Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/23cjywgox101LeW5GrrQWi4IHG0.roa
File:                     23cjywgox101LeW5GrrQWi4IHG0.roa (raw, json)
Hash identifier:          uYyFedbey5ChPUlaasPp5Y63DNZ1EjHPXUKggcmyWcA=
Subject key identifier:   DB:77:23:CB:08:28:C7:5D:35:2D:E5:B9:1A:BA:D0:5A:2E:08:1C:6D
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       01982D8A27ED861593093FC77AEF6A0CB0D2
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/23cjywgox101LeW5GrrQWi4IHG0.roa
Signing time:             Mon 21 Jul 2025 15:11:25 +0000
ROA not before:           Mon 21 Jul 2025 15:11:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        2a12:3f80::/29 maxlen: 29
                          2a12:6d80::/29 maxlen: 29
                          2a13:c540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 18:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:8a:27:ed:86:15:93:09:3f:c7:7a:ef:6a:0c:b0:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jul 21 15:11:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db7723cb0828c75d352de5b91abad05a2e081c6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:64:ac:bf:29:31:c2:62:82:4f:3e:90:19:fe:
                    eb:cb:e8:cd:31:68:ed:e5:9f:d1:a1:e9:a8:0e:dc:
                    25:e0:fd:c4:c1:f7:21:eb:39:89:03:c8:b6:ff:d4:
                    99:7a:b1:e5:75:51:ec:28:8a:fd:63:2e:cf:71:23:
                    10:4a:47:e8:77:72:ca:b6:0d:c4:21:e8:4c:3c:f2:
                    95:4c:93:4c:9c:a2:ca:79:6f:23:43:43:3a:a8:36:
                    c1:c1:8c:a5:72:7f:d3:76:7b:12:45:7c:c7:d7:75:
                    8b:35:d3:7b:22:eb:a9:dd:4f:1c:b8:60:4a:1e:95:
                    10:5c:7c:eb:54:86:a4:b7:ce:3a:22:98:74:f4:9b:
                    9e:32:53:49:f1:8f:56:22:55:07:46:42:c8:84:84:
                    9d:e7:90:fd:ef:34:ea:1a:34:90:80:48:cc:b2:90:
                    b3:15:a0:d7:d0:5b:90:49:6c:1f:f9:36:c0:20:e7:
                    f1:b5:34:39:ca:bb:fa:5a:66:28:b2:23:7a:c3:fe:
                    4e:3d:a6:2a:d7:75:6f:be:ee:7b:fe:38:cb:22:dc:
                    b0:ef:86:f1:f2:da:ee:a0:fe:c3:e7:9e:73:50:8e:
                    c4:40:a4:7a:af:f6:b1:af:3c:02:c8:1c:32:19:a5:
                    aa:68:12:68:a6:a0:56:53:5f:ec:fd:c4:7e:26:d7:
                    9c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:77:23:CB:08:28:C7:5D:35:2D:E5:B9:1A:BA:D0:5A:2E:08:1C:6D
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/23cjywgox101LeW5GrrQWi4IHG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3f80::/29
                  2a12:6d80::/29
                  2a13:c540::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:45:c5:74:2c:ab:a4:fc:54:c0:23:23:53:68:3f:ef:1b:d3:
         f6:50:21:04:0c:1e:59:f4:49:a2:cc:75:9b:21:42:c8:a7:f5:
         a6:cd:16:e6:7d:c1:ab:fb:3f:18:51:06:67:33:cf:f8:e5:ea:
         79:81:69:cf:bc:ff:b5:4c:b9:88:8e:b7:5a:c1:53:33:4e:69:
         a0:45:23:a1:1d:dd:ab:ba:ec:80:46:b2:11:b7:8f:39:cf:ac:
         2d:d5:19:98:42:68:62:dd:63:05:21:9a:a7:79:5e:ca:ee:fa:
         39:2b:61:af:54:56:18:9b:73:5e:3c:54:83:4d:2a:04:83:79:
         fa:d7:05:f1:4a:5d:07:d1:a2:44:15:81:bd:25:14:b3:13:eb:
         b9:91:20:47:5a:a8:b2:65:02:3d:95:d8:53:d5:a5:5e:6b:bf:
         32:42:7a:7a:ba:75:5c:11:77:8a:d5:ce:22:dc:94:a0:8f:c5:
         91:c9:44:05:42:08:3a:38:4d:e6:6c:77:35:f3:af:52:06:f4:
         27:1b:2a:8a:70:e7:6a:d7:b9:b3:13:f9:cd:03:17:b3:47:a7:
         79:4c:1e:30:a9:8f:dd:ef:53:ca:f1:0c:9d:cd:aa:12:82:a4:
         e6:00:18:57:47:5b:19:3b:de:e0:e6:65:48:cb:b7:2b:47:de:
         ca:21:5b:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZgtiifthhWTCT/Heu9qDLDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjUwNzIxMTUxMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjc3MjNjYjA4MjhjNzVkMzUyZGU1YjkxYWJhZDA1YTJlMDgxYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWSsvykxwmKCTz6QGf7ry+jNMWjt
5Z/RoemoDtwl4P3Ewfch6zmJA8i2/9SZerHldVHsKIr9Yy7PcSMQSkfod3LKtg3E
IehMPPKVTJNMnKLKeW8jQ0M6qDbBwYylcn/TdnsSRXzH13WLNdN7Iuup3U8cuGBK
HpUQXHzrVIakt846Iph09JueMlNJ8Y9WIlUHRkLIhISd55D97zTqGjSQgEjMspCz
FaDX0FuQSWwf+TbAIOfxtTQ5yrv6WmYosiN6w/5OPaYq13Vvvu57/jjLItyw74bx
8truoP7D555zUI7EQKR6r/axrzwCyBwyGaWqaBJopqBWU1/s/cR+JtecVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNt3I8sIKMddNS3luRq60FouCBxtMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvMjNjanl3Z294MTAxTGVXNUdyclFXaTRJSEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhI/gAMF
AyoSbYADBQMqE8VAMA0GCSqGSIb3DQEBCwUAA4IBAQBqRcV0LKuk/FTAIyNTaD/v
G9P2UCEEDB5Z9EmizHWbIULIp/WmzRbmfcGr+z8YUQZnM8/45ep5gWnPvP+1TLmI
jrdawVMzTmmgRSOhHd2ruuyARrIRt485z6wt1RmYQmhi3WMFIZqneV7K7vo5K2Gv
VFYYm3NePFSDTSoEg3n61wXxSl0H0aJEFYG9JRSzE+u5kSBHWqiyZQI9ldhT1aVe
a78yQnp6unVcEXeK1c4i3JSgj8WRyUQFQgg6OE3mbHc1869SBvQnGyqKcOdq17mz
E/nNAxezR6d5TB4wqY/d71PK8QydzaoSgqTmABhXR1sZO97g5mVIy7crR97KIVtC
-----END CERTIFICATE-----