Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/v2MIzwur_YBYLaC93lV_QCNZAkM.roa
File:                     v2MIzwur_YBYLaC93lV_QCNZAkM.roa (raw, json)
Hash identifier:          i9Txq1PwoSa1dtJUPXYcpynz/2PAkBZiK33z/81vpJw=
Subject key identifier:   BF:63:08:CF:0B:AB:FD:80:58:2D:A0:BD:DE:55:7F:40:23:59:02:43
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0198769407316A18D638ADD37B95F7E06B8C
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/v2MIzwur_YBYLaC93lV_QCNZAkM.roa
Signing time:             Mon 04 Aug 2025 19:34:29 +0000
ROA not before:           Mon 04 Aug 2025 19:34:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        193.168.203.0/24 maxlen: 24
                          207.244.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:76:94:07:31:6a:18:d6:38:ad:d3:7b:95:f7:e0:6b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Aug  4 19:34:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf6308cf0babfd80582da0bdde557f4023590243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:40:7e:07:8d:d6:22:a3:31:72:00:87:7d:5b:
                    22:03:7d:a0:30:c8:9b:ea:1d:12:c5:5f:0b:59:89:
                    3b:90:40:13:0a:8c:7e:3a:cd:79:a1:db:3f:fc:ca:
                    6c:90:63:ab:ff:6a:61:44:a4:84:8a:4a:b3:6d:7a:
                    78:b4:80:71:2e:20:76:b3:74:f5:07:35:f8:08:8b:
                    7b:aa:78:5d:96:d9:0d:26:4b:76:29:00:2d:ab:d1:
                    2e:db:9d:36:12:17:03:da:c1:fa:0e:25:4a:2a:c3:
                    0b:23:86:6a:c8:82:a2:6f:44:d7:b8:aa:1f:a2:ff:
                    a4:04:3d:67:a7:32:e8:73:5a:73:81:96:19:ca:76:
                    cb:a7:9f:07:de:a4:ba:b3:99:21:56:48:47:62:85:
                    48:d4:1d:0b:e7:ad:49:1f:78:78:52:b4:1b:95:58:
                    ca:e0:01:07:50:86:54:df:c5:14:5c:30:9d:b7:db:
                    a6:dc:5c:0b:85:7f:41:1c:2b:5d:2d:f8:cf:74:7a:
                    f2:2a:5c:4b:d1:3e:0c:e5:f3:67:38:d3:13:77:14:
                    39:1c:16:9f:3b:a0:be:cf:da:57:84:c2:50:e4:76:
                    07:c5:df:56:f4:4c:fc:22:c4:1d:c7:d6:c7:f1:39:
                    71:4a:e8:53:bf:8e:4b:2b:ab:dd:b9:e8:3d:e8:58:
                    d2:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:63:08:CF:0B:AB:FD:80:58:2D:A0:BD:DE:55:7F:40:23:59:02:43
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/v2MIzwur_YBYLaC93lV_QCNZAkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.203.0/24
                  207.244.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:e0:df:1e:d8:d5:f0:81:57:9b:ad:1a:a4:5a:ee:7d:83:b7:
         e0:58:6e:a6:ae:9c:f2:76:48:15:71:e6:07:22:3e:8d:27:96:
         4f:95:23:22:7f:59:ba:5d:98:31:a0:e4:00:15:c5:97:f2:85:
         65:cb:39:a1:01:c2:62:a9:45:65:a8:80:31:b2:8b:62:29:26:
         83:39:a7:47:28:91:ee:bc:97:65:9c:7c:e5:fc:a2:3f:68:a0:
         91:93:3b:01:2a:6c:0b:ed:7a:d7:da:17:13:50:4b:9e:8f:37:
         7e:ab:0c:33:3c:98:59:50:4a:18:03:9c:7e:b6:1a:f6:59:0c:
         0a:45:2b:9e:57:85:e5:fb:b8:58:a8:88:c6:81:8e:da:6c:67:
         df:ad:44:ef:7f:c5:86:3e:f8:8d:d2:6d:ed:07:1e:04:14:eb:
         8c:d5:3f:db:e2:45:6d:a9:a7:9c:90:77:2f:d0:28:54:d8:23:
         1a:98:e2:d9:ae:1b:6b:22:d8:52:9f:3c:17:03:57:97:52:d5:
         b2:ed:f5:b2:dc:92:98:e2:25:5f:b1:c7:1c:94:a5:45:61:cf:
         e4:d8:a5:d1:8a:ae:54:2f:5e:7c:0c:cc:fb:31:97:81:e0:16:
         21:a2:e6:ac:20:cb:5c:a9:e2:8b:cc:84:94:66:c6:77:49:33:
         97:2d:76:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh2lAcxahjWOK3Te5X34GuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwODA0MTkzNDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjYzMDhjZjBiYWJmZDgwNTgyZGEwYmRkZTU1N2Y0MDIzNTkwMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0B+B43WIqMxcgCHfVsiA32gMMib
6h0SxV8LWYk7kEATCox+Os15ods//MpskGOr/2phRKSEikqzbXp4tIBxLiB2s3T1
BzX4CIt7qnhdltkNJkt2KQAtq9Eu2502EhcD2sH6DiVKKsMLI4ZqyIKib0TXuKof
ov+kBD1npzLoc1pzgZYZynbLp58H3qS6s5khVkhHYoVI1B0L561JH3h4UrQblVjK
4AEHUIZU38UUXDCdt9um3FwLhX9BHCtdLfjPdHryKlxL0T4M5fNnONMTdxQ5HBaf
O6C+z9pXhMJQ5HYHxd9W9Ez8IsQdx9bH8TlxSuhTv45LK6vdueg96FjSkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL9jCM8Lq/2AWC2gvd5Vf0AjWQJDMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdjJNSXp3dXJfWUJZTGFDOTNsVl9RQ05aQWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwajLAwQA
z/TGMA0GCSqGSIb3DQEBCwUAA4IBAQCc4N8e2NXwgVebrRqkWu59g7fgWG6mrpzy
dkgVceYHIj6NJ5ZPlSMif1m6XZgxoOQAFcWX8oVlyzmhAcJiqUVlqIAxsotiKSaD
OadHKJHuvJdlnHzl/KI/aKCRkzsBKmwL7XrX2hcTUEuejzd+qwwzPJhZUEoYA5x+
thr2WQwKRSueV4Xl+7hYqIjGgY7abGffrUTvf8WGPviN0m3tBx4EFOuM1T/b4kVt
qaeckHcv0ChU2CMamOLZrhtrIthSnzwXA1eXUtWy7fWy3JKY4iVfsccclKVFYc/k
2KXRiq5UL158DMz7MZeB4BYhouasIMtcqeKLzISUZsZ3STOXLXYA
-----END CERTIFICATE-----