Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/clGGL9s85YgTAJ-RMjz5lCzOP5g.roa
File:                     clGGL9s85YgTAJ-RMjz5lCzOP5g.roa (raw, json)
Hash identifier:          xPkxg9x/lb7QNTjqVIebB4jEI4Q8WiVxGZsDwX+/iUM=
Subject key identifier:   72:51:86:2F:DB:3C:E5:88:13:00:9F:91:32:3C:F9:94:2C:CE:3F:98
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019571C5C0262A4945AEC15EAE5E84E3C3A9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/clGGL9s85YgTAJ-RMjz5lCzOP5g.roa
Signing time:             Fri 07 Mar 2025 18:02:19 +0000
ROA not before:           Fri 07 Mar 2025 18:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214079
IP address blocks:        193.23.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:71:c5:c0:26:2a:49:45:ae:c1:5e:ae:5e:84:e3:c3:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar  7 18:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7251862fdb3ce58813009f91323cf9942cce3f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c7:cf:85:53:6c:05:37:1e:29:97:96:db:9b:
                    46:af:10:87:d4:ba:5f:c9:e0:96:c6:33:e6:88:7f:
                    82:b5:ce:8b:2e:9e:24:6c:7d:45:9b:6f:87:2a:a3:
                    f9:91:81:eb:0f:c7:58:07:bd:2d:4f:37:a1:b6:6c:
                    04:55:5a:ad:d5:ed:6f:d0:82:6c:04:65:3a:b7:1a:
                    9e:82:55:48:ea:47:36:40:06:96:05:ab:27:da:4d:
                    e9:26:69:3a:a7:78:66:67:6c:79:21:29:76:c3:c9:
                    28:9c:ae:58:48:28:9b:7f:a5:fb:59:da:34:d3:77:
                    69:48:3a:71:92:cb:2b:02:bd:77:49:63:c6:59:56:
                    92:31:d1:aa:80:34:9e:2b:75:fb:a6:ca:36:a2:4d:
                    04:6a:d0:a9:83:09:27:6a:42:41:90:b1:74:11:9b:
                    f3:d3:39:cf:41:a3:18:ad:04:8d:79:2f:eb:ad:1f:
                    a0:d0:fe:cd:30:6f:20:ee:04:5d:da:ca:b2:64:97:
                    ae:fb:e6:b8:87:f8:aa:b1:4e:b9:53:12:33:ae:4d:
                    c5:fd:53:8e:af:37:f8:89:da:61:65:a3:3d:98:ce:
                    f4:13:77:a9:1d:24:e4:e5:c2:1e:6c:24:41:e5:16:
                    fe:da:c4:c1:07:61:e9:86:54:8c:8c:b2:63:db:81:
                    72:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:51:86:2F:DB:3C:E5:88:13:00:9F:91:32:3C:F9:94:2C:CE:3F:98
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/clGGL9s85YgTAJ-RMjz5lCzOP5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:d7:7d:53:b8:2a:c1:be:59:b8:d7:49:f4:23:08:07:f3:43:
         d1:d7:5e:28:ea:83:0d:33:ae:71:9b:17:d2:ec:27:7c:66:2d:
         c2:49:b2:61:a0:49:39:88:89:2a:20:90:a6:3b:35:fd:a7:52:
         c1:a7:cb:af:08:77:da:da:07:b4:a8:d3:c7:04:b4:2a:b3:dc:
         0b:1a:2b:78:9e:31:9e:9b:77:49:35:0b:cf:98:ad:b9:19:c3:
         30:56:23:34:2f:ff:34:3f:0e:83:c9:0f:78:cc:8c:f4:8a:bd:
         55:a0:c0:b9:bf:4f:78:79:82:32:e1:fb:98:7a:e6:5b:3c:b9:
         5a:ac:a7:f2:e2:59:d7:8d:5e:74:4f:63:54:06:e1:33:8c:8c:
         29:e7:fd:2e:a9:66:a7:5c:71:12:73:f0:1f:85:83:ca:8c:47:
         8f:c5:b2:60:f4:52:be:66:c9:5e:1b:e7:23:88:85:13:30:c1:
         e4:bc:bd:ba:47:2d:f8:47:0e:aa:d5:82:76:9d:c3:76:24:bd:
         12:a4:c8:b5:74:48:a4:cb:21:5e:db:20:ec:ab:f3:5a:89:a5:
         9d:79:e3:fe:7c:c6:cf:fd:a0:2b:af:b8:68:86:98:52:70:db:
         b8:74:f7:ae:16:65:64:ad:cf:1b:28:bb:8e:06:cf:7b:d1:b7:
         d6:8c:91:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVxxcAmKklFrsFerl6E48OpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzA3MTgwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjUxODYyZmRiM2NlNTg4MTMwMDlmOTEzMjNjZjk5NDJjY2UzZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMfPhVNsBTceKZeW25tGrxCH1Lpf
yeCWxjPmiH+Ctc6LLp4kbH1Fm2+HKqP5kYHrD8dYB70tTzehtmwEVVqt1e1v0IJs
BGU6txqeglVI6kc2QAaWBasn2k3pJmk6p3hmZ2x5ISl2w8konK5YSCibf6X7Wdo0
03dpSDpxkssrAr13SWPGWVaSMdGqgDSeK3X7pso2ok0EatCpgwknakJBkLF0EZvz
0znPQaMYrQSNeS/rrR+g0P7NMG8g7gRd2sqyZJeu++a4h/iqsU65UxIzrk3F/VOO
rzf4idphZaM9mM70E3epHSTk5cIebCRB5Rb+2sTBB2HphlSMjLJj24FyuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJRhi/bPOWIEwCfkTI8+ZQszj+YMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvY2xHR0w5czg1WWdUQUotUk1qejVsQ3pPUDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfcMA0G
CSqGSIb3DQEBCwUAA4IBAQBm131TuCrBvlm410n0IwgH80PR114o6oMNM65xmxfS
7Cd8Zi3CSbJhoEk5iIkqIJCmOzX9p1LBp8uvCHfa2ge0qNPHBLQqs9wLGit4njGe
m3dJNQvPmK25GcMwViM0L/80Pw6DyQ94zIz0ir1VoMC5v094eYIy4fuYeuZbPLla
rKfy4lnXjV50T2NUBuEzjIwp5/0uqWanXHESc/AfhYPKjEePxbJg9FK+ZsleG+cj
iIUTMMHkvL26Ry34Rw6q1YJ2ncN2JL0SpMi1dEikyyFe2yDsq/NaiaWdeeP+fMbP
/aArr7hohphScNu4dPeuFmVkrc8bKLuOBs970bfWjJGk
-----END CERTIFICATE-----