Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ZH_oK163QAT2f2EBiwQ9c6ud4iQ.roa
File:                     ZH_oK163QAT2f2EBiwQ9c6ud4iQ.roa (raw, json)
Hash identifier:          jOkr0nYtxh71788qEPwd9H/K1R3/6wpwrYV5Cf+Bn8Y=
Subject key identifier:   64:7F:E8:2B:5E:B7:40:04:F6:7F:61:01:8B:04:3D:73:AB:9D:E2:24
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0199781B115AFBB69E0D0A250C39CC8F27FB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ZH_oK163QAT2f2EBiwQ9c6ud4iQ.roa
Signing time:             Tue 23 Sep 2025 19:44:23 +0000
ROA not before:           Tue 23 Sep 2025 19:44:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212743
IP address blocks:        144.31.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:78:1b:11:5a:fb:b6:9e:0d:0a:25:0c:39:cc:8f:27:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Sep 23 19:44:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=647fe82b5eb74004f67f61018b043d73ab9de224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d7:0b:bb:d6:76:f7:cb:5f:aa:9d:de:17:b0:
                    62:2d:3b:8c:8b:d5:b4:45:14:1b:25:3e:23:3a:59:
                    92:48:c5:36:ec:82:f8:a8:be:58:a8:88:11:08:ab:
                    a5:00:31:d8:bd:ef:87:35:18:d6:7f:fd:93:1f:20:
                    43:2a:d6:b5:ab:ac:c4:00:9f:f1:ce:89:ee:b2:46:
                    7a:6d:e6:44:9e:13:c7:53:50:51:3e:6a:63:6e:30:
                    fe:1d:08:0c:64:38:ee:4e:18:b5:3e:6d:07:09:43:
                    54:ca:03:db:2a:d7:4f:5d:fd:98:af:31:80:06:fa:
                    56:c8:7a:77:38:50:1d:af:cf:74:f2:d1:4a:e2:10:
                    d9:ad:a4:2a:71:aa:03:51:49:1d:8a:63:f7:f6:c4:
                    b1:67:fc:72:5d:43:37:c0:bc:6b:3d:a0:7e:e8:3b:
                    30:ee:8b:9b:ad:fc:df:d9:60:c2:4c:c2:9b:ef:ff:
                    7d:b0:55:50:3b:bd:97:91:c8:85:5e:66:71:0b:8a:
                    67:af:26:80:8f:45:4d:ca:5f:97:74:a3:2f:92:59:
                    66:f7:99:87:e9:ee:8a:09:a7:ea:29:21:66:e2:d3:
                    43:3c:aa:c3:6d:67:86:6f:10:61:de:7a:fb:3b:d2:
                    44:d8:f5:fc:65:09:7e:96:f3:63:74:45:7d:5c:d6:
                    d4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7F:E8:2B:5E:B7:40:04:F6:7F:61:01:8B:04:3D:73:AB:9D:E2:24
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ZH_oK163QAT2f2EBiwQ9c6ud4iQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:13:4b:4a:6d:6f:ac:1e:90:3c:61:d9:11:b8:3e:dc:94:4a:
         49:c1:e5:bd:35:47:c6:f0:4a:33:5f:44:0b:f4:f0:da:58:a2:
         b7:52:21:44:41:40:c1:7e:7f:7f:91:08:80:ab:a0:49:06:4f:
         da:d3:55:b7:bb:d0:fb:1b:a3:de:2c:e8:99:3d:a3:ff:98:d9:
         82:9b:1e:62:d5:6d:03:33:d0:bb:76:b2:d3:74:bc:96:ca:bf:
         47:fe:5b:26:a3:1b:df:77:16:d3:0e:ef:66:f2:27:ed:dc:8d:
         02:97:82:51:92:22:77:64:22:81:44:66:9b:ac:22:1f:6b:7f:
         69:24:44:83:ba:0b:07:c8:05:be:04:5b:29:d3:32:91:8a:1d:
         69:d5:e4:bb:fe:d1:73:94:e9:5e:00:03:34:8a:7f:7f:83:d3:
         70:de:51:f3:de:5d:09:36:33:0e:c3:bb:12:0b:24:70:3c:7a:
         b1:e3:f0:72:9c:fa:d2:aa:32:24:74:25:98:eb:cd:54:27:82:
         ce:d9:e9:8e:2e:c3:5a:8e:51:fe:ca:bc:58:9c:bb:f5:a6:41:
         d3:37:84:14:da:aa:f3:49:53:42:6d:42:37:48:04:e6:09:b7:
         df:ff:44:80:39:6e:f0:03:31:59:8f:cd:bc:86:ff:12:5a:06:
         1d:b3:24:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl4GxFa+7aeDQolDDnMjyf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwOTIzMTk0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDdmZTgyYjVlYjc0MDA0ZjY3ZjYxMDE4YjA0M2Q3M2FiOWRlMjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztcLu9Z298tfqp3eF7BiLTuMi9W0
RRQbJT4jOlmSSMU27IL4qL5YqIgRCKulADHYve+HNRjWf/2THyBDKta1q6zEAJ/x
zonuskZ6beZEnhPHU1BRPmpjbjD+HQgMZDjuThi1Pm0HCUNUygPbKtdPXf2YrzGA
BvpWyHp3OFAdr8908tFK4hDZraQqcaoDUUkdimP39sSxZ/xyXUM3wLxrPaB+6Dsw
7oubrfzf2WDCTMKb7/99sFVQO72XkciFXmZxC4pnryaAj0VNyl+XdKMvkllm95mH
6e6KCafqKSFm4tNDPKrDbWeGbxBh3nr7O9JE2PX8ZQl+lvNjdEV9XNbUjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGR/6Ctet0AE9n9hAYsEPXOrneIkMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWkhfb0sxNjNRQVQyZjJFQml3UTljNnVkNGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB+/MA0G
CSqGSIb3DQEBCwUAA4IBAQCbE0tKbW+sHpA8YdkRuD7clEpJweW9NUfG8EozX0QL
9PDaWKK3UiFEQUDBfn9/kQiAq6BJBk/a01W3u9D7G6PeLOiZPaP/mNmCmx5i1W0D
M9C7drLTdLyWyr9H/lsmoxvfdxbTDu9m8ift3I0Cl4JRkiJ3ZCKBRGabrCIfa39p
JESDugsHyAW+BFsp0zKRih1p1eS7/tFzlOleAAM0in9/g9Nw3lHz3l0JNjMOw7sS
CyRwPHqx4/BynPrSqjIkdCWY681UJ4LO2emOLsNajlH+yrxYnLv1pkHTN4QU2qrz
SVNCbUI3SATmCbff/0SAOW7wAzFZj828hv8SWgYdsyRe
-----END CERTIFICATE-----