Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/HCOLyamTy_fy8T-t6CxYAk7SRPA.roa
File:                     HCOLyamTy_fy8T-t6CxYAk7SRPA.roa (raw, json)
Hash identifier:          Hp5AjlrQzHZpllHKSBSY2o6OMHNShj/eKeyHUMPtCFI=
Subject key identifier:   1C:23:8B:C9:A9:93:CB:F7:F2:F1:3F:AD:E8:2C:58:02:4E:D2:44:F0
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       01970DED254D802AE4B062B9AA7D0D2209CB
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/HCOLyamTy_fy8T-t6CxYAk7SRPA.roa
Signing time:             Mon 26 May 2025 18:48:54 +0000
ROA not before:           Mon 26 May 2025 18:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        31.22.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0d:ed:25:4d:80:2a:e4:b0:62:b9:aa:7d:0d:22:09:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: May 26 18:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c238bc9a993cbf7f2f13fade82c58024ed244f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:73:5f:1f:17:65:4a:00:db:b0:83:96:73:13:
                    9c:c3:6b:cc:0d:03:59:3d:e9:0a:d6:c1:22:ae:b2:
                    1f:2d:7a:72:19:6f:39:f9:fb:2f:dd:b9:3d:99:ed:
                    08:a0:3c:5c:eb:40:ba:48:e2:2a:27:5a:c8:ea:06:
                    dd:90:0f:2f:b3:9d:f5:9d:64:b5:19:ed:fa:dc:d5:
                    e4:02:93:88:14:04:a2:bd:16:e4:1a:2e:18:ec:75:
                    ce:98:65:a9:72:1b:13:c5:37:93:5a:f7:71:fd:72:
                    68:f9:5a:49:04:08:2b:1e:f7:39:91:02:d5:35:1a:
                    03:f0:4c:0a:b8:a0:fd:29:a4:a0:f1:a6:63:d1:6e:
                    8b:1e:ba:e9:34:24:b7:03:12:85:b8:8b:c0:1d:ce:
                    af:c7:82:21:db:f3:64:d2:6f:c2:60:bf:e5:dc:6b:
                    bf:91:a2:d1:e2:f8:3e:fd:d3:f3:16:03:8e:0b:b1:
                    ec:54:48:2c:9d:19:04:b8:01:a8:ed:d6:73:2a:12:
                    82:e6:3a:47:ec:0f:81:d8:4b:2f:c3:1a:60:14:54:
                    d3:3a:6c:6f:52:ed:4b:f5:91:92:bb:d2:79:b8:bb:
                    d1:fa:36:b6:30:ae:b6:4b:f1:81:29:e1:ce:f5:4a:
                    15:45:d4:58:d5:2f:20:9a:b2:29:a5:5f:6d:42:71:
                    20:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:23:8B:C9:A9:93:CB:F7:F2:F1:3F:AD:E8:2C:58:02:4E:D2:44:F0
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/HCOLyamTy_fy8T-t6CxYAk7SRPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:8f:f3:db:49:69:23:3f:96:ea:92:48:fa:1d:c4:64:e7:14:
         0d:07:14:51:a4:1c:f2:2a:45:4f:fe:ea:e2:72:2a:c1:ab:e2:
         03:7c:cf:1f:ba:23:bc:7c:1e:3d:f0:3e:6c:6a:37:08:3f:bf:
         cb:96:d0:10:90:c7:e4:08:31:fe:07:6a:c8:d6:8f:fc:53:10:
         00:f4:a2:a3:f9:ac:b2:87:60:f5:ee:c5:43:2a:c4:43:c1:f5:
         ae:89:54:3d:c8:97:f4:fd:aa:3f:be:e0:af:5b:e4:22:0b:d1:
         45:a8:53:f1:95:de:c1:9e:0d:63:85:19:a9:a1:fe:0f:30:57:
         3b:ea:f7:2a:17:52:fc:ad:0a:7b:22:5d:e6:a8:b3:2d:8e:16:
         8b:90:8d:51:25:01:95:2b:ab:22:2c:39:35:98:60:eb:b1:b2:
         ce:c1:dc:2e:3a:ad:39:91:7b:ca:00:5e:2c:1d:92:30:44:71:
         6b:83:d1:e9:84:9a:e0:3c:8e:09:42:fa:28:77:bb:f2:d1:61:
         d8:97:69:72:6d:9a:82:cf:d6:72:86:b1:0d:57:de:a8:f6:6b:
         9b:ac:66:17:80:dc:a4:24:1f:b8:dc:b0:3f:79:a6:c1:96:f7:
         ca:50:5d:36:e8:5a:5a:7c:a6:b9:67:45:1e:71:b1:3d:ae:a0:
         99:94:ff:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcN7SVNgCrksGK5qn0NIgnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwNTI2MTg0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIzOGJjOWE5OTNjYmY3ZjJmMTNmYWRlODJjNTgwMjRlZDI0NGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHNfHxdlSgDbsIOWcxOcw2vMDQNZ
PekK1sEirrIfLXpyGW85+fsv3bk9me0IoDxc60C6SOIqJ1rI6gbdkA8vs531nWS1
Ge363NXkApOIFASivRbkGi4Y7HXOmGWpchsTxTeTWvdx/XJo+VpJBAgrHvc5kQLV
NRoD8EwKuKD9KaSg8aZj0W6LHrrpNCS3AxKFuIvAHc6vx4Ih2/Nk0m/CYL/l3Gu/
kaLR4vg+/dPzFgOOC7HsVEgsnRkEuAGo7dZzKhKC5jpH7A+B2EsvwxpgFFTTOmxv
Uu1L9ZGSu9J5uLvR+ja2MK62S/GBKeHO9UoVRdRY1S8gmrIppV9tQnEgRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwji8mpk8v38vE/regsWAJO0kTwMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvSENPTHlhbVR5X2Z5OFQtdDZDeFlBazdTUlBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxZJMA0G
CSqGSIb3DQEBCwUAA4IBAQALj/PbSWkjP5bqkkj6HcRk5xQNBxRRpBzyKkVP/uri
cirBq+IDfM8fuiO8fB498D5sajcIP7/LltAQkMfkCDH+B2rI1o/8UxAA9KKj+ayy
h2D17sVDKsRDwfWuiVQ9yJf0/ao/vuCvW+QiC9FFqFPxld7Bng1jhRmpof4PMFc7
6vcqF1L8rQp7Il3mqLMtjhaLkI1RJQGVK6siLDk1mGDrsbLOwdwuOq05kXvKAF4s
HZIwRHFrg9HphJrgPI4JQvood7vy0WHYl2lybZqCz9ZyhrENV96o9mubrGYXgNyk
JB+43LA/eabBlvfKUF026FpafKa5Z0UecbE9rqCZlP/s
-----END CERTIFICATE-----