Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/X-ovg56cyG9mj0-kt5vjI1etIwc.roa
File:                     X-ovg56cyG9mj0-kt5vjI1etIwc.roa (raw, json)
Hash identifier:          KA36HRkYB2p3Z6GTTFZ+dTF+JTQ5BMg/GNa/wi7jCGg=
Subject key identifier:   5F:EA:2F:83:9E:9C:C8:6F:66:8F:4F:A4:B7:9B:E3:23:57:AD:23:07
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019861D24FBC1B0589483EC926E4CDD4D6B0
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/X-ovg56cyG9mj0-kt5vjI1etIwc.roa
Signing time:             Thu 31 Jul 2025 18:50:29 +0000
ROA not before:           Thu 31 Jul 2025 18:50:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        193.23.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 02:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:d2:4f:bc:1b:05:89:48:3e:c9:26:e4:cd:d4:d6:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul 31 18:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fea2f839e9cc86f668f4fa4b79be32357ad2307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:97:99:5c:f4:08:a3:dc:4f:78:65:24:dc:dd:
                    52:7d:13:4c:93:97:4d:d0:a1:bf:e1:0b:bb:bd:9c:
                    bf:e3:94:aa:bd:52:7b:07:78:88:4e:9b:b8:c0:ab:
                    77:d3:cd:f0:68:bb:82:72:4d:85:7f:fe:2e:82:82:
                    71:da:66:af:e7:d9:bf:fa:41:31:4b:aa:73:7d:ed:
                    d8:b1:40:1c:68:db:e4:56:51:05:f5:e7:70:e0:98:
                    cf:1d:c9:a1:89:be:46:4f:06:59:27:7a:47:74:00:
                    05:f4:2e:49:d0:71:4c:f6:8e:39:c3:01:2d:3b:ae:
                    3d:f8:03:3c:29:8d:d0:ce:c8:1e:9a:8d:c6:6c:d3:
                    4c:10:0b:a2:d2:09:fe:e7:8b:82:c0:02:71:ad:36:
                    79:73:66:fd:44:48:bd:38:90:99:73:57:68:40:eb:
                    6e:27:56:94:a5:1b:1b:88:11:e3:ab:37:76:4a:b1:
                    99:a0:43:27:11:84:47:59:9c:3b:ee:e7:92:f8:7d:
                    28:fa:61:d7:bc:1b:d5:09:19:e2:5d:8b:94:68:e0:
                    64:29:34:34:62:94:a8:49:ab:d8:01:6b:f2:1f:27:
                    47:0b:ed:23:78:d3:bf:58:21:bf:ce:69:8b:c4:7f:
                    a3:e7:f8:8a:e1:71:11:c4:32:0a:5f:e7:9e:6a:06:
                    a7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:EA:2F:83:9E:9C:C8:6F:66:8F:4F:A4:B7:9B:E3:23:57:AD:23:07
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/X-ovg56cyG9mj0-kt5vjI1etIwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:37:df:a4:13:a6:26:6e:5b:5b:b4:bc:7c:05:e7:69:a0:9e:
         f7:91:75:9c:05:66:70:26:14:91:b4:eb:44:be:0b:8a:85:35:
         47:f6:95:94:13:38:43:d6:5e:97:ee:b5:90:b0:eb:bf:76:f5:
         17:d5:dd:23:75:48:52:70:1c:08:99:8a:18:ac:88:0e:8e:42:
         0d:98:42:08:18:1e:a8:5d:70:6a:cc:06:f2:2d:29:ed:be:96:
         5f:da:a3:b5:0c:75:92:46:3f:e3:a5:85:d8:c4:cd:e7:fe:36:
         2b:97:6e:0e:fd:c6:10:df:9c:5d:43:28:38:36:fc:6c:f0:87:
         db:6a:6f:cd:9f:72:e2:ea:fa:f7:00:61:b7:2c:ab:d4:73:d1:
         b6:44:aa:f8:2f:f9:fe:ee:e7:24:90:5d:82:c1:2b:76:9d:61:
         90:32:d5:78:5e:4e:d5:cb:25:42:b5:56:06:8e:75:3b:f2:c0:
         77:0a:10:59:fa:5d:4a:37:df:82:01:c0:ad:ed:d3:89:74:03:
         d4:d3:d4:60:fc:0b:bb:41:93:8e:b8:25:d8:a3:2b:29:d5:67:
         e7:ea:a8:c8:da:f7:8c:9a:ba:0e:f1:f9:b6:f0:8c:55:0d:fd:
         f3:d4:df:2d:02:47:a5:40:73:ee:24:86:1e:bb:47:e5:a6:6a:
         4f:9b:e8:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhh0k+8GwWJSD7JJuTN1NawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzMxMTg1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmVhMmY4MzllOWNjODZmNjY4ZjRmYTRiNzliZTMyMzU3YWQyMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZeZXPQIo9xPeGUk3N1SfRNMk5dN
0KG/4Qu7vZy/45SqvVJ7B3iITpu4wKt3083waLuCck2Ff/4ugoJx2mav59m/+kEx
S6pzfe3YsUAcaNvkVlEF9edw4JjPHcmhib5GTwZZJ3pHdAAF9C5J0HFM9o45wwEt
O649+AM8KY3Qzsgemo3GbNNMEAui0gn+54uCwAJxrTZ5c2b9REi9OJCZc1doQOtu
J1aUpRsbiBHjqzd2SrGZoEMnEYRHWZw77ueS+H0o+mHXvBvVCRniXYuUaOBkKTQ0
YpSoSavYAWvyHydHC+0jeNO/WCG/zmmLxH+j5/iK4XERxDIKX+eeaganVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/qL4OenMhvZo9PpLeb4yNXrSMHMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWC1vdmc1NmN5RzltajAta3Q1dmpJMWV0SXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRfAMA0G
CSqGSIb3DQEBCwUAA4IBAQAlN9+kE6YmbltbtLx8BedpoJ73kXWcBWZwJhSRtOtE
vguKhTVH9pWUEzhD1l6X7rWQsOu/dvUX1d0jdUhScBwImYoYrIgOjkINmEIIGB6o
XXBqzAbyLSntvpZf2qO1DHWSRj/jpYXYxM3n/jYrl24O/cYQ35xdQyg4Nvxs8Ifb
am/Nn3Li6vr3AGG3LKvUc9G2RKr4L/n+7uckkF2CwSt2nWGQMtV4Xk7VyyVCtVYG
jnU78sB3ChBZ+l1KN9+CAcCt7dOJdAPU09Rg/Au7QZOOuCXYoysp1Wfn6qjI2veM
mroO8fm28IxVDf3z1N8tAkelQHPuJIYeu0flpmpPm+gr
-----END CERTIFICATE-----