Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PCrnzM27m_gargGZ9ylIhhzHvSE.roa
File:                     PCrnzM27m_gargGZ9ylIhhzHvSE.roa (raw, json)
Hash identifier:          6s3SRX4vbA35QaqChMrHCzmBjK50KbRqLwu/jy5I+uw=
Subject key identifier:   3C:2A:E7:CC:CD:BB:9B:F8:1A:AE:01:99:F7:29:48:86:1C:C7:BD:21
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019658EB3E7F2337488694D5E98610B18EC9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PCrnzM27m_gargGZ9ylIhhzHvSE.roa
Signing time:             Mon 21 Apr 2025 15:15:33 +0000
ROA not before:           Mon 21 Apr 2025 15:15:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214417
IP address blocks:        193.23.216.0/24 maxlen: 24
                          193.23.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:58:eb:3e:7f:23:37:48:86:94:d5:e9:86:10:b1:8e:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 21 15:15:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c2ae7cccdbb9bf81aae0199f72948861cc7bd21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f9:56:27:cd:c3:67:ff:07:51:b6:09:01:d6:
                    c7:a2:48:aa:db:5c:81:57:23:ec:0b:f2:af:fe:07:
                    1e:b5:28:79:64:37:d0:3b:ce:76:99:b2:9e:aa:cd:
                    5c:8b:dc:00:b8:90:3c:20:f3:ba:e5:39:9a:6d:93:
                    d4:a1:ae:4b:19:7d:10:a3:b0:13:3a:56:a4:a2:10:
                    50:ec:5d:af:31:aa:42:c7:4a:b0:70:9e:dd:da:19:
                    cd:c8:3e:6f:d3:da:44:ab:78:d1:1a:7e:4f:d7:d0:
                    90:6a:49:06:81:c6:11:97:3e:70:d1:db:a6:9a:5c:
                    6f:8b:e0:d4:aa:ca:9a:67:63:8c:01:08:4d:c9:55:
                    92:50:97:67:af:e8:92:88:f1:4d:4f:2d:ed:fa:99:
                    fe:46:85:cb:cf:02:b1:d6:40:23:4e:66:dd:f0:7c:
                    ab:fa:b0:1d:95:b6:c7:42:5f:bd:5a:69:3c:8a:48:
                    ff:5e:98:d0:38:9b:18:85:2e:78:4f:41:16:4d:e1:
                    f5:62:a9:56:60:19:c3:ba:9f:33:0c:01:7f:a0:30:
                    6f:50:63:6f:a4:80:5e:2e:5b:be:76:f8:8d:3e:b1:
                    a6:bb:26:4a:2e:93:18:4c:cf:56:80:33:28:dc:fe:
                    9b:90:9a:bf:89:82:be:0a:70:18:ea:4e:22:74:22:
                    4e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:2A:E7:CC:CD:BB:9B:F8:1A:AE:01:99:F7:29:48:86:1C:C7:BD:21
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PCrnzM27m_gargGZ9ylIhhzHvSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.216.0/24
                  193.23.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:65:df:f6:8d:83:c5:c1:67:8a:a3:6a:94:7b:4d:78:04:e0:
         4b:a9:03:09:23:25:22:a6:ad:9f:ee:75:15:67:06:50:0b:5f:
         7f:1e:1a:8c:ae:92:ce:4e:e0:76:dd:44:a2:39:f3:41:f8:d6:
         63:c9:83:b9:a1:8b:2f:f1:af:e7:2c:aa:96:b8:3b:46:97:b2:
         c5:2c:4d:dc:4e:d0:90:02:0c:46:4d:cc:d9:f7:f6:b2:34:cd:
         8a:91:37:c0:ef:d3:7e:06:90:d4:b4:7d:be:e5:bc:ff:42:57:
         95:fe:11:24:8b:7d:74:d2:4f:52:96:64:0d:33:1c:40:41:30:
         af:6f:1f:9e:cd:bb:04:3a:9c:f9:ec:27:50:e4:90:05:c2:06:
         c6:e7:d5:35:01:84:f6:d8:16:38:35:41:09:6d:a5:c0:8a:4f:
         12:70:64:ef:ca:ad:eb:43:b4:f7:16:35:ea:1f:2e:69:1a:fb:
         da:e2:c4:67:b5:26:91:95:30:7b:28:f7:73:ff:88:0a:11:f8:
         c4:13:fd:63:39:12:cd:bf:2d:06:80:45:64:1d:37:88:09:b0:
         d1:49:77:09:83:54:32:0b:76:de:eb:bc:fc:aa:5e:46:b0:c8:
         93:e7:ee:15:f3:2e:a0:c5:99:1c:5a:ad:e7:80:69:c1:19:3f:
         16:ef:f7:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZY6z5/IzdIhpTV6YYQsY7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNDIxMTUxNTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzJhZTdjY2NkYmI5YmY4MWFhZTAxOTlmNzI5NDg4NjFjYzdiZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/lWJ83DZ/8HUbYJAdbHokiq21yB
VyPsC/Kv/gcetSh5ZDfQO852mbKeqs1ci9wAuJA8IPO65TmabZPUoa5LGX0Qo7AT
OlakohBQ7F2vMapCx0qwcJ7d2hnNyD5v09pEq3jRGn5P19CQakkGgcYRlz5w0dum
mlxvi+DUqsqaZ2OMAQhNyVWSUJdnr+iSiPFNTy3t+pn+RoXLzwKx1kAjTmbd8Hyr
+rAdlbbHQl+9Wmk8ikj/XpjQOJsYhS54T0EWTeH1YqlWYBnDup8zDAF/oDBvUGNv
pIBeLlu+dviNPrGmuyZKLpMYTM9WgDMo3P6bkJq/iYK+CnAY6k4idCJO6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDwq58zNu5v4Gq4BmfcpSIYcx70hMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUENybnpNMjdtX2dhcmdHWjl5bEloaHpIdlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRfYAwQA
wRfdMA0GCSqGSIb3DQEBCwUAA4IBAQAqZd/2jYPFwWeKo2qUe014BOBLqQMJIyUi
pq2f7nUVZwZQC19/HhqMrpLOTuB23USiOfNB+NZjyYO5oYsv8a/nLKqWuDtGl7LF
LE3cTtCQAgxGTczZ9/ayNM2KkTfA79N+BpDUtH2+5bz/QleV/hEki3100k9SlmQN
MxxAQTCvbx+ezbsEOpz57CdQ5JAFwgbG59U1AYT22BY4NUEJbaXAik8ScGTvyq3r
Q7T3FjXqHy5pGvva4sRntSaRlTB7KPdz/4gKEfjEE/1jORLNvy0GgEVkHTeICbDR
SXcJg1QyC3be67z8ql5GsMiT5+4V8y6gxZkcWq3ngGnBGT8W7/cX
-----END CERTIFICATE-----