Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fwLyS6re1N4KQOvlc2Q4jhn54Eg.roa
File:                     fwLyS6re1N4KQOvlc2Q4jhn54Eg.roa (raw, json)
Hash identifier:          Ir+fAH7Xhzh0aJumoYq3RwlUi8ShLfQWpn7fF+7r17o=
Subject key identifier:   7F:02:F2:4B:AA:DE:D4:DE:0A:40:EB:E5:73:64:38:8E:19:F9:E0:48
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0196DABC86617A8CDCB31CE08D8BE57D14CC
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fwLyS6re1N4KQOvlc2Q4jhn54Eg.roa
Signing time:             Fri 16 May 2025 20:15:10 +0000
ROA not before:           Fri 16 May 2025 20:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        193.23.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:da:bc:86:61:7a:8c:dc:b3:1c:e0:8d:8b:e5:7d:14:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 16 20:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f02f24baaded4de0a40ebe57364388e19f9e048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4a:ef:6c:6f:6a:1b:2e:2c:a3:7a:9a:e2:5c:
                    04:4d:03:c0:27:b2:5e:8e:61:3a:f6:d5:55:a6:a4:
                    50:2e:a8:97:19:06:c3:28:97:64:5c:35:a9:45:8b:
                    05:55:75:8c:e6:8d:9d:f2:19:48:ff:6a:2f:69:3c:
                    0f:91:23:e7:4f:a3:3d:aa:7d:8d:04:33:9e:83:1d:
                    0c:1d:50:0a:86:71:06:25:83:ef:5d:98:77:2f:9c:
                    5d:a4:0a:ea:76:2f:41:0a:c7:75:75:05:12:7a:f4:
                    2d:da:9c:c7:f3:32:8e:19:ce:15:09:f0:e6:e1:b3:
                    c3:5d:10:2c:39:e3:7a:28:c0:36:4b:08:d6:70:41:
                    90:f0:4d:0f:e7:0b:fc:70:81:71:bd:14:df:b4:8c:
                    73:ed:fd:34:58:74:b9:d0:89:4a:e1:5f:67:ca:78:
                    d9:12:7d:83:9d:53:43:50:59:d8:e4:3b:41:fb:07:
                    26:70:aa:d1:84:66:05:66:66:d4:3d:32:3e:23:9f:
                    a1:57:7e:78:7d:29:0d:78:d7:66:f9:a4:c2:4f:14:
                    b9:eb:ae:2d:a1:77:df:d9:f6:b2:9d:9f:3b:7b:68:
                    e4:7e:ec:c8:2f:ef:ea:6e:56:51:cf:99:b1:f0:dc:
                    8f:6f:9a:0f:41:d7:e4:04:85:e1:6a:f1:9f:60:ef:
                    a5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:02:F2:4B:AA:DE:D4:DE:0A:40:EB:E5:73:64:38:8E:19:F9:E0:48
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fwLyS6re1N4KQOvlc2Q4jhn54Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:02:a7:cb:b9:57:67:f2:a4:ab:3e:fc:d3:93:3b:16:b4:31:
         3e:ba:46:40:8f:e9:49:87:4f:b0:28:46:83:93:fc:24:cc:08:
         cd:ef:f7:b6:72:89:a1:d1:0d:f0:6b:26:74:61:4a:12:17:94:
         49:cd:1c:6e:73:eb:2b:98:86:8c:27:07:57:c7:28:6d:80:77:
         9b:95:07:37:73:e7:23:31:1e:5b:0e:4d:de:6d:ee:33:47:a3:
         d5:09:f6:29:86:1d:8d:d3:34:2b:8f:dc:af:70:27:39:95:a2:
         1b:2f:8d:3a:bc:49:74:0a:ac:f4:9b:6f:b5:18:22:a9:24:41:
         d2:20:59:33:71:b3:f4:40:c5:e9:23:9a:0f:45:71:47:3b:c7:
         a8:e1:b6:67:f2:20:5a:6e:10:fb:00:80:71:8b:fc:f6:0d:d9:
         b4:2d:20:ea:65:f4:06:8f:ac:c2:07:88:e0:fc:b7:4f:39:46:
         ca:7f:31:fe:f4:18:28:28:10:af:d1:da:31:0a:e9:c1:00:41:
         99:7c:73:b0:f2:78:2f:d5:b7:c1:b4:4e:18:b6:e8:ef:a9:0d:
         ff:b8:a9:40:b0:a6:27:27:1e:d2:b5:04:4a:16:29:14:5a:68:
         9a:4a:14:ec:09:0f:b8:81:dd:95:10:21:d1:72:2c:ab:a0:17:
         66:83:95:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbavIZheozcsxzgjYvlfRTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNTE2MjAxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjAyZjI0YmFhZGVkNGRlMGE0MGViZTU3MzY0Mzg4ZTE5ZjllMDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50rvbG9qGy4so3qa4lwETQPAJ7Je
jmE69tVVpqRQLqiXGQbDKJdkXDWpRYsFVXWM5o2d8hlI/2ovaTwPkSPnT6M9qn2N
BDOegx0MHVAKhnEGJYPvXZh3L5xdpArqdi9BCsd1dQUSevQt2pzH8zKOGc4VCfDm
4bPDXRAsOeN6KMA2SwjWcEGQ8E0P5wv8cIFxvRTftIxz7f00WHS50IlK4V9nynjZ
En2DnVNDUFnY5DtB+wcmcKrRhGYFZmbUPTI+I5+hV354fSkNeNdm+aTCTxS5664t
oXff2faynZ87e2jkfuzIL+/qblZRz5mx8NyPb5oPQdfkBIXhavGfYO+lswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8C8kuq3tTeCkDr5XNkOI4Z+eBIMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZndMeVM2cmUxTjRLUU92bGMyUTRqaG41NEVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfEMA0G
CSqGSIb3DQEBCwUAA4IBAQAGAqfLuVdn8qSrPvzTkzsWtDE+ukZAj+lJh0+wKEaD
k/wkzAjN7/e2comh0Q3wayZ0YUoSF5RJzRxuc+srmIaMJwdXxyhtgHeblQc3c+cj
MR5bDk3ebe4zR6PVCfYphh2N0zQrj9yvcCc5laIbL406vEl0Cqz0m2+1GCKpJEHS
IFkzcbP0QMXpI5oPRXFHO8eo4bZn8iBabhD7AIBxi/z2Ddm0LSDqZfQGj6zCB4jg
/LdPOUbKfzH+9BgoKBCv0doxCunBAEGZfHOw8ngv1bfBtE4YtujvqQ3/uKlAsKYn
Jx7StQRKFikUWmiaShTsCQ+4gd2VECHRciyroBdmg5Ue
-----END CERTIFICATE-----