Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/b7wq1I057Nq4CiB2gDYqBb44q7k.roa
File:                     b7wq1I057Nq4CiB2gDYqBb44q7k.roa (raw, json)
Hash identifier:          w+EszEZ5FPAvdkHXM4DvdY40M2/Y3QcEZ8ha7nGDHjw=
Subject key identifier:   6F:BC:2A:D4:8D:39:EC:DA:B8:0A:20:76:80:36:2A:05:BE:38:AB:B9
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019692E9139DAE681BF566A7ACA0681FD64E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/b7wq1I057Nq4CiB2gDYqBb44q7k.roa
Signing time:             Fri 02 May 2025 21:31:10 +0000
ROA not before:           Fri 02 May 2025 21:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209693
IP address blocks:        193.23.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:92:e9:13:9d:ae:68:1b:f5:66:a7:ac:a0:68:1f:d6:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  2 21:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fbc2ad48d39ecdab80a207680362a05be38abb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:10:ae:d6:d2:99:c4:64:47:fe:56:6c:97:b1:
                    a3:b1:5e:27:d2:48:5f:0d:f4:c7:6a:0f:3f:68:f5:
                    0d:95:44:5f:0b:af:78:fd:88:2d:e1:4e:f3:5d:e5:
                    0a:ec:9e:e0:c6:d6:07:1e:ba:e7:f5:aa:77:c5:7a:
                    d7:b7:b5:bf:7a:52:ab:62:30:0b:d5:14:8a:35:f8:
                    16:d8:5f:5f:fe:c6:6b:9e:4b:61:8d:c8:30:e2:e9:
                    dc:b7:94:52:ee:3d:a0:07:bc:9c:db:23:12:fb:51:
                    1f:9b:e6:69:90:46:51:36:1f:a1:b7:f1:37:02:df:
                    4e:63:25:93:78:95:0f:87:90:8f:d6:77:1e:01:f0:
                    e3:ff:65:ee:fb:98:3f:50:bb:ac:9e:ef:89:e1:81:
                    2c:cd:24:9a:41:b1:24:fe:da:3f:eb:94:7a:a7:5d:
                    e9:b5:30:19:57:1d:aa:6e:60:05:c5:97:ce:95:5a:
                    30:a2:8e:35:26:d0:33:01:0f:37:e5:d5:44:b5:29:
                    33:56:fc:1a:c7:64:9b:25:d1:ab:3f:65:00:e1:23:
                    d5:bf:93:3f:8b:71:a9:5d:a4:71:72:43:f0:15:13:
                    9f:05:22:ae:84:ab:67:9d:fe:03:00:54:e8:6c:e1:
                    2a:45:9d:39:1e:eb:40:85:e4:86:bc:6a:d6:8b:ea:
                    4f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BC:2A:D4:8D:39:EC:DA:B8:0A:20:76:80:36:2A:05:BE:38:AB:B9
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/b7wq1I057Nq4CiB2gDYqBb44q7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:95:36:6b:fc:ef:dc:37:f6:9e:21:c2:fb:24:13:9c:e6:98:
         e3:ed:3e:ac:fc:b2:99:b1:0a:13:e1:a1:8a:3c:c8:b2:6e:05:
         9f:72:7a:51:48:2b:28:cf:01:73:be:89:99:3b:7e:cd:f7:5a:
         1e:ea:4b:1d:93:a3:da:e5:bc:65:6d:e1:a3:ef:92:a4:68:c6:
         ed:2f:99:97:29:75:9b:f6:df:ab:4c:55:3a:02:62:93:b9:f6:
         b9:6d:19:07:95:2f:a9:cc:51:22:c4:8a:15:31:63:b4:11:35:
         fb:df:c2:93:aa:a7:37:5a:c5:f6:26:3c:13:b9:20:0e:79:7c:
         8b:5e:70:43:0d:d4:f9:ee:a0:20:ac:8c:dd:65:b7:90:7f:c1:
         e4:48:9a:e8:5d:30:c8:fd:ed:7a:51:07:65:13:40:67:63:83:
         69:98:17:57:a4:3b:56:50:23:0d:66:cd:a6:00:86:e3:e3:b4:
         03:53:a4:44:94:00:af:3f:c1:39:da:0e:d2:e4:ba:e2:e1:a5:
         3a:bd:b3:80:9d:82:10:37:18:81:f8:11:39:73:92:56:3c:39:
         e8:d1:19:49:48:97:93:b8:09:f9:ef:eb:cb:fe:1f:97:a8:d4:
         a8:ec:72:fa:70:73:dc:7a:fe:1e:79:5c:c1:db:4d:d6:93:40:
         d2:93:73:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaS6ROdrmgb9WanrKBoH9ZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNTAyMjEzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJjMmFkNDhkMzllY2RhYjgwYTIwNzY4MDM2MmEwNWJlMzhhYmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxCu1tKZxGRH/lZsl7GjsV4n0khf
DfTHag8/aPUNlURfC694/Ygt4U7zXeUK7J7gxtYHHrrn9ap3xXrXt7W/elKrYjAL
1RSKNfgW2F9f/sZrnkthjcgw4unct5RS7j2gB7yc2yMS+1Efm+ZpkEZRNh+ht/E3
At9OYyWTeJUPh5CP1nceAfDj/2Xu+5g/ULusnu+J4YEszSSaQbEk/to/65R6p13p
tTAZVx2qbmAFxZfOlVowoo41JtAzAQ835dVEtSkzVvwax2SbJdGrP2UA4SPVv5M/
i3GpXaRxckPwFROfBSKuhKtnnf4DAFTobOEqRZ05HutAheSGvGrWi+pPaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+8KtSNOezauAogdoA2KgW+OKu5MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYjd3cTFJMDU3TnE0Q2lCMmdEWXFCYjQ0cTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfYMA0G
CSqGSIb3DQEBCwUAA4IBAQCilTZr/O/cN/aeIcL7JBOc5pjj7T6s/LKZsQoT4aGK
PMiybgWfcnpRSCsozwFzvomZO37N91oe6ksdk6Pa5bxlbeGj75KkaMbtL5mXKXWb
9t+rTFU6AmKTufa5bRkHlS+pzFEixIoVMWO0ETX738KTqqc3WsX2JjwTuSAOeXyL
XnBDDdT57qAgrIzdZbeQf8HkSJroXTDI/e16UQdlE0BnY4NpmBdXpDtWUCMNZs2m
AIbj47QDU6RElACvP8E52g7S5Lri4aU6vbOAnYIQNxiB+BE5c5JWPDno0RlJSJeT
uAn57+vL/h+XqNSo7HL6cHPcev4eeVzB203Wk0DSk3MB
-----END CERTIFICATE-----