Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KvcIMXlL72iiv_pdjaNjV-mbv3Y.roa
File:                     KvcIMXlL72iiv_pdjaNjV-mbv3Y.roa (raw, json)
Hash identifier:          gjGOOHi9WmP0IDQ9HM+3CtS3Mn4Tv9duS/DRagGnqwU=
Subject key identifier:   2A:F7:08:31:79:4B:EF:68:A2:BF:FA:5D:8D:A3:63:57:E9:9B:BF:76
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0197C5FC68E2099553557B2CF572FA3C3085
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KvcIMXlL72iiv_pdjaNjV-mbv3Y.roa
Signing time:             Tue 01 Jul 2025 12:35:42 +0000
ROA not before:           Tue 01 Jul 2025 12:35:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213702
IP address blocks:        93.123.39.0/24 maxlen: 24
                          141.98.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 16:26:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:fc:68:e2:09:95:53:55:7b:2c:f5:72:fa:3c:30:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul  1 12:35:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2af70831794bef68a2bffa5d8da36357e99bbf76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:68:0e:7f:9a:46:8b:1b:e7:20:1f:6d:44:18:
                    94:d4:8d:0e:c5:cf:bf:f9:7c:e1:77:6f:0c:00:7c:
                    41:38:5a:13:f4:13:af:1b:d0:5d:01:df:71:0f:68:
                    fd:ef:c3:a2:4e:04:b0:df:5e:ee:77:95:47:fe:8b:
                    73:92:56:d9:33:94:3a:81:c1:06:3a:ef:50:1b:6d:
                    32:c8:c4:fb:6a:d1:c2:83:8c:8a:16:a5:a0:e3:41:
                    2f:e6:43:ad:92:c9:67:a9:29:18:4d:40:49:a6:66:
                    1c:c4:8f:78:00:6c:e8:02:da:67:98:73:b2:92:f9:
                    7d:e2:44:da:23:6a:62:59:06:fb:7a:28:f3:d6:7f:
                    43:09:10:80:07:cf:eb:10:98:cb:25:bc:a2:9a:87:
                    f1:b4:f9:cd:21:c9:c0:b7:66:a7:a1:8f:38:f9:8e:
                    6f:e6:f9:2e:26:4d:07:85:a1:87:39:a7:4f:d5:e4:
                    08:37:9d:2e:1c:36:49:c7:b9:46:a2:0e:6d:19:ea:
                    8d:05:8d:6a:6f:58:47:11:3c:f1:90:2e:a6:0b:7b:
                    3a:9f:33:95:8f:c0:33:ac:e0:46:fb:f7:8f:54:46:
                    8f:be:8f:c8:fa:54:a1:fe:5e:c6:18:4b:bd:bf:87:
                    34:cf:55:4a:8d:a4:1d:cc:89:62:4d:e4:a4:7e:a2:
                    2a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F7:08:31:79:4B:EF:68:A2:BF:FA:5D:8D:A3:63:57:E9:9B:BF:76
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KvcIMXlL72iiv_pdjaNjV-mbv3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.39.0/24
                  141.98.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:43:a1:d4:d3:09:e2:b1:75:8b:b8:16:29:62:e7:73:1b:f5:
         5d:a5:88:c8:8a:d9:ad:5f:b8:a0:54:b7:ee:b7:1b:e3:a0:c1:
         4f:7d:d3:a9:df:8d:0e:02:25:85:a2:ff:40:4b:49:2e:a1:d9:
         71:8b:02:b1:a8:62:aa:f5:e1:df:bf:08:72:80:de:ec:e7:8f:
         64:08:ff:c0:b0:a3:8b:b7:67:a5:3f:d9:c8:d6:d2:1e:c5:58:
         77:bd:5a:d9:16:7b:e8:7f:28:10:5b:47:e2:33:0d:4a:71:4f:
         f7:50:87:24:8f:f9:72:f1:b3:f1:03:62:8e:f4:5f:82:e0:a3:
         35:52:c7:76:ed:53:df:d7:d5:7e:5a:07:e1:5a:9e:b3:fb:de:
         a0:da:dd:c3:1c:a0:2e:1b:ff:d8:84:40:c3:86:e7:44:b1:3d:
         53:dd:48:49:4f:79:f1:69:91:a3:2f:99:d4:f3:0b:36:90:b9:
         a8:4d:b1:f7:30:9e:24:96:d1:7c:5f:86:2b:25:41:be:0a:63:
         68:57:af:61:7a:ea:a0:2c:16:06:68:44:ff:c7:1e:48:ab:73:
         12:f1:5e:d2:4e:e5:a7:6f:5c:d7:59:12:fd:a6:4e:59:64:2b:
         4f:51:e7:be:ee:31:09:be:2b:92:d7:ea:4b:56:65:e8:dc:38:
         eb:14:78:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfF/GjiCZVTVXss9XL6PDCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNzAxMTIzNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY3MDgzMTc5NGJlZjY4YTJiZmZhNWQ4ZGEzNjM1N2U5OWJiZjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGgOf5pGixvnIB9tRBiU1I0Oxc+/
+Xzhd28MAHxBOFoT9BOvG9BdAd9xD2j978OiTgSw317ud5VH/otzklbZM5Q6gcEG
Ou9QG20yyMT7atHCg4yKFqWg40Ev5kOtkslnqSkYTUBJpmYcxI94AGzoAtpnmHOy
kvl94kTaI2piWQb7eijz1n9DCRCAB8/rEJjLJbyimofxtPnNIcnAt2anoY84+Y5v
5vkuJk0HhaGHOadP1eQIN50uHDZJx7lGog5tGeqNBY1qb1hHETzxkC6mC3s6nzOV
j8AzrOBG+/ePVEaPvo/I+lSh/l7GGEu9v4c0z1VKjaQdzIliTeSkfqIqIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCr3CDF5S+9oor/6XY2jY1fpm792MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS3ZjSU1YbEw3Mmlpdl9wZGphTmpWLW1idjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXsnAwQA
jWIGMA0GCSqGSIb3DQEBCwUAA4IBAQBpQ6HU0wnisXWLuBYpYudzG/VdpYjIitmt
X7igVLfutxvjoMFPfdOp340OAiWFov9AS0kuodlxiwKxqGKq9eHfvwhygN7s549k
CP/AsKOLt2elP9nI1tIexVh3vVrZFnvofygQW0fiMw1KcU/3UIckj/ly8bPxA2KO
9F+C4KM1Usd27VPf19V+WgfhWp6z+96g2t3DHKAuG//YhEDDhudEsT1T3UhJT3nx
aZGjL5nU8ws2kLmoTbH3MJ4kltF8X4YrJUG+CmNoV69heuqgLBYGaET/xx5Iq3MS
8V7STuWnb1zXWRL9pk5ZZCtPUee+7jEJviuS1+pLVmXo3DjrFHj+
-----END CERTIFICATE-----