Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Td-WglVtOR33q4LJNUEVKMpegDM.roa
File:                     Td-WglVtOR33q4LJNUEVKMpegDM.roa (raw, json)
Hash identifier:          afVZdQYi8e7Am29dfmCx77ehfUpK9134ekKDcSxuY2I=
Subject key identifier:   4D:DF:96:82:55:6D:39:1D:F7:AB:82:C9:35:41:15:28:CA:5E:80:33
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01994E2E373440C6DE8998405DC80153ED8F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Td-WglVtOR33q4LJNUEVKMpegDM.roa
Signing time:             Mon 15 Sep 2025 16:21:15 +0000
ROA not before:           Mon 15 Sep 2025 16:21:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399471
IP address blocks:        144.31.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 15:33:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:2e:37:34:40:c6:de:89:98:40:5d:c8:01:53:ed:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Sep 15 16:21:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ddf9682556d391df7ab82c935411528ca5e8033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:71:16:84:39:5d:77:76:74:af:b6:5e:0b:85:
                    37:d3:c9:f0:8d:94:c7:92:cc:c2:26:db:40:2c:9d:
                    06:6a:69:19:3e:6a:15:96:48:69:ad:cc:55:f6:f3:
                    c5:37:a5:02:9c:e8:00:7f:db:32:ba:d3:ad:dc:8b:
                    8d:c9:4a:7a:bb:6a:53:a7:c0:de:4b:22:83:06:21:
                    d9:d1:ac:1b:bd:ed:bb:8b:74:a4:25:44:60:12:de:
                    b8:ff:1b:61:2e:04:26:d5:8c:e3:22:f4:ab:54:d3:
                    be:a1:de:67:c2:35:dc:57:8e:40:1c:2b:68:7f:50:
                    1b:11:f4:d9:52:c5:d3:b4:83:87:65:85:07:60:a7:
                    0a:fb:f5:ba:ed:01:a9:9c:72:73:de:e7:0e:56:8f:
                    24:eb:0d:5a:71:29:4c:6e:45:36:0e:ba:6c:df:a5:
                    fc:44:25:80:c9:fc:5a:3b:3f:ee:7f:82:c9:28:01:
                    9b:c6:43:b0:2c:7b:1a:8d:60:8b:1f:d7:48:84:3a:
                    0d:7a:41:65:a7:9d:9e:34:49:ab:bc:b9:14:c9:d2:
                    7d:67:b0:35:00:7e:67:34:71:9a:b2:d1:f5:1b:d7:
                    eb:da:3e:78:5f:ef:bc:d3:65:f6:ce:7a:a9:26:5b:
                    fe:9d:b9:f1:bd:79:5b:68:11:49:53:90:10:74:a5:
                    6b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:DF:96:82:55:6D:39:1D:F7:AB:82:C9:35:41:15:28:CA:5E:80:33
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Td-WglVtOR33q4LJNUEVKMpegDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:f6:0a:c4:57:22:9e:20:90:71:c8:0a:0b:a2:00:24:c5:89:
         a2:ac:15:02:da:f9:55:f6:8d:05:de:f4:b6:aa:33:de:61:37:
         93:a3:6b:6e:26:e2:74:27:d7:41:83:90:cc:cd:5f:f9:e9:ff:
         07:cd:d9:3e:40:3b:f3:ae:25:08:0b:40:b4:bb:a9:6d:ff:96:
         96:90:ae:04:38:c2:97:d1:43:07:a2:a6:e6:8b:88:3c:e3:40:
         de:1e:4e:d3:cc:20:d1:35:ce:eb:4f:d2:2f:57:a9:4c:55:4c:
         40:b6:76:56:65:f4:99:a5:2b:bb:e5:de:34:1e:6e:50:80:68:
         e7:9c:72:28:f2:a7:85:ee:d9:2f:da:26:4f:26:37:b0:33:e3:
         a5:c9:b6:a5:26:16:73:ff:1c:87:5b:cc:59:bf:b8:3b:fc:22:
         ff:3a:06:f6:65:58:2f:02:b0:7b:a9:af:8e:24:f1:e5:2e:ff:
         e4:bf:e3:d6:60:37:f6:21:0e:c6:d6:0c:8f:1a:62:1d:a7:24:
         1b:35:22:ed:14:03:97:31:8d:b6:74:12:10:fc:7e:5e:32:13:
         19:8c:9d:72:44:bc:48:73:39:23:f1:6e:13:07:e5:87:1b:d6:
         e6:91:73:8b:57:4b:a2:3f:2a:35:6e:a1:4d:4c:96:5b:a0:cc:
         f9:aa:b9:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlOLjc0QMbeiZhAXcgBU+2PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwOTE1MTYyMTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGRmOTY4MjU1NmQzOTFkZjdhYjgyYzkzNTQxMTUyOGNhNWU4MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXEWhDldd3Z0r7ZeC4U308nwjZTH
kszCJttALJ0GamkZPmoVlkhprcxV9vPFN6UCnOgAf9syutOt3IuNyUp6u2pTp8De
SyKDBiHZ0awbve27i3SkJURgEt64/xthLgQm1YzjIvSrVNO+od5nwjXcV45AHCto
f1AbEfTZUsXTtIOHZYUHYKcK+/W67QGpnHJz3ucOVo8k6w1acSlMbkU2Drps36X8
RCWAyfxaOz/uf4LJKAGbxkOwLHsajWCLH9dIhDoNekFlp52eNEmrvLkUydJ9Z7A1
AH5nNHGastH1G9fr2j54X++802X2znqpJlv+nbnxvXlbaBFJU5AQdKVr5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3floJVbTkd96uCyTVBFSjKXoAzMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVGQtV2dsVnRPUjMzcTRMSk5VRVZLTXBlZ0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkB+gMA0G
CSqGSIb3DQEBCwUAA4IBAQB69grEVyKeIJBxyAoLogAkxYmirBUC2vlV9o0F3vS2
qjPeYTeTo2tuJuJ0J9dBg5DMzV/56f8Hzdk+QDvzriUIC0C0u6lt/5aWkK4EOMKX
0UMHoqbmi4g840DeHk7TzCDRNc7rT9IvV6lMVUxAtnZWZfSZpSu75d40Hm5QgGjn
nHIo8qeF7tkv2iZPJjewM+OlybalJhZz/xyHW8xZv7g7/CL/Ogb2ZVgvArB7qa+O
JPHlLv/kv+PWYDf2IQ7G1gyPGmIdpyQbNSLtFAOXMY22dBIQ/H5eMhMZjJ1yRLxI
czkj8W4TB+WHG9bmkXOLV0uiPyo1bqFNTJZboMz5qrm0
-----END CERTIFICATE-----