Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RHeWfeYF0DEk7KeGddK3e5LURac.roa
File:                     RHeWfeYF0DEk7KeGddK3e5LURac.roa (raw, json)
Hash identifier:          v2n4Lvwnf6X2vqETdOtxp42iLHblFzY6Og2bmDg55IM=
Subject key identifier:   44:77:96:7D:E6:05:D0:31:24:EC:A7:86:75:D2:B7:7B:92:D4:45:A7
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01988A6C37FE9B840C4FCD2B6F85744D68CE
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RHeWfeYF0DEk7KeGddK3e5LURac.roa
Signing time:             Fri 08 Aug 2025 16:03:24 +0000
ROA not before:           Fri 08 Aug 2025 16:03:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18301
IP address blocks:        64.188.89.0/24 maxlen: 24
                          193.23.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8a:6c:37:fe:9b:84:0c:4f:cd:2b:6f:85:74:4d:68:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Aug  8 16:03:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4477967de605d03124eca78675d2b77b92d445a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:82:0c:76:b9:8d:9e:8f:14:30:f9:56:ef:3d:
                    2c:cc:9d:bb:f9:f0:a9:97:1f:fb:d0:7d:db:bf:d7:
                    de:bc:61:56:05:ae:7d:73:a4:a9:75:69:e0:33:30:
                    86:76:21:12:73:51:01:2f:59:68:60:a7:15:84:33:
                    30:b6:a7:7a:cc:89:c6:1f:00:d6:61:91:aa:3c:42:
                    4c:01:de:c0:25:ed:0a:e9:51:8e:61:21:49:90:78:
                    cb:c2:f1:57:29:56:66:9d:01:8c:ed:88:41:47:56:
                    18:36:e2:9d:51:df:13:9e:5f:12:d3:8a:1c:ad:1a:
                    f6:6d:6a:d0:28:08:6e:41:ff:c8:1f:93:8c:c0:64:
                    42:df:96:46:aa:7c:32:2a:59:d3:44:7d:f9:a3:be:
                    e9:0f:fb:fb:ce:31:83:40:b3:be:2c:c4:2f:71:ef:
                    9e:b9:87:84:a3:f0:67:d2:12:78:05:f4:99:e3:02:
                    58:01:2e:43:8e:ca:c3:b5:8c:b8:1b:c9:76:ae:0f:
                    4e:95:54:e6:53:47:71:a1:25:c1:65:7c:c0:68:ae:
                    84:5b:b4:cc:54:d6:ad:aa:41:3b:1c:8d:61:f5:b9:
                    ba:7c:d4:9d:c9:48:fe:e5:11:2c:9f:08:55:4f:4a:
                    ca:d5:cd:e0:31:42:c4:f8:a2:2a:f8:d2:0f:62:d6:
                    91:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:77:96:7D:E6:05:D0:31:24:EC:A7:86:75:D2:B7:7B:92:D4:45:A7
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RHeWfeYF0DEk7KeGddK3e5LURac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.89.0/24
                  193.23.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b7:9e:d0:e4:a0:54:28:8e:27:9c:ae:72:87:4d:0e:c2:01:
         04:0f:2a:f7:9f:a4:e2:cf:4b:c5:28:e8:cf:1e:ed:91:22:a2:
         07:93:3d:16:18:90:73:26:d8:54:c6:1f:5c:09:92:cd:d3:f4:
         8b:73:f3:6b:07:af:f6:8b:85:38:e5:4f:f5:04:c6:f5:31:c3:
         7c:5f:00:5c:a0:9b:4c:ef:b4:a3:d3:08:dc:b3:7d:96:49:12:
         db:9e:26:b6:d1:d0:5c:00:86:56:7f:d9:23:5a:36:90:5a:f1:
         dd:b5:e9:da:5a:ef:f6:5a:61:3e:2b:0c:16:3c:e5:12:87:e7:
         0e:46:2d:1a:bc:ec:d5:c7:fc:b1:ad:d1:64:16:07:99:ef:a2:
         15:00:33:76:f7:4a:8f:f6:62:66:f9:74:e5:bd:d1:eb:9a:7b:
         97:73:89:6b:06:8a:3e:79:35:36:f1:e8:99:6d:7f:07:0e:63:
         34:89:54:e4:e2:eb:cf:08:87:ef:de:3a:34:e5:76:34:c9:b8:
         76:8d:e3:ed:fa:a3:16:bc:7b:01:8a:94:f2:a1:1c:2b:e1:17:
         b7:37:d3:87:f6:e1:6a:10:c5:ba:95:98:5e:d4:5f:af:5a:05:
         10:09:a3:94:3a:f7:5c:e6:8a:58:08:2d:38:76:af:79:28:4f:
         d8:92:1e:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiKbDf+m4QMT80rb4V0TWjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODA4MTYwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDc3OTY3ZGU2MDVkMDMxMjRlY2E3ODY3NWQyYjc3YjkyZDQ0NWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIIMdrmNno8UMPlW7z0szJ27+fCp
lx/70H3bv9fevGFWBa59c6SpdWngMzCGdiESc1EBL1loYKcVhDMwtqd6zInGHwDW
YZGqPEJMAd7AJe0K6VGOYSFJkHjLwvFXKVZmnQGM7YhBR1YYNuKdUd8Tnl8S04oc
rRr2bWrQKAhuQf/IH5OMwGRC35ZGqnwyKlnTRH35o77pD/v7zjGDQLO+LMQvce+e
uYeEo/Bn0hJ4BfSZ4wJYAS5DjsrDtYy4G8l2rg9OlVTmU0dxoSXBZXzAaK6EW7TM
VNatqkE7HI1h9bm6fNSdyUj+5REsnwhVT0rK1c3gMULE+KIq+NIPYtaRtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFER3ln3mBdAxJOynhnXSt3uS1EWnMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUkhlV2ZlWUYwREVrN0tlR2RkSzNlNUxVUmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAQLxZAwQA
wRfKMA0GCSqGSIb3DQEBCwUAA4IBAQAat57Q5KBUKI4nnK5yh00OwgEEDyr3n6Ti
z0vFKOjPHu2RIqIHkz0WGJBzJthUxh9cCZLN0/SLc/NrB6/2i4U45U/1BMb1McN8
XwBcoJtM77Sj0wjcs32WSRLbnia20dBcAIZWf9kjWjaQWvHdtenaWu/2WmE+KwwW
POUSh+cORi0avOzVx/yxrdFkFgeZ76IVADN290qP9mJm+XTlvdHrmnuXc4lrBoo+
eTU28eiZbX8HDmM0iVTk4uvPCIfv3jo05XY0ybh2jePt+qMWvHsBipTyoRwr4Re3
N9OH9uFqEMW6lZhe1F+vWgUQCaOUOvdc5opYCC04dq95KE/Ykh5M
-----END CERTIFICATE-----