Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pxtpTDL3KkbGeH3gtX0OqxJVYUM.roa
File:                     pxtpTDL3KkbGeH3gtX0OqxJVYUM.roa (raw, json)
Hash identifier:          A8HDryXoRcsv0iRWTUJvBeNQIOwNHHkZz5xP/VRXGAc=
Subject key identifier:   A7:1B:69:4C:32:F7:2A:46:C6:78:7D:E0:B5:7D:0E:AB:12:55:61:43
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0197F14484C696C1F6B71BCFB25D61652F8F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pxtpTDL3KkbGeH3gtX0OqxJVYUM.roa
Signing time:             Wed 09 Jul 2025 22:18:08 +0000
ROA not before:           Wed 09 Jul 2025 22:18:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        193.23.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 18:40:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f1:44:84:c6:96:c1:f6:b7:1b:cf:b2:5d:61:65:2f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul  9 22:18:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a71b694c32f72a46c6787de0b57d0eab12556143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:30:68:b0:bc:56:63:47:01:a1:91:54:d7:03:
                    c6:93:ee:a6:58:d4:99:0a:66:0b:38:50:c2:d9:ff:
                    cf:90:72:d0:af:b1:10:19:98:98:93:b7:89:f7:b4:
                    47:b9:21:1d:77:1c:50:95:c4:df:c7:16:39:f2:2f:
                    3e:c8:1e:8a:ec:66:a6:98:bd:77:9b:b2:13:84:7c:
                    b1:7f:00:80:3e:89:a2:af:ba:7c:fb:50:9a:78:4d:
                    d5:c1:11:fd:8e:f7:de:67:b8:2c:2f:b0:a2:bc:85:
                    15:a5:8c:1d:bf:1b:a4:19:69:50:e3:96:20:2e:64:
                    11:fe:c5:dc:ef:17:90:d5:ee:b3:48:e8:d1:3b:59:
                    d6:0a:dd:76:8a:da:2e:7d:58:03:e8:e2:1a:ea:dd:
                    34:44:18:0b:b0:30:92:82:45:10:c4:29:b4:fb:d6:
                    99:9e:8e:5a:ab:74:20:d6:a9:50:ac:54:5a:af:24:
                    2e:d3:e9:b3:ab:21:04:7a:d3:6b:da:19:51:a5:cd:
                    5a:20:7e:d0:d5:68:dd:e9:18:b6:82:4a:75:08:b2:
                    f7:0e:44:20:d3:80:4d:fb:18:cb:31:81:3c:bd:2d:
                    90:b7:e3:a0:d5:e0:54:8e:0a:32:ec:48:19:e9:5f:
                    81:d0:f0:1d:12:a3:42:77:d2:a9:55:1b:df:12:ef:
                    94:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:1B:69:4C:32:F7:2A:46:C6:78:7D:E0:B5:7D:0E:AB:12:55:61:43
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pxtpTDL3KkbGeH3gtX0OqxJVYUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:51:7c:2e:3a:8b:9f:a0:d6:11:ef:7e:38:65:cc:ac:63:ea:
         ec:b2:2f:e0:9e:7e:ab:1c:56:c1:9f:ed:bb:1d:5d:6e:2f:1c:
         c0:ae:f1:9e:7c:33:67:1d:33:1e:c4:49:10:3b:52:77:b3:58:
         6e:c5:91:27:37:94:58:53:c5:79:b6:bd:73:52:78:22:c3:70:
         56:28:d6:5e:b9:fe:fd:cb:ea:12:72:8e:39:04:b3:58:22:7f:
         26:82:37:4c:16:39:ef:94:ad:da:d5:0e:a2:81:90:6f:c1:a8:
         17:c8:97:1b:21:69:09:ab:b5:55:a2:78:d2:e0:4e:59:ca:f6:
         e3:1d:cf:b9:e2:44:a4:07:15:74:1e:fe:25:44:04:f5:9a:cc:
         8b:5c:2c:fd:a3:b0:b3:b2:ac:10:d7:ee:a9:56:ce:89:e7:a1:
         f5:a0:0f:c7:d5:bf:87:a5:ba:96:0e:05:82:b0:ac:36:47:14:
         05:4e:eb:93:9d:6e:70:a9:d8:ba:cb:b4:f5:57:01:cc:4c:1e:
         2c:3e:22:bf:2c:a6:3f:ca:6a:c8:63:bb:97:ca:4e:8c:10:2b:
         34:f6:30:42:3e:fa:37:24:12:2d:f7:9b:e6:75:ba:80:4d:1f:
         e5:df:ec:6e:8a:60:98:f9:f1:be:f9:c0:87:9a:3c:2b:40:d2:
         d7:5f:17:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfxRITGlsH2txvPsl1hZS+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzA5MjIxODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzFiNjk0YzMyZjcyYTQ2YzY3ODdkZTBiNTdkMGVhYjEyNTU2MTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjBosLxWY0cBoZFU1wPGk+6mWNSZ
CmYLOFDC2f/PkHLQr7EQGZiYk7eJ97RHuSEddxxQlcTfxxY58i8+yB6K7GammL13
m7IThHyxfwCAPomir7p8+1CaeE3VwRH9jvfeZ7gsL7CivIUVpYwdvxukGWlQ45Yg
LmQR/sXc7xeQ1e6zSOjRO1nWCt12itoufVgD6OIa6t00RBgLsDCSgkUQxCm0+9aZ
no5aq3Qg1qlQrFRaryQu0+mzqyEEetNr2hlRpc1aIH7Q1Wjd6Ri2gkp1CLL3DkQg
04BN+xjLMYE8vS2Qt+Og1eBUjgoy7EgZ6V+B0PAdEqNCd9KpVRvfEu+UDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcbaUwy9ypGxnh94LV9DqsSVWFDMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcHh0cFRETDNLa2JHZUgzZ3RYME9xeEpWWVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfEMA0G
CSqGSIb3DQEBCwUAA4IBAQCpUXwuOoufoNYR7344ZcysY+rssi/gnn6rHFbBn+27
HV1uLxzArvGefDNnHTMexEkQO1J3s1huxZEnN5RYU8V5tr1zUngiw3BWKNZeuf79
y+oSco45BLNYIn8mgjdMFjnvlK3a1Q6igZBvwagXyJcbIWkJq7VVonjS4E5Zyvbj
Hc+54kSkBxV0Hv4lRAT1msyLXCz9o7CzsqwQ1+6pVs6J56H1oA/H1b+HpbqWDgWC
sKw2RxQFTuuTnW5wqdi6y7T1VwHMTB4sPiK/LKY/ymrIY7uXyk6MECs09jBCPvo3
JBIt95vmdbqATR/l3+xuimCY+fG++cCHmjwrQNLXXxfU
-----END CERTIFICATE-----