.roa
Signing time:             Thu 16 Oct 2025 06:36:59 +0000
ROA not before:           Thu 16 Oct 2025 06:36:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        194.231.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:eb:bc:6f:33:8e:22:53:97:60:c8:49:04:cb:2b:c5:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Oct 16 06:36:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb1fc89b1a31b937f51f8f7c40e318e57d40a880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ee:64:71:1b:bf:9b:7c:21:22:d1:0e:34:e7:
                    be:1b:9a:b9:1d:aa:3d:34:3e:45:b9:54:4f:55:9f:
                    8a:92:dc:07:88:0e:20:a6:53:b5:2a:26:8e:8c:12:
                    06:78:b0:36:76:31:0e:9c:47:f1:81:f4:81:b6:89:
                    e1:90:72:18:77:8b:96:62:b8:df:99:81:50:de:69:
                    36:d4:57:e4:d2:73:de:ad:20:63:26:dd:36:63:3c:
                    b9:5e:5d:b3:56:cc:3c:30:39:83:13:2f:01:ac:ec:
                    4a:79:c1:e4:48:6a:a5:2a:af:2e:53:9a:ff:c4:8c:
                    ef:ef:3f:ce:12:5f:79:84:fa:6c:54:fd:f5:02:43:
                    68:ff:63:f0:2b:9f:e6:96:e1:3c:4a:17:46:44:d4:
                    d8:39:2b:f7:ac:a9:0d:fc:6d:b8:0f:a2:c9:8d:e7:
                    15:20:34:3a:60:69:c3:d6:d1:52:f2:fd:33:6e:0f:
                    51:17:95:b4:9f:d7:56:c3:a0:78:0e:a8:b8:1e:36:
                    96:0c:99:7b:84:e8:90:45:d5:40:4b:f4:b1:b4:48:
                    b3:ca:ae:98:ae:31:c0:98:78:97:7a:9a:da:8b:e9:
                    9a:15:44:19:70:e4:fd:bc:57:1f:8c:eb:dc:50:a4:
                    51:8f:dd:8b:c9:fb:43:fe:40:3a:64:e3:e7:16:75:
                    c2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:1F:C8:9B:1A:31:B9:37:F5:1F:8F:7C:40:E3:18:E5:7D:40:A8:80
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/yx_ImxoxuTf1H498QOMY5X1AqIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:01:88:25:c5:03:58:58:26:0c:3c:e8:93:d0:8e:6b:8c:9c:
         50:af:60:5f:b6:96:a2:90:30:4f:2b:a1:38:48:44:15:f9:6d:
         20:4e:5b:aa:ac:9a:33:3f:15:13:60:ab:46:6c:77:ce:90:21:
         ff:ad:58:6e:c7:4b:6e:28:57:84:51:0f:0a:ef:44:3f:57:76:
         c7:e5:c7:94:03:e6:a3:f6:6b:e5:5d:1e:e1:d0:de:ac:98:c1:
         66:18:65:9f:b0:4d:09:49:25:54:f0:17:04:d9:6d:a2:e0:ef:
         a3:6c:2b:ae:0b:99:55:dd:3c:07:1e:8f:18:47:d0:c0:f1:8e:
         4d:82:d8:e6:5b:14:eb:e5:d7:11:8c:84:ff:d7:25:d5:00:6d:
         8a:d0:44:0d:9f:65:12:83:26:12:76:e0:fc:ff:2a:c9:16:00:
         94:32:bd:3c:f5:f6:c4:4b:6e:9a:17:85:fd:9f:12:42:9d:2d:
         0d:ba:b3:3f:bb:e1:f8:c9:34:c3:92:32:d8:7b:0a:e9:03:f5:
         b8:c1:fe:3d:f3:fa:24:ef:75:a4:e4:7d:89:8f:ee:84:42:d8:
         5e:ca:3d:92:63:5d:74:6f:c2:11:fa:3c:04:d5:13:74:29:4d:
         16:05:56:27:54:b4:06:bc:f5:69:ce:e1:48:d6:d8:ca:4e:96:
         f5:83:10:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnrvG8zjiJTl2DISQTLK8UlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDE2MDYzNjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjFmYzg5YjFhMzFiOTM3ZjUxZjhmN2M0MGUzMThlNTdkNDBhODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqe5kcRu/m3whItEONOe+G5q5Hao9
ND5FuVRPVZ+KktwHiA4gplO1KiaOjBIGeLA2djEOnEfxgfSBtonhkHIYd4uWYrjf
mYFQ3mk21Ffk0nPerSBjJt02Yzy5Xl2zVsw8MDmDEy8BrOxKecHkSGqlKq8uU5r/
xIzv7z/OEl95hPpsVP31AkNo/2PwK5/mluE8ShdGRNTYOSv3rKkN/G24D6LJjecV
IDQ6YGnD1tFS8v0zbg9RF5W0n9dWw6B4Dqi4HjaWDJl7hOiQRdVAS/SxtEizyq6Y
rjHAmHiXeprai+maFUQZcOT9vFcfjOvcUKRRj92LyftD/kA6ZOPnFnXCewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsfyJsaMbk39R+PfEDjGOV9QKiAMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEveXhfSW14b3h1VGYxSDQ5OFFPTVk1WDFBcUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwufFMA0G
CSqGSIb3DQEBCwUAA4IBAQBsAYglxQNYWCYMPOiT0I5rjJxQr2BftpaikDBPK6E4
SEQV+W0gTluqrJozPxUTYKtGbHfOkCH/rVhux0tuKFeEUQ8K70Q/V3bH5ceUA+aj
9mvlXR7h0N6smMFmGGWfsE0JSSVU8BcE2W2i4O+jbCuuC5lV3TwHHo8YR9DA8Y5N
gtjmWxTr5dcRjIT/1yXVAG2K0EQNn2USgyYSduD8/yrJFgCUMr089fbES26aF4X9
nxJCnS0NurM/u+H4yTTDkjLYewrpA/W4wf498/ok73Wk5H2Jj+6EQtheyj2SY110
b8IR+jwE1RN0KU0WBVYnVLQGvPVpzuFI1tjKTpb1gxC7
-----END CERTIFICATE-----