Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/obpj78Cj4h6AqPChG513fVXXoMs.roa
File:                     obpj78Cj4h6AqPChG513fVXXoMs.roa (raw, json)
Hash identifier:          xhWt95TQUSf4jmhliYXpfzfmunJAIuxitDmmO5ohsLY=
Subject key identifier:   A1:BA:63:EF:C0:A3:E2:1E:80:A8:F0:A1:1B:9D:77:7D:55:D7:A0:CB
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       0196AB7715F4408DFFE23B75DCB63805195E
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/obpj78Cj4h6AqPChG513fVXXoMs.roa
Signing time:             Wed 07 May 2025 15:57:10 +0000
ROA not before:           Wed 07 May 2025 15:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212660
IP address blocks:        198.38.94.0/24 maxlen: 24
                          198.38.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 21:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ab:77:15:f4:40:8d:ff:e2:3b:75:dc:b6:38:05:19:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: May  7 15:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1ba63efc0a3e21e80a8f0a11b9d777d55d7a0cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:db:a4:9a:f3:02:e2:80:63:ef:eb:e3:94:19:
                    26:df:75:35:7e:d3:f2:57:40:88:19:d5:cb:6f:d8:
                    08:22:61:c9:4b:88:93:58:ef:1a:20:12:ac:11:97:
                    3d:e7:67:19:aa:f9:76:37:ad:f2:6f:08:7c:33:cf:
                    f4:eb:c0:b1:af:08:96:7c:aa:97:5d:da:8e:f4:d1:
                    c3:70:a6:ef:34:2b:d7:bb:0e:32:01:2b:63:4c:c9:
                    8b:15:6e:b6:01:37:99:c0:37:8e:b8:40:8a:21:1c:
                    62:78:8d:93:e2:e9:ce:da:34:e8:fa:b8:5c:82:8c:
                    65:ed:d5:3c:d4:22:c0:63:b9:5f:5a:7d:51:5b:22:
                    df:4c:da:1d:f0:3d:ce:08:e5:e1:a5:3c:14:fc:fa:
                    63:3c:0b:58:a7:93:7e:b9:99:f0:83:21:b3:20:81:
                    7b:3b:75:53:06:2c:a0:41:d3:68:f3:7a:63:67:4a:
                    bb:b3:8b:de:25:41:46:af:02:d1:61:53:5f:e1:db:
                    66:b6:b9:9b:1e:93:ca:a3:f7:04:fb:51:15:b9:f0:
                    f6:e7:bc:38:42:88:47:cd:8b:8d:8d:8d:f1:90:0c:
                    be:91:11:b8:61:1c:6b:4e:91:03:ea:20:dd:7f:bf:
                    8f:ca:c0:0c:8f:a8:ea:97:0b:b7:71:a8:0f:4b:f3:
                    3f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:BA:63:EF:C0:A3:E2:1E:80:A8:F0:A1:1B:9D:77:7D:55:D7:A0:CB
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/obpj78Cj4h6AqPChG513fVXXoMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.38.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:19:00:a9:2e:7f:2b:95:88:7e:34:e2:15:29:7c:63:bd:5a:
         d8:50:ea:04:73:5a:db:1c:3c:9d:71:5a:4c:6e:e1:b1:b0:37:
         83:ef:06:ab:67:ce:24:7e:2f:56:88:8b:68:c2:e0:1a:09:20:
         7a:1d:62:b6:39:d9:2e:5f:d2:fc:c5:07:e0:ae:68:cb:9d:6b:
         35:c3:10:76:a0:fd:ea:d7:ec:f3:93:7f:08:eb:90:ce:4e:c8:
         c2:b2:49:f2:3d:0f:95:40:10:31:55:6a:02:17:dc:51:ff:b5:
         fd:54:81:1e:4e:b8:fc:49:a2:f0:40:76:5e:ab:76:b3:b8:65:
         04:3c:ff:c1:63:ae:ff:5f:33:fa:dd:91:f2:12:f5:d3:0a:ba:
         7f:f6:23:fe:84:ca:2a:db:bf:11:ee:8e:1a:bb:af:ed:66:9b:
         e2:8a:a8:56:6a:7a:b7:a4:49:58:72:0f:b5:d6:48:4c:01:51:
         c3:4a:31:2a:98:19:52:49:31:f3:4b:b4:f9:2e:9f:52:74:65:
         bd:b0:cd:ec:18:17:5b:7e:dc:8c:58:57:6a:af:d3:13:b8:67:
         6a:dc:e6:4b:39:7d:76:a7:e4:bf:f4:09:eb:76:bf:02:78:43:
         03:32:97:c7:00:65:ac:b2:4d:3c:2b:44:d2:4d:8a:e6:74:8a:
         06:ce:4c:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZardxX0QI3/4jt13LY4BRleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwNTA3MTU1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWJhNjNlZmMwYTNlMjFlODBhOGYwYTExYjlkNzc3ZDU1ZDdhMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdukmvMC4oBj7+vjlBkm33U1ftPy
V0CIGdXLb9gIImHJS4iTWO8aIBKsEZc952cZqvl2N63ybwh8M8/068CxrwiWfKqX
XdqO9NHDcKbvNCvXuw4yAStjTMmLFW62ATeZwDeOuECKIRxieI2T4unO2jTo+rhc
goxl7dU81CLAY7lfWn1RWyLfTNod8D3OCOXhpTwU/PpjPAtYp5N+uZnwgyGzIIF7
O3VTBiygQdNo83pjZ0q7s4veJUFGrwLRYVNf4dtmtrmbHpPKo/cE+1EVufD257w4
QohHzYuNjY3xkAy+kRG4YRxrTpED6iDdf7+PysAMj6jqlwu3cagPS/M/2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKG6Y+/Ao+IegKjwoRudd31V16DLMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvb2Jwajc4Q2o0aDZBcVBDaEc1MTNmVlhYb01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBxiZeMA0G
CSqGSIb3DQEBCwUAA4IBAQB7GQCpLn8rlYh+NOIVKXxjvVrYUOoEc1rbHDydcVpM
buGxsDeD7warZ84kfi9WiItowuAaCSB6HWK2OdkuX9L8xQfgrmjLnWs1wxB2oP3q
1+zzk38I65DOTsjCsknyPQ+VQBAxVWoCF9xR/7X9VIEeTrj8SaLwQHZeq3azuGUE
PP/BY67/XzP63ZHyEvXTCrp/9iP+hMoq278R7o4au6/tZpviiqhWanq3pElYcg+1
1khMAVHDSjEqmBlSSTHzS7T5Lp9SdGW9sM3sGBdbftyMWFdqr9MTuGdq3OZLOX12
p+S/9Anrdr8CeEMDMpfHAGWssk08K0TSTYrmdIoGzkz1
-----END CERTIFICATE-----