Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/19QMGvoiqCUYesJIaT9TniQ39JQ.roa
File:                     19QMGvoiqCUYesJIaT9TniQ39JQ.roa (raw, json)
Hash identifier:          2NeiSYtbnk4i1iOmcdbK3JyfQ1u4yna+0l4g433qTxE=
Subject key identifier:   D7:D4:0C:1A:FA:22:A8:25:18:7A:C2:48:69:3F:53:9E:24:37:F4:94
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01989F4D10DA1143AFB70F76900FA7C98F51
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/19QMGvoiqCUYesJIaT9TniQ39JQ.roa
Signing time:             Tue 12 Aug 2025 17:21:24 +0000
ROA not before:           Tue 12 Aug 2025 17:21:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        193.23.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 03:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9f:4d:10:da:11:43:af:b7:0f:76:90:0f:a7:c9:8f:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Aug 12 17:21:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7d40c1afa22a825187ac248693f539e2437f494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4f:77:07:9f:6f:5f:5c:b7:9e:3a:e9:e6:aa:
                    94:23:fc:eb:eb:26:94:80:58:09:04:53:74:19:af:
                    9d:4b:2b:75:c3:3e:b7:08:51:36:04:c7:82:dc:82:
                    c3:ee:78:94:00:3d:01:6b:20:69:77:78:25:e6:0e:
                    b9:59:0e:3e:08:62:28:b1:c7:30:a8:39:3e:c7:f3:
                    0d:98:05:5f:3d:a3:6c:6c:2f:22:0b:77:fa:a5:43:
                    f2:b1:e7:f1:04:1f:88:f8:34:e0:36:33:d8:3b:ea:
                    d9:1d:d2:f0:a1:ac:3b:e1:ed:73:d2:19:b8:98:18:
                    00:8d:41:21:7e:0c:56:44:9d:0f:70:f4:24:cc:02:
                    a0:a9:db:da:88:09:08:a3:ae:57:8b:3b:5f:72:c2:
                    a0:da:cb:8e:7d:9b:0c:91:8b:66:c8:5d:91:5a:9d:
                    bc:bc:6f:ac:35:d5:00:16:d0:ba:51:5f:74:dd:ba:
                    72:16:db:8c:02:02:66:2b:3e:91:4f:e8:5e:4f:a1:
                    f3:2f:2a:d9:39:32:7f:a2:e6:8d:cc:31:76:01:e5:
                    b3:b6:24:91:c8:7d:69:88:37:3b:02:12:d6:58:17:
                    63:0a:14:60:b1:d7:82:fc:7d:e9:db:39:64:8e:cb:
                    ee:72:42:cb:c7:32:d3:1b:9c:bc:84:c0:aa:ad:af:
                    0b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D4:0C:1A:FA:22:A8:25:18:7A:C2:48:69:3F:53:9E:24:37:F4:94
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/19QMGvoiqCUYesJIaT9TniQ39JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:2c:82:e6:bb:8e:2d:a1:09:1d:25:06:de:31:63:11:ca:f3:
         0f:24:46:63:f3:71:90:bb:c5:37:7e:70:a5:9b:7e:23:42:bb:
         04:9b:a8:54:cc:7f:5a:4b:b7:2a:1b:6e:91:21:cc:0c:62:11:
         12:d5:99:88:db:51:d4:22:a5:c8:23:76:75:5f:26:9c:27:fa:
         2f:b7:42:31:d7:04:a0:09:e1:41:83:67:a2:ba:20:ed:5e:21:
         ac:64:28:50:4b:d3:44:b7:0a:0b:2c:0d:0a:f7:b1:b5:28:f1:
         aa:8d:dc:df:e2:d8:94:59:dd:e2:88:72:51:f7:c2:c0:7b:7d:
         16:f8:f1:90:39:33:42:df:ab:9f:f1:0f:d7:19:39:b1:72:a7:
         37:a1:eb:a8:09:86:41:6e:22:24:1d:3c:f7:d5:98:78:94:48:
         53:9f:65:7c:55:08:f5:76:1b:a9:5a:1f:70:2b:f7:88:54:a7:
         74:c4:3d:24:f3:90:1c:04:06:1d:9e:5e:5d:ab:f4:13:fe:b3:
         ad:af:22:9f:6b:f6:04:d4:6d:31:9b:a8:5e:03:77:c8:12:74:
         56:33:8a:16:e7:95:67:3e:8b:60:7b:7e:9f:72:69:7e:5f:25:
         e7:25:91:79:69:ec:60:b0:19:4a:52:9b:54:21:ab:70:e0:ad:
         36:af:65:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZifTRDaEUOvtw92kA+nyY9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODEyMTcyMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Q0MGMxYWZhMjJhODI1MTg3YWMyNDg2OTNmNTM5ZTI0MzdmNDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqU93B59vX1y3njrp5qqUI/zr6yaU
gFgJBFN0Ga+dSyt1wz63CFE2BMeC3ILD7niUAD0BayBpd3gl5g65WQ4+CGIosccw
qDk+x/MNmAVfPaNsbC8iC3f6pUPysefxBB+I+DTgNjPYO+rZHdLwoaw74e1z0hm4
mBgAjUEhfgxWRJ0PcPQkzAKgqdvaiAkIo65XiztfcsKg2suOfZsMkYtmyF2RWp28
vG+sNdUAFtC6UV903bpyFtuMAgJmKz6RT+heT6HzLyrZOTJ/ouaNzDF2AeWztiSR
yH1piDc7AhLWWBdjChRgsdeC/H3p2zlkjsvuckLLxzLTG5y8hMCqra8L9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfUDBr6IqglGHrCSGk/U54kN/SUMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMTlRTUd2b2lxQ1VZZXNKSWFUOVRuaVEzOUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfZMA0G
CSqGSIb3DQEBCwUAA4IBAQADLILmu44toQkdJQbeMWMRyvMPJEZj83GQu8U3fnCl
m34jQrsEm6hUzH9aS7cqG26RIcwMYhES1ZmI21HUIqXII3Z1XyacJ/ovt0Ix1wSg
CeFBg2eiuiDtXiGsZChQS9NEtwoLLA0K97G1KPGqjdzf4tiUWd3iiHJR98LAe30W
+PGQOTNC36uf8Q/XGTmxcqc3oeuoCYZBbiIkHTz31Zh4lEhTn2V8VQj1dhupWh9w
K/eIVKd0xD0k85AcBAYdnl5dq/QT/rOtryKfa/YE1G0xm6heA3fIEnRWM4oW55Vn
Potge36fcml+XyXnJZF5aexgsBlKUptUIatw4K02r2WL
-----END CERTIFICATE-----