Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ceb4cb-2ea7-42d0-bb2a-5dac63784058/1/I6b16o_Ase2s-4OxbTzP2XU7AO8.roa
File:                     I6b16o_Ase2s-4OxbTzP2XU7AO8.roa (raw, json)
Hash identifier:          6HiWXRxkCGNhrpcrbbFpGCz17IhI/bbEhWJf+70NeCQ=
Subject key identifier:   23:A6:F5:EA:8F:C0:B1:ED:AC:FB:83:B1:6D:3C:CF:D9:75:3B:00:EF
Certificate issuer:       /CN=e2d195614eee4a2dbb51f5b21e69d16c4e1441af
Certificate serial:       019690F272CFBB759344B232772BBD813E7E
Authority key identifier: E2:D1:95:61:4E:EE:4A:2D:BB:51:F5:B2:1E:69:D1:6C:4E:14:41:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tGVYU7uSi27UfWyHmnRbE4UQa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ceb4cb-2ea7-42d0-bb2a-5dac63784058/1/I6b16o_Ase2s-4OxbTzP2XU7AO8.roa
Signing time:             Fri 02 May 2025 12:22:10 +0000
ROA not before:           Fri 02 May 2025 12:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38915
IP address blocks:        193.203.220.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ceb4cb-2ea7-42d0-bb2a-5dac63784058/1/4tGVYU7uSi27UfWyHmnRbE4UQa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ceb4cb-2ea7-42d0-bb2a-5dac63784058/1/4tGVYU7uSi27UfWyHmnRbE4UQa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tGVYU7uSi27UfWyHmnRbE4UQa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 09:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:90:f2:72:cf:bb:75:93:44:b2:32:77:2b:bd:81:3e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d195614eee4a2dbb51f5b21e69d16c4e1441af
        Validity
            Not Before: May  2 12:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23a6f5ea8fc0b1edacfb83b16d3ccfd9753b00ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ef:3f:30:7b:6d:b2:cf:39:a0:e7:2e:49:69:
                    5b:67:5c:7d:19:24:82:39:55:08:79:00:0e:96:a3:
                    f1:0a:b5:a0:ca:ea:8a:e1:16:a9:b1:bb:9d:a4:ab:
                    71:e6:c2:8e:53:67:f9:af:8c:b6:1f:bf:0e:bc:bc:
                    fe:ef:3b:ae:3e:00:1a:ac:f3:8c:7f:05:3a:b2:4d:
                    79:88:c7:1d:5c:5a:2c:11:ca:36:33:4f:71:29:a5:
                    0c:7a:d5:ac:79:05:e1:45:ff:bd:06:56:ec:89:1c:
                    b0:9b:55:15:30:52:e8:01:b6:4f:b0:a2:7e:c0:6e:
                    3d:d8:ba:ff:33:13:6f:c4:20:06:e4:66:cd:73:2d:
                    6e:dd:de:bd:96:20:4b:da:7f:cf:d9:fd:e0:2c:8c:
                    dc:38:57:4e:aa:a9:70:d5:39:98:3f:a9:4f:0c:85:
                    30:db:a5:b4:0a:3a:84:d2:23:b8:0d:21:c8:13:88:
                    d0:31:91:31:e2:ec:4d:09:89:36:7f:64:81:cd:31:
                    6b:f8:de:4e:fc:05:b6:71:67:28:4e:c7:17:3b:10:
                    02:c9:ae:0d:b2:25:21:35:90:a6:32:25:9c:16:67:
                    07:29:14:c8:b8:60:7a:d4:d2:ba:7b:d1:f4:d1:11:
                    7d:74:36:f2:36:56:5d:d8:1e:a6:84:7e:fc:77:19:
                    41:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A6:F5:EA:8F:C0:B1:ED:AC:FB:83:B1:6D:3C:CF:D9:75:3B:00:EF
            X509v3 Authority Key Identifier:
                keyid:E2:D1:95:61:4E:EE:4A:2D:BB:51:F5:B2:1E:69:D1:6C:4E:14:41:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tGVYU7uSi27UfWyHmnRbE4UQa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ceb4cb-2ea7-42d0-bb2a-5dac63784058/1/I6b16o_Ase2s-4OxbTzP2XU7AO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ceb4cb-2ea7-42d0-bb2a-5dac63784058/1/4tGVYU7uSi27UfWyHmnRbE4UQa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:04:b8:b8:a3:57:1d:81:38:82:ce:27:ed:47:3f:7c:e5:5c:
         91:be:b7:b5:a9:e0:5b:ee:64:8a:c0:ba:8b:e1:25:51:29:e9:
         0b:5d:ef:99:49:79:b2:6c:7d:66:ad:24:91:77:ff:d9:c4:ac:
         f3:94:c0:ea:f9:b3:2e:35:43:fe:2d:44:66:80:39:fa:ab:cb:
         4e:18:e5:18:95:67:7a:90:79:5f:9f:4c:fd:e7:ab:63:4e:01:
         72:32:71:cd:2b:d7:37:aa:68:6c:7c:ab:50:66:fc:ee:13:d0:
         b8:9a:4b:9b:e5:ea:71:3c:b8:4b:f3:10:b7:64:45:f8:7e:1b:
         52:22:5e:df:47:d9:d1:04:98:9c:82:d4:97:26:d9:c1:26:1a:
         ee:e4:af:1e:9a:90:ab:99:a3:f4:b3:c8:0f:11:d3:3c:33:91:
         bb:3c:24:c1:41:56:85:e4:f8:0b:c4:ad:41:0d:9d:54:46:99:
         b5:dd:b2:0e:c3:1f:14:52:f8:3d:b9:37:bd:c0:eb:55:f8:76:
         7b:dc:39:ed:6c:99:09:ed:c6:18:09:c0:66:eb:a3:90:b6:8b:
         39:86:52:a2:21:83:e5:50:6f:a7:41:28:c0:3a:b3:23:01:52:
         33:16:58:e5:cd:8e:1c:2e:30:aa:7a:df:b0:a5:7b:76:37:df:
         73:ec:51:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaQ8nLPu3WTRLIydyu9gT5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDE5NTYxNGVlZTRhMmRiYjUxZjViMjFlNjlkMTZjNGUx
NDQxYWYwHhcNMjUwNTAyMTIyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2E2ZjVlYThmYzBiMWVkYWNmYjgzYjE2ZDNjY2ZkOTc1M2IwMGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3O8/MHttss85oOcuSWlbZ1x9GSSC
OVUIeQAOlqPxCrWgyuqK4RapsbudpKtx5sKOU2f5r4y2H78OvLz+7zuuPgAarPOM
fwU6sk15iMcdXFosEco2M09xKaUMetWseQXhRf+9BlbsiRywm1UVMFLoAbZPsKJ+
wG492Lr/MxNvxCAG5GbNcy1u3d69liBL2n/P2f3gLIzcOFdOqqlw1TmYP6lPDIUw
26W0CjqE0iO4DSHIE4jQMZEx4uxNCYk2f2SBzTFr+N5O/AW2cWcoTscXOxACya4N
siUhNZCmMiWcFmcHKRTIuGB61NK6e9H00RF9dDbyNlZd2B6mhH78dxlBAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOm9eqPwLHtrPuDsW08z9l1OwDvMB8GA1UdIwQY
MBaAFOLRlWFO7kotu1H1sh5p0WxOFEGvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRHVllVN3VTaTI3VWZXeUhtblJiRTRVUWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9jZWI0Y2ItMmVhNy00MmQwLWJiMmEt
NWRhYzYzNzg0MDU4LzEvSTZiMTZvX0FzZTJzLTRPeGJUelAyWFU3QU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9jZWI0Y2ItMmVhNy00MmQwLWJiMmEtNWRhYzYzNzg0MDU4
LzEvNHRHVllVN3VTaTI3VWZXeUhtblJiRTRVUWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcvcMA0G
CSqGSIb3DQEBCwUAA4IBAQA3BLi4o1cdgTiCziftRz985VyRvre1qeBb7mSKwLqL
4SVRKekLXe+ZSXmybH1mrSSRd//ZxKzzlMDq+bMuNUP+LURmgDn6q8tOGOUYlWd6
kHlfn0z956tjTgFyMnHNK9c3qmhsfKtQZvzuE9C4mkub5epxPLhL8xC3ZEX4fhtS
Il7fR9nRBJicgtSXJtnBJhru5K8empCrmaP0s8gPEdM8M5G7PCTBQVaF5PgLxK1B
DZ1URpm13bIOwx8UUvg9uTe9wOtV+HZ73DntbJkJ7cYYCcBm66OQtos5hlKiIYPl
UG+nQSjAOrMjAVIzFljlzY4cLjCqet+wpXt2N99z7FFk
-----END CERTIFICATE-----