Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qSbpao8R6QXs1u2Yw2u4X2XHVFQ.roa
File:                     qSbpao8R6QXs1u2Yw2u4X2XHVFQ.roa (raw, json)
Hash identifier:          ofXZB46TauILkzwCbP4KjVB58kze4OYw22LMId1lyJk=
Subject key identifier:   A9:26:E9:6A:8F:11:E9:05:EC:D6:ED:98:C3:6B:B8:5F:65:C7:54:54
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01965620C57D634702E3C5F40C2E47BC6273
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qSbpao8R6QXs1u2Yw2u4X2XHVFQ.roa
Signing time:             Mon 21 Apr 2025 02:15:10 +0000
ROA not before:           Mon 21 Apr 2025 02:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210457
IP address blocks:        193.23.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 12:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:56:20:c5:7d:63:47:02:e3:c5:f4:0c:2e:47:bc:62:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 21 02:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a926e96a8f11e905ecd6ed98c36bb85f65c75454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:71:39:18:44:53:d0:e2:59:36:08:43:d2:2e:
                    a2:9f:ca:29:f3:fa:54:a6:c6:e3:de:2d:4f:61:cb:
                    a5:8a:eb:c3:77:6e:dd:03:3b:86:38:58:e8:09:db:
                    cb:42:61:a9:fa:53:d2:1c:df:28:a0:2d:02:84:7a:
                    5d:c2:d1:da:95:c5:fc:aa:95:1e:ac:12:f7:ee:cc:
                    05:7f:30:2a:2c:2d:fa:9a:7d:39:bb:2c:68:d7:23:
                    e2:94:c8:a4:60:b2:a3:5c:d6:ab:2d:f2:0c:f5:62:
                    44:1c:b9:d2:06:08:56:20:54:37:21:c0:3c:a5:28:
                    98:2d:96:55:59:bf:61:fd:4d:a6:ee:36:68:0f:1f:
                    3e:b8:4d:ac:c1:08:29:c2:e8:90:ae:93:6d:a8:af:
                    19:d8:ea:d0:4d:b5:56:88:6a:e9:52:b4:96:47:2a:
                    1d:89:73:b8:25:37:68:ec:28:79:63:51:17:6f:4b:
                    d4:36:48:76:65:5a:34:5c:01:7d:f2:f7:3a:20:dc:
                    1a:4c:74:81:e0:9d:39:79:3b:ab:cb:1d:b1:37:80:
                    a5:64:4f:0d:5b:7d:5a:99:1f:a8:5d:4d:c7:9c:f2:
                    0e:32:2f:a1:bc:7e:dd:83:49:7f:17:0b:f5:e9:a9:
                    b3:4b:98:ed:f2:eb:14:98:6b:96:dd:f6:f1:db:70:
                    26:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:26:E9:6A:8F:11:E9:05:EC:D6:ED:98:C3:6B:B8:5F:65:C7:54:54
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qSbpao8R6QXs1u2Yw2u4X2XHVFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:91:7a:18:d2:63:6a:8f:7f:f0:b3:9c:fe:bd:75:52:9a:ed:
         08:57:a1:c1:25:d8:25:95:82:87:53:54:cd:ba:7a:45:31:1c:
         cc:07:49:b2:ee:bd:d0:4f:0e:f6:be:67:5f:06:62:9c:11:3a:
         6b:f8:dc:1b:34:0f:b5:bf:d3:e8:b1:4c:08:4e:33:7c:b6:81:
         92:3d:7e:59:12:28:89:4a:a3:8d:b7:99:ec:fb:90:34:9e:de:
         9e:1b:6c:d0:bf:9c:69:6b:da:7b:1a:e6:ce:38:b5:b0:0a:a3:
         83:62:a0:7e:e7:91:d4:9e:1a:55:ad:e9:bd:7e:92:5d:c5:a0:
         72:0d:db:c3:f8:ee:c7:02:73:9d:cc:b6:e6:25:b1:d7:c0:80:
         29:82:5f:70:78:ad:60:73:5e:4c:42:75:0e:d2:5e:7c:67:cf:
         ad:4a:ef:06:24:45:84:4b:13:26:19:29:f5:4b:07:14:fc:b6:
         d1:e3:6e:bb:fa:57:e4:ce:a7:27:1c:82:d7:0a:00:90:10:fc:
         d8:9b:12:82:14:02:eb:21:58:13:74:06:98:9f:b2:38:8e:65:
         66:71:35:2a:d6:69:bc:9d:68:98:c7:16:41:6e:63:6e:78:db:
         3b:f1:64:a2:45:25:9e:e7:2f:4a:4c:4b:c4:c9:fd:81:e4:27:
         65:69:3b:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZWIMV9Y0cC48X0DC5HvGJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNDIxMDIxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTI2ZTk2YThmMTFlOTA1ZWNkNmVkOThjMzZiYjg1ZjY1Yzc1NDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHE5GERT0OJZNghD0i6in8op8/pU
psbj3i1PYculiuvDd27dAzuGOFjoCdvLQmGp+lPSHN8ooC0ChHpdwtHalcX8qpUe
rBL37swFfzAqLC36mn05uyxo1yPilMikYLKjXNarLfIM9WJEHLnSBghWIFQ3IcA8
pSiYLZZVWb9h/U2m7jZoDx8+uE2swQgpwuiQrpNtqK8Z2OrQTbVWiGrpUrSWRyod
iXO4JTdo7Ch5Y1EXb0vUNkh2ZVo0XAF98vc6INwaTHSB4J05eTuryx2xN4ClZE8N
W31amR+oXU3HnPIOMi+hvH7dg0l/Fwv16amzS5jt8usUmGuW3fbx23AmswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkm6WqPEekF7NbtmMNruF9lx1RUMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcVNicGFvOFI2UVhzMXUyWXcydTRYMlhIVkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfHMA0G
CSqGSIb3DQEBCwUAA4IBAQCakXoY0mNqj3/ws5z+vXVSmu0IV6HBJdgllYKHU1TN
unpFMRzMB0my7r3QTw72vmdfBmKcETpr+NwbNA+1v9PosUwITjN8toGSPX5ZEiiJ
SqONt5ns+5A0nt6eG2zQv5xpa9p7GubOOLWwCqODYqB+55HUnhpVrem9fpJdxaBy
DdvD+O7HAnOdzLbmJbHXwIApgl9weK1gc15MQnUO0l58Z8+tSu8GJEWESxMmGSn1
SwcU/LbR4267+lfkzqcnHILXCgCQEPzYmxKCFALrIVgTdAaYn7I4jmVmcTUq1mm8
nWiYxxZBbmNueNs78WSiRSWe5y9KTEvEyf2B5CdlaTu6
-----END CERTIFICATE-----