Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qjn3q0PPIJ5bu7efnzf_ZURzAMU.roa
File:                     qjn3q0PPIJ5bu7efnzf_ZURzAMU.roa (raw, json)
Hash identifier:          +JYR4InIPd6ELovQQrF/BV+axvUZ/aYV9JrgLorBJo0=
Subject key identifier:   AA:39:F7:AB:43:CF:20:9E:5B:BB:B7:9F:9F:37:FF:65:44:73:00:C5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0197564FC6371E3462D36B77507233323018
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qjn3q0PPIJ5bu7efnzf_ZURzAMU.roa
Signing time:             Mon 09 Jun 2025 20:09:18 +0000
ROA not before:           Mon 09 Jun 2025 20:09:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        193.23.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:56:4f:c6:37:1e:34:62:d3:6b:77:50:72:33:32:30:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  9 20:09:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa39f7ab43cf209e5bbbb79f9f37ff65447300c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8f:08:d2:c6:d9:c0:37:86:d3:b4:f8:33:f8:
                    f4:81:a5:c8:d2:0d:65:24:45:de:28:77:c2:cc:10:
                    50:10:eb:ce:5d:46:99:af:dd:2d:a7:4c:d3:76:b2:
                    57:9b:da:c6:49:32:a4:1b:fe:82:d8:b4:da:fc:d3:
                    08:a1:cb:22:83:2f:79:49:3a:b7:24:7f:c0:3a:c8:
                    8d:37:a8:34:83:93:9a:d6:f6:2b:85:8a:50:61:ec:
                    3c:42:da:d4:1f:12:12:1d:48:7a:f9:e2:07:83:4e:
                    5e:0d:cf:2a:52:ff:39:9b:9a:a3:1d:73:24:12:8f:
                    d7:a6:73:ff:dd:a9:75:1a:b5:cd:33:46:70:34:b7:
                    69:39:73:f8:19:2a:5c:ae:36:f5:5f:a4:0e:b3:c5:
                    43:30:17:e9:53:e5:ce:68:5c:98:f2:bf:07:2e:90:
                    40:e4:29:2d:ab:c0:45:a6:92:6c:f6:72:0a:bc:8c:
                    e8:24:26:15:2d:42:b3:4e:9d:61:7d:7f:0c:cc:03:
                    b2:a7:6e:ff:1c:06:09:38:68:5d:ac:5c:b9:22:46:
                    ce:a4:52:03:03:d5:98:45:c9:b6:1b:96:a8:6f:b2:
                    5c:d0:e7:12:c4:61:61:fb:50:c4:7b:31:b1:41:13:
                    65:4e:f2:80:b2:a7:42:83:20:11:af:8f:88:49:47:
                    83:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:39:F7:AB:43:CF:20:9E:5B:BB:B7:9F:9F:37:FF:65:44:73:00:C5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qjn3q0PPIJ5bu7efnzf_ZURzAMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:5f:ff:47:e2:42:55:bb:02:f2:57:a6:19:51:55:54:ca:a5:
         51:f0:fc:0a:f4:58:4d:4c:80:9b:f5:5d:90:f0:1e:32:c3:5f:
         ff:f5:c7:e7:e2:17:ed:ae:22:37:7d:77:51:6c:e3:25:8a:a9:
         0d:02:60:c9:8e:89:c4:4a:d4:b5:9d:d4:69:32:bd:18:c0:fd:
         a5:18:81:d3:90:4f:de:cb:b3:f3:94:a4:d4:44:a3:16:60:e7:
         0b:68:c7:1d:2c:5a:be:78:03:fc:f2:b5:ed:0b:a0:01:0b:b4:
         18:30:88:c0:e9:76:68:32:aa:7f:54:e6:37:18:5f:bc:f8:8e:
         f1:cb:51:c5:c5:81:4e:64:d1:bc:a0:e2:1e:04:f1:2b:23:d9:
         c6:5a:92:90:ad:d3:3e:83:82:11:d1:a7:28:c9:88:b0:3c:cc:
         99:5a:ee:ab:71:44:2d:61:56:79:ca:7e:f7:27:04:2c:7b:bb:
         45:d5:8c:83:54:92:a2:b7:d9:b5:32:bc:4a:18:ea:6c:6f:66:
         2c:10:bf:ca:fe:ca:36:8d:5c:89:27:13:81:d1:cc:7c:a2:b5:
         78:4d:f2:34:c0:80:1f:ec:0c:77:f2:3a:e2:99:0b:64:d9:19:
         dd:45:fc:64:aa:99:16:84:34:cf:28:03:d1:0c:98:5e:6f:79:
         3f:c5:e2:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdWT8Y3HjRi02t3UHIzMjAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNjA5MjAwOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTM5ZjdhYjQzY2YyMDllNWJiYmI3OWY5ZjM3ZmY2NTQ0NzMwMGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm48I0sbZwDeG07T4M/j0gaXI0g1l
JEXeKHfCzBBQEOvOXUaZr90tp0zTdrJXm9rGSTKkG/6C2LTa/NMIocsigy95STq3
JH/AOsiNN6g0g5Oa1vYrhYpQYew8QtrUHxISHUh6+eIHg05eDc8qUv85m5qjHXMk
Eo/XpnP/3al1GrXNM0ZwNLdpOXP4GSpcrjb1X6QOs8VDMBfpU+XOaFyY8r8HLpBA
5Cktq8BFppJs9nIKvIzoJCYVLUKzTp1hfX8MzAOyp27/HAYJOGhdrFy5IkbOpFID
A9WYRcm2G5aob7Jc0OcSxGFh+1DEezGxQRNlTvKAsqdCgyARr4+ISUeDTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKo596tDzyCeW7u3n583/2VEcwDFMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcWpuM3EwUFBJSjVidTdlZm56Zl9aVVJ6QU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfEMA0G
CSqGSIb3DQEBCwUAA4IBAQBTX/9H4kJVuwLyV6YZUVVUyqVR8PwK9FhNTICb9V2Q
8B4yw1//9cfn4hftriI3fXdRbOMliqkNAmDJjonEStS1ndRpMr0YwP2lGIHTkE/e
y7PzlKTURKMWYOcLaMcdLFq+eAP88rXtC6ABC7QYMIjA6XZoMqp/VOY3GF+8+I7x
y1HFxYFOZNG8oOIeBPErI9nGWpKQrdM+g4IR0acoyYiwPMyZWu6rcUQtYVZ5yn73
JwQse7tF1YyDVJKit9m1MrxKGOpsb2YsEL/K/so2jVyJJxOB0cx8orV4TfI0wIAf
7Ax38jrimQtk2RndRfxkqpkWhDTPKAPRDJheb3k/xeKw
-----END CERTIFICATE-----