Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/G4C51JT3OmCVcaSkVzmku4EsPfQ.roa
File:                     G4C51JT3OmCVcaSkVzmku4EsPfQ.roa (raw, json)
Hash identifier:          BmuIj2noq5vl5ugeRq2+5NB4DNlC7/C9uM2BT0aPa/I=
Subject key identifier:   1B:80:B9:D4:94:F7:3A:60:95:71:A4:A4:57:39:A4:BB:81:2C:3D:F4
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01979DDE564CE788C2479D2C36CE0B33580D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/G4C51JT3OmCVcaSkVzmku4EsPfQ.roa
Signing time:             Mon 23 Jun 2025 17:38:03 +0000
ROA not before:           Mon 23 Jun 2025 17:38:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216260
IP address blocks:        193.23.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:de:56:4c:e7:88:c2:47:9d:2c:36:ce:0b:33:58:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 23 17:38:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b80b9d494f73a609571a4a45739a4bb812c3df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:82:ad:e2:82:4c:b2:25:19:27:4c:1c:e2:0a:
                    12:11:b3:de:d8:f4:83:a3:96:e1:2c:3f:9c:19:3d:
                    74:32:a3:71:bb:dd:2a:0b:d2:a3:dd:1f:f1:8e:f4:
                    71:91:93:c3:ec:bb:c2:3a:06:e0:3a:87:92:15:2f:
                    dd:04:8a:95:a6:df:85:e5:a9:e7:8e:c8:5f:80:e3:
                    78:9b:f8:25:56:3a:e4:73:f3:60:7d:24:8e:68:38:
                    c6:48:2b:ca:5f:b1:ef:c7:98:bc:ac:51:17:97:ff:
                    e4:64:a0:38:c2:61:d7:e6:b7:fa:c6:f7:67:97:1a:
                    09:98:09:cd:05:e7:ad:cd:f6:0d:80:a1:c7:65:01:
                    cb:cb:0d:24:f6:90:7b:a9:d5:f4:2d:63:56:58:58:
                    9e:b8:6a:fb:ae:00:59:42:c8:f8:f5:50:6f:68:a7:
                    39:92:22:41:97:60:80:5d:c0:cd:4c:87:dd:18:08:
                    c2:17:41:1c:ad:83:6a:ee:ed:bc:6b:bb:0c:db:8b:
                    fa:37:6f:89:2b:73:d8:f5:90:8d:51:f2:14:52:7f:
                    c2:ed:9c:1f:58:72:6b:d6:7e:d4:4e:02:32:f3:70:
                    8b:93:d4:02:c3:df:37:8b:8e:0a:40:2b:6b:65:d8:
                    32:60:44:38:93:a9:28:1c:93:16:97:96:93:16:5b:
                    ea:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:80:B9:D4:94:F7:3A:60:95:71:A4:A4:57:39:A4:BB:81:2C:3D:F4
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/G4C51JT3OmCVcaSkVzmku4EsPfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:72:64:96:6a:db:0f:4e:3b:b9:dd:cb:da:4b:ce:ef:5f:0c:
         c6:fc:55:f1:8e:36:05:b2:e5:72:4d:69:90:20:82:7c:a5:8c:
         07:00:2b:d3:56:46:4a:95:3c:28:54:3c:42:b5:98:c3:8c:0a:
         4b:06:1e:e9:93:14:22:1c:69:2b:b9:a4:55:06:80:bd:ff:d1:
         48:c8:23:ad:e0:aa:de:e9:c5:99:96:e7:b8:a9:4d:8a:c3:86:
         9a:35:ac:8b:c9:c7:db:e2:68:cf:51:59:e9:99:04:47:8b:ef:
         18:aa:4f:c1:4c:c7:45:17:da:9d:e4:2c:3f:36:58:b9:c0:73:
         19:74:b1:67:36:d0:9e:b3:43:41:42:d9:e7:1f:2f:53:d7:78:
         c7:62:01:de:45:16:98:59:22:a5:ea:2e:17:9b:44:25:da:ae:
         30:f8:96:5a:c1:1d:9f:af:72:9b:90:a2:2e:61:62:c4:dd:b7:
         cd:0b:5a:9b:07:b0:27:b5:58:7c:ac:f6:34:94:d8:75:48:a3:
         5a:58:ed:dd:01:04:c0:de:d8:d2:9a:20:a5:2b:33:f5:df:e4:
         e5:f5:90:e1:bf:cc:3e:34:14:be:ab:64:0b:5c:72:65:1d:be:
         e2:11:25:3b:e7:aa:23:59:9d:d7:a4:b3:ed:f9:16:43:08:bc:
         0a:e8:a5:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZed3lZM54jCR50sNs4LM1gNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNjIzMTczODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjgwYjlkNDk0ZjczYTYwOTU3MWE0YTQ1NzM5YTRiYjgxMmMzZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4Kt4oJMsiUZJ0wc4goSEbPe2PSD
o5bhLD+cGT10MqNxu90qC9Kj3R/xjvRxkZPD7LvCOgbgOoeSFS/dBIqVpt+F5ann
jshfgON4m/glVjrkc/NgfSSOaDjGSCvKX7Hvx5i8rFEXl//kZKA4wmHX5rf6xvdn
lxoJmAnNBeetzfYNgKHHZQHLyw0k9pB7qdX0LWNWWFieuGr7rgBZQsj49VBvaKc5
kiJBl2CAXcDNTIfdGAjCF0EcrYNq7u28a7sM24v6N2+JK3PY9ZCNUfIUUn/C7Zwf
WHJr1n7UTgIy83CLk9QCw983i44KQCtrZdgyYEQ4k6koHJMWl5aTFlvquQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuAudSU9zpglXGkpFc5pLuBLD30MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRzRDNTFKVDNPbUNWY2FTa1Z6bWt1NEVzUGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfdMA0G
CSqGSIb3DQEBCwUAA4IBAQCZcmSWatsPTju53cvaS87vXwzG/FXxjjYFsuVyTWmQ
IIJ8pYwHACvTVkZKlTwoVDxCtZjDjApLBh7pkxQiHGkruaRVBoC9/9FIyCOt4Kre
6cWZlue4qU2Kw4aaNayLycfb4mjPUVnpmQRHi+8Yqk/BTMdFF9qd5Cw/Nli5wHMZ
dLFnNtCes0NBQtnnHy9T13jHYgHeRRaYWSKl6i4Xm0Ql2q4w+JZawR2fr3KbkKIu
YWLE3bfNC1qbB7AntVh8rPY0lNh1SKNaWO3dAQTA3tjSmiClKzP13+Tl9ZDhv8w+
NBS+q2QLXHJlHb7iESU756ojWZ3XpLPt+RZDCLwK6KWI
-----END CERTIFICATE-----