Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uy823XYGUuwQ3-xRW2q1xeFZ8Rc.roa
File:                     uy823XYGUuwQ3-xRW2q1xeFZ8Rc.roa (raw, json)
Hash identifier:          emNUeaU/VuHQsT0pIZKXqtdE6KIHfAr5Ytzr1MkWbBc=
Subject key identifier:   BB:2F:36:DD:76:06:52:EC:10:DF:EC:51:5B:6A:B5:C5:E1:59:F1:17
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0197F4DA60CDC545BDCA1A86F70A5EA81EE3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uy823XYGUuwQ3-xRW2q1xeFZ8Rc.roa
Signing time:             Thu 10 Jul 2025 15:00:41 +0000
ROA not before:           Thu 10 Jul 2025 15:00:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216475
IP address blocks:        93.88.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 15:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:da:60:cd:c5:45:bd:ca:1a:86:f7:0a:5e:a8:1e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 10 15:00:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb2f36dd760652ec10dfec515b6ab5c5e159f117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ab:37:0b:85:58:8d:bf:88:51:df:7a:59:00:
                    8e:9f:6b:40:0b:00:6f:11:b7:e5:43:16:30:80:d4:
                    80:e7:8b:63:dd:37:5e:2f:85:6c:ef:ac:f0:33:8d:
                    2f:63:5a:fa:3a:df:70:1e:4c:aa:14:8a:5b:44:00:
                    cb:1d:26:31:be:8a:89:4d:59:17:a1:9b:69:4e:39:
                    bc:fe:10:bd:19:20:8f:9c:a1:1f:91:07:95:33:3f:
                    c2:7e:cf:8f:3d:35:bd:f6:6b:94:6b:21:41:ef:7b:
                    63:2b:cc:1b:a8:63:ea:ee:2a:aa:86:f1:d9:8b:28:
                    22:28:da:04:4c:d5:d7:5c:f3:77:f5:bd:76:2a:12:
                    e5:d5:3e:2e:da:ce:57:9e:8e:90:8f:14:d6:2d:18:
                    43:f8:cf:d6:92:39:58:c9:b0:f3:eb:3c:76:b5:70:
                    b2:49:23:f9:47:ec:dd:68:65:06:33:b2:fa:f1:9c:
                    9f:a0:eb:71:75:13:59:46:d0:b8:1c:e1:b2:ef:bb:
                    f5:83:19:25:e5:a5:89:0d:1d:56:f9:fc:8d:ba:ee:
                    b9:7b:f2:7a:36:3f:cf:b3:5a:1f:f4:db:5d:8e:82:
                    4e:c7:b1:55:76:b4:43:ce:50:06:60:be:d4:6b:d3:
                    e3:aa:5e:d0:51:35:58:af:01:41:dc:86:d0:aa:fa:
                    24:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:2F:36:DD:76:06:52:EC:10:DF:EC:51:5B:6A:B5:C5:E1:59:F1:17
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uy823XYGUuwQ3-xRW2q1xeFZ8Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:a7:0f:a7:2e:62:e6:10:e8:63:b4:92:34:57:c1:8e:a7:fb:
         3c:19:9c:0a:8f:08:45:4c:d6:e8:25:05:67:36:75:3f:d1:48:
         3d:e4:50:d2:0e:bb:60:4b:fd:51:d0:29:a4:b6:01:d6:10:26:
         1c:73:19:dc:c9:f2:cd:0c:a7:59:e6:2a:f1:6e:29:70:7c:d2:
         75:ff:f3:82:05:f9:c1:45:e6:51:83:a7:ba:b5:a7:2d:6b:0d:
         a9:9e:d3:bd:14:73:cb:c6:31:16:65:bf:4b:85:d3:77:7b:21:
         b3:88:3a:81:3a:b5:73:8c:58:8f:0a:e8:b3:8c:25:9c:86:b1:
         b0:0f:5f:cf:b1:33:d0:a8:cb:f0:83:e5:a5:e5:9f:ca:18:13:
         cc:7b:ab:cc:3d:61:9b:e9:a6:cc:88:1c:35:c6:99:36:ec:94:
         d3:16:36:9b:5a:6f:4e:aa:27:f6:d9:88:1a:f4:de:1b:ed:4e:
         95:d9:f4:09:9c:0b:ef:7b:b6:26:c7:3e:88:7d:f7:2d:f4:0c:
         cd:b7:7a:c9:a3:2b:8f:b2:00:39:6c:98:fc:3c:b5:a4:58:c1:
         e4:5c:16:39:5e:d4:9c:61:c0:96:c5:fa:c2:46:6d:b2:46:4d:
         bb:85:f7:38:f6:6d:31:b6:b9:00:31:39:2e:e1:0c:13:b3:a4:
         34:e8:1e:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf02mDNxUW9yhqG9wpeqB7jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNzEwMTUwMDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjJmMzZkZDc2MDY1MmVjMTBkZmVjNTE1YjZhYjVjNWUxNTlmMTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6s3C4VYjb+IUd96WQCOn2tACwBv
EbflQxYwgNSA54tj3TdeL4Vs76zwM40vY1r6Ot9wHkyqFIpbRADLHSYxvoqJTVkX
oZtpTjm8/hC9GSCPnKEfkQeVMz/Cfs+PPTW99muUayFB73tjK8wbqGPq7iqqhvHZ
iygiKNoETNXXXPN39b12KhLl1T4u2s5Xno6QjxTWLRhD+M/WkjlYybDz6zx2tXCy
SSP5R+zdaGUGM7L68ZyfoOtxdRNZRtC4HOGy77v1gxkl5aWJDR1W+fyNuu65e/J6
Nj/Ps1of9NtdjoJOx7FVdrRDzlAGYL7Ua9Pjql7QUTVYrwFB3IbQqvokEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsvNt12BlLsEN/sUVtqtcXhWfEXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdXk4MjNYWUdVdXdRMy14UlcycTF4ZUZaOFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVjNMA0G
CSqGSIb3DQEBCwUAA4IBAQCzpw+nLmLmEOhjtJI0V8GOp/s8GZwKjwhFTNboJQVn
NnU/0Ug95FDSDrtgS/1R0CmktgHWECYccxncyfLNDKdZ5irxbilwfNJ1//OCBfnB
ReZRg6e6tactaw2pntO9FHPLxjEWZb9LhdN3eyGziDqBOrVzjFiPCuizjCWchrGw
D1/PsTPQqMvwg+Wl5Z/KGBPMe6vMPWGb6abMiBw1xpk27JTTFjabWm9Oqif22Yga
9N4b7U6V2fQJnAvve7Ymxz6Iffct9AzNt3rJoyuPsgA5bJj8PLWkWMHkXBY5XtSc
YcCWxfrCRm2yRk27hfc49m0xtrkAMTku4QwTs6Q06B6Y
-----END CERTIFICATE-----