Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zAVxvux3Ij4Ln78b1yGsEJeiCfQ.roa
File:                     zAVxvux3Ij4Ln78b1yGsEJeiCfQ.roa (raw, json)
Hash identifier:          3NnVEWj3eRCtReW6v/aye01x2yi/QEBSea/+eiByuhc=
Subject key identifier:   CC:05:71:BE:EC:77:22:3E:0B:9F:BF:1B:D7:21:AC:10:97:A2:09:F4
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0195D99E5FE6A090680158A2A2542DC4517F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zAVxvux3Ij4Ln78b1yGsEJeiCfQ.roa
Signing time:             Thu 27 Mar 2025 21:59:49 +0000
ROA not before:           Thu 27 Mar 2025 21:59:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        193.23.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d9:9e:5f:e6:a0:90:68:01:58:a2:a2:54:2d:c4:51:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 27 21:59:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc0571beec77223e0b9fbf1bd721ac1097a209f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4c:28:c3:ea:9d:18:dc:7c:09:59:a0:c3:b8:
                    8c:34:55:0a:0b:eb:76:f8:e0:3d:c5:d1:88:cc:7b:
                    55:2d:54:11:8a:91:94:3e:02:c1:c9:ec:58:19:eb:
                    ed:e4:49:d0:9b:ae:4a:f5:08:f7:47:88:28:89:ef:
                    bd:f9:9e:d9:1a:12:c1:cb:02:fa:f4:36:72:58:63:
                    ab:9e:52:9b:15:55:5a:1a:8a:50:ac:52:dd:43:cc:
                    31:e4:d3:29:b8:0b:2c:57:7d:26:df:71:87:1b:38:
                    4b:f8:de:e8:b5:c4:43:b0:2e:57:3d:ee:fc:69:34:
                    9e:ef:18:4c:e2:bf:37:8e:ba:c2:b1:66:a8:e2:63:
                    87:e3:dd:d6:8b:8e:f3:bb:c2:00:5d:14:77:fd:b1:
                    ef:db:21:bb:59:a8:e0:48:fe:3c:79:ec:57:a3:d3:
                    b5:8c:53:76:39:28:ac:42:86:39:6f:7f:15:40:c8:
                    8e:71:fd:5e:33:61:fc:bb:e8:cb:25:63:66:b2:b1:
                    8f:aa:e7:25:cd:18:1c:97:4d:ee:e0:65:b9:e2:f6:
                    a7:d4:f2:94:bb:0a:d9:01:15:f9:9f:65:81:ac:99:
                    dc:0a:3f:c9:e6:c6:88:7c:74:68:59:d5:a6:0d:3e:
                    98:44:89:0c:7d:06:79:90:de:25:ea:4e:a3:d5:e0:
                    ae:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:05:71:BE:EC:77:22:3E:0B:9F:BF:1B:D7:21:AC:10:97:A2:09:F4
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zAVxvux3Ij4Ln78b1yGsEJeiCfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:b7:42:c6:b8:e8:c8:7f:53:ae:e5:cc:4c:6e:68:96:40:5a:
         7d:37:04:4a:e5:15:37:e1:77:6c:59:34:c8:aa:2f:f4:be:21:
         5c:a0:f7:b5:92:f8:98:af:ff:80:d0:c1:3f:57:81:fa:c5:de:
         ab:21:8c:af:0c:1d:3f:56:fa:80:1c:5e:37:30:03:b8:e2:5b:
         a1:b9:5d:1c:4e:d3:bd:05:08:0e:e7:59:3c:69:48:77:c9:3f:
         d7:b2:d2:8e:35:82:4c:e8:40:ae:6f:c5:7b:3b:5f:20:ba:13:
         38:66:3f:d7:56:57:dc:1e:8f:f9:18:04:9f:bc:cf:ad:a0:a6:
         fa:98:22:1e:63:0e:0f:5d:3c:db:03:d6:cd:7b:94:ba:4b:6a:
         1a:c3:4a:45:c7:62:0e:09:1a:50:79:b0:02:06:8f:02:1b:21:
         a5:44:fd:a7:cd:50:c9:95:2b:a8:c2:3b:35:73:5e:b0:1b:5f:
         14:d0:16:92:50:cd:bc:08:9f:8f:e4:1c:a6:a6:eb:6c:30:b1:
         2c:53:a5:f5:de:4f:97:70:6f:21:b2:f2:0b:a5:35:2b:e1:22:
         01:3b:71:c0:ad:7b:2f:26:ce:f1:ef:f3:e4:4f:c6:26:71:6a:
         82:f9:ba:27:07:d1:ae:9c:b0:9e:15:12:28:cb:7d:30:76:5c:
         52:91:26:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXZnl/moJBoAViiolQtxFF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzI3MjE1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzA1NzFiZWVjNzcyMjNlMGI5ZmJmMWJkNzIxYWMxMDk3YTIwOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkwow+qdGNx8CVmgw7iMNFUKC+t2
+OA9xdGIzHtVLVQRipGUPgLByexYGevt5EnQm65K9Qj3R4goie+9+Z7ZGhLBywL6
9DZyWGOrnlKbFVVaGopQrFLdQ8wx5NMpuAssV30m33GHGzhL+N7otcRDsC5XPe78
aTSe7xhM4r83jrrCsWao4mOH493Wi47zu8IAXRR3/bHv2yG7WajgSP48eexXo9O1
jFN2OSisQoY5b38VQMiOcf1eM2H8u+jLJWNmsrGPquclzRgcl03u4GW54van1PKU
uwrZARX5n2WBrJncCj/J5saIfHRoWdWmDT6YRIkMfQZ5kN4l6k6j1eCuXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwFcb7sdyI+C5+/G9chrBCXogn0MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvekFWeHZ1eDNJajRMbjc4YjF5R3NFSmVpQ2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRffMA0G
CSqGSIb3DQEBCwUAA4IBAQA0t0LGuOjIf1Ou5cxMbmiWQFp9NwRK5RU34XdsWTTI
qi/0viFcoPe1kviYr/+A0ME/V4H6xd6rIYyvDB0/VvqAHF43MAO44luhuV0cTtO9
BQgO51k8aUh3yT/XstKONYJM6ECub8V7O18guhM4Zj/XVlfcHo/5GASfvM+toKb6
mCIeYw4PXTzbA9bNe5S6S2oaw0pFx2IOCRpQebACBo8CGyGlRP2nzVDJlSuowjs1
c16wG18U0BaSUM28CJ+P5BymputsMLEsU6X13k+XcG8hsvILpTUr4SIBO3HArXsv
Js7x7/PkT8YmcWqC+bonB9GunLCeFRIoy30wdlxSkSaO
-----END CERTIFICATE-----