Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/A8oZtym780vkooA0CDCTmVa_Uyg.roa
File:                     A8oZtym780vkooA0CDCTmVa_Uyg.roa (raw, json)
Hash identifier:          JEJEnU4s8nB2zC1Zuwtfcc28Rv+NglRc6QVnMQ0CUAc=
Subject key identifier:   03:CA:19:B7:29:BB:F3:4B:E4:A2:80:34:08:30:93:99:56:BF:53:28
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019669A9623B016045E81E2903FEEF52415B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/A8oZtym780vkooA0CDCTmVa_Uyg.roa
Signing time:             Thu 24 Apr 2025 21:17:10 +0000
ROA not before:           Thu 24 Apr 2025 21:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215439
IP address blocks:        193.23.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:69:a9:62:3b:01:60:45:e8:1e:29:03:fe:ef:52:41:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 24 21:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03ca19b729bbf34be4a280340830939956bf5328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ed:a4:61:1d:45:2c:d6:b1:62:38:c1:4f:a3:
                    af:40:f6:f4:b2:da:da:cd:60:5d:4f:e3:ec:50:e7:
                    39:b1:81:4a:fd:8e:1c:4a:dd:49:1e:71:b7:1a:36:
                    1f:a2:9e:36:e6:33:ba:26:33:8f:f1:11:b2:40:58:
                    f4:c3:0f:c1:6a:c8:8a:24:ac:8f:da:8e:27:37:d1:
                    7c:f6:d1:44:64:99:38:96:25:87:d0:56:36:5e:f5:
                    6f:2c:3f:5f:01:92:f9:df:13:1f:c2:e7:8b:c0:5c:
                    21:71:9d:0b:93:41:11:d5:d7:ec:d9:f7:2b:01:02:
                    78:1c:c0:2b:21:03:3a:55:db:8a:53:be:87:b6:d5:
                    ea:21:55:c0:37:c2:05:b3:ce:a1:85:09:0b:5e:1b:
                    31:f8:8d:1c:5b:49:64:af:81:15:73:ad:39:65:5d:
                    b1:d0:c9:92:82:83:5b:6b:e0:1f:3d:98:cb:08:68:
                    20:af:1e:1c:99:8d:bf:7c:2d:42:0d:13:37:c3:6f:
                    12:8f:7d:7a:08:1d:42:7b:d0:07:de:5c:ef:21:53:
                    fa:eb:55:94:d6:00:a0:b2:8d:79:4a:9c:83:57:35:
                    f8:3f:a8:2d:12:11:25:d8:63:df:be:93:4b:e9:2b:
                    8d:e4:80:4c:3d:d9:fb:29:0e:36:12:b3:b6:42:34:
                    b2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:CA:19:B7:29:BB:F3:4B:E4:A2:80:34:08:30:93:99:56:BF:53:28
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/A8oZtym780vkooA0CDCTmVa_Uyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:92:fd:b8:3b:6c:3c:64:1c:ee:a3:90:8a:7f:f0:cc:9c:c0:
         ae:43:f7:38:11:d4:89:7c:3f:93:1a:1d:b7:60:c3:73:1f:bc:
         5c:49:ac:f5:59:68:ba:af:93:12:3b:a3:dd:62:2b:1f:2c:1e:
         46:73:77:0e:fb:cc:20:98:5f:95:7b:fc:22:cb:08:c8:e6:bc:
         89:cc:7c:20:d1:09:a7:41:dc:b2:05:59:5f:52:be:ba:db:45:
         59:71:9b:81:63:a6:c3:5c:ae:86:65:5b:4c:43:40:1f:c0:9e:
         a3:d4:67:7f:e8:2c:10:98:cb:8a:f8:4d:5e:4c:4a:d4:36:88:
         61:c2:f3:db:c2:c4:c7:a1:af:eb:52:b3:1d:ae:b8:ee:14:a9:
         a9:69:6e:d5:3a:06:55:72:9e:80:aa:5b:75:b2:8c:1c:84:2c:
         df:3b:d4:2f:3a:38:d2:a1:b4:3f:cf:4f:2b:2c:b8:77:e0:d8:
         84:b7:8d:4c:e5:53:38:63:f9:df:95:c0:13:e8:a9:9d:21:ce:
         cf:52:23:f6:c4:95:5a:ca:ab:c4:83:ed:94:19:50:89:bc:20:
         ee:0e:e6:7c:69:2b:02:f7:84:bb:71:65:5a:e3:96:a0:a1:b7:
         60:34:44:16:13:4f:be:24:ac:68:4f:42:6a:ac:de:14:25:fa:
         0c:ff:63:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZpqWI7AWBF6B4pA/7vUkFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNDI0MjExNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2NhMTliNzI5YmJmMzRiZTRhMjgwMzQwODMwOTM5OTU2YmY1MzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAze2kYR1FLNaxYjjBT6OvQPb0stra
zWBdT+PsUOc5sYFK/Y4cSt1JHnG3GjYfop425jO6JjOP8RGyQFj0ww/BasiKJKyP
2o4nN9F89tFEZJk4liWH0FY2XvVvLD9fAZL53xMfwueLwFwhcZ0Lk0ER1dfs2fcr
AQJ4HMArIQM6VduKU76HttXqIVXAN8IFs86hhQkLXhsx+I0cW0lkr4EVc605ZV2x
0MmSgoNba+AfPZjLCGggrx4cmY2/fC1CDRM3w28Sj316CB1Ce9AH3lzvIVP661WU
1gCgso15SpyDVzX4P6gtEhEl2GPfvpNL6SuN5IBMPdn7KQ42ErO2QjSyHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPKGbcpu/NL5KKANAgwk5lWv1MoMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQThvWnR5bTc4MHZrb29BMENEQ1RtVmFfVXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfQMA0G
CSqGSIb3DQEBCwUAA4IBAQAHkv24O2w8ZBzuo5CKf/DMnMCuQ/c4EdSJfD+TGh23
YMNzH7xcSaz1WWi6r5MSO6PdYisfLB5Gc3cO+8wgmF+Ve/wiywjI5ryJzHwg0Qmn
QdyyBVlfUr6620VZcZuBY6bDXK6GZVtMQ0AfwJ6j1Gd/6CwQmMuK+E1eTErUNohh
wvPbwsTHoa/rUrMdrrjuFKmpaW7VOgZVcp6Aqlt1sowchCzfO9QvOjjSobQ/z08r
LLh34NiEt41M5VM4Y/nflcAT6KmdIc7PUiP2xJVayqvEg+2UGVCJvCDuDuZ8aSsC
94S7cWVa45agobdgNEQWE0++JKxoT0JqrN4UJfoM/2Mx
-----END CERTIFICATE-----