Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cw5DnR9swRPkPsqxKbVBdMi1gxc.roa
File:                     cw5DnR9swRPkPsqxKbVBdMi1gxc.roa (raw, json)
Hash identifier:          xCQw5F2RsSBykATtl7xq4iOHgXvoqIdKyRqwyupoCwE=
Subject key identifier:   73:0E:43:9D:1F:6C:C1:13:E4:3E:CA:B1:29:B5:41:74:C8:B5:83:17
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019925A49C62A660C9396FD07DC5F896EC36
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cw5DnR9swRPkPsqxKbVBdMi1gxc.roa
Signing time:             Sun 07 Sep 2025 19:26:08 +0000
ROA not before:           Sun 07 Sep 2025 19:26:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213229
IP address blocks:        64.188.88.0/24 maxlen: 24
                          144.31.31.0/24 maxlen: 24
                          193.23.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:25:a4:9c:62:a6:60:c9:39:6f:d0:7d:c5:f8:96:ec:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Sep  7 19:26:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=730e439d1f6cc113e43ecab129b54174c8b58317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:88:97:c6:f4:36:e4:65:94:2c:6a:79:7d:27:
                    bb:bb:1f:f6:dd:b7:9e:08:57:17:70:dd:1c:46:70:
                    6a:f4:6f:d7:fc:1f:54:27:f4:0b:c0:d0:91:68:ec:
                    52:89:0e:c4:f5:66:d6:e5:89:c4:20:46:36:43:17:
                    69:5b:9f:48:7e:5e:54:21:76:dd:1b:95:37:f1:74:
                    ae:ab:80:e3:82:b9:60:19:72:dd:bc:3c:58:e8:fa:
                    ec:84:d4:c7:ef:bc:ea:fa:a4:eb:a1:9f:aa:c5:80:
                    23:a7:00:36:26:cb:15:b9:a2:85:2c:49:85:06:df:
                    82:b3:9d:7f:cf:63:41:34:06:96:9e:7d:da:c9:f8:
                    5b:01:3c:32:0f:63:d3:72:4d:e2:8a:88:a6:e7:83:
                    fa:70:3c:c1:b6:ba:7c:00:78:4c:f3:54:a4:fb:90:
                    36:4b:08:00:07:7d:2f:39:d6:58:a6:4f:af:4f:c4:
                    49:d3:5c:81:75:8a:05:c9:c8:c2:e6:7e:ba:5c:76:
                    6d:1f:32:4c:67:01:2d:c9:e3:8b:1e:a9:fe:7f:79:
                    d7:2e:7e:e7:97:c0:82:c6:31:ff:1c:6a:b9:b1:bf:
                    be:73:57:25:1f:fe:ba:de:de:c1:dc:51:c3:91:29:
                    e2:a4:1f:3d:9b:00:9e:c1:86:01:7d:96:33:c5:ff:
                    fa:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:0E:43:9D:1F:6C:C1:13:E4:3E:CA:B1:29:B5:41:74:C8:B5:83:17
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cw5DnR9swRPkPsqxKbVBdMi1gxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.88.0/24
                  144.31.31.0/24
                  193.23.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:df:39:32:ce:2e:2c:cf:90:8c:7d:e2:a3:c6:bc:42:9c:ea:
         91:56:36:da:9b:07:de:25:1e:96:7f:a2:06:75:e1:de:81:bd:
         b3:33:dd:1a:15:44:ed:fb:fe:fd:75:62:1f:02:32:1e:ce:28:
         e8:f7:7c:5b:b8:3f:46:d7:e2:45:01:51:d2:21:7a:24:32:b6:
         02:b2:01:e8:ca:c0:f7:60:88:96:65:6c:36:bc:b4:4d:72:ad:
         63:56:f7:20:d7:4f:9f:14:ce:c7:47:53:53:84:f6:3f:de:9a:
         2e:23:dd:ff:9d:d8:ce:01:41:bb:c9:f3:40:01:22:7f:1e:01:
         bc:0b:4b:bc:df:27:25:9f:f4:31:bf:99:11:ad:02:19:20:59:
         41:c3:0a:06:b9:10:be:e0:80:5f:11:43:c1:96:36:b7:26:21:
         13:66:58:53:15:e5:61:b8:18:75:78:c8:24:5b:8e:8c:d8:98:
         ef:2a:85:ba:51:80:3c:15:21:32:90:ed:3f:a4:fd:f9:7e:6a:
         f2:15:1d:f7:78:97:81:fb:bf:37:95:58:b6:a4:4e:75:9d:41:
         bb:d5:7e:93:d5:3d:5b:74:c5:8e:90:26:0f:e4:db:d7:d0:1d:
         d1:ac:02:b2:d8:59:f3:e8:9e:9d:42:23:a9:60:30:27:50:23:
         6e:31:bf:97
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZklpJxipmDJOW/QfcX4luw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwOTA3MTkyNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzBlNDM5ZDFmNmNjMTEzZTQzZWNhYjEyOWI1NDE3NGM4YjU4MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4iXxvQ25GWULGp5fSe7ux/23bee
CFcXcN0cRnBq9G/X/B9UJ/QLwNCRaOxSiQ7E9WbW5YnEIEY2QxdpW59Ifl5UIXbd
G5U38XSuq4DjgrlgGXLdvDxY6PrshNTH77zq+qTroZ+qxYAjpwA2JssVuaKFLEmF
Bt+Cs51/z2NBNAaWnn3ayfhbATwyD2PTck3iioim54P6cDzBtrp8AHhM81Sk+5A2
SwgAB30vOdZYpk+vT8RJ01yBdYoFycjC5n66XHZtHzJMZwEtyeOLHqn+f3nXLn7n
l8CCxjH/HGq5sb++c1clH/663t7B3FHDkSnipB89mwCewYYBfZYzxf/6LwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHMOQ50fbMET5D7KsSm1QXTItYMXMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvY3c1RG5SOXN3UlBrUHNxeEtiVkJkTWkxZ3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAQLxYAwQA
kB8fAwQAwRfQMA0GCSqGSIb3DQEBCwUAA4IBAQCF3zkyzi4sz5CMfeKjxrxCnOqR
VjbamwfeJR6Wf6IGdeHegb2zM90aFUTt+/79dWIfAjIezijo93xbuD9G1+JFAVHS
IXokMrYCsgHoysD3YIiWZWw2vLRNcq1jVvcg10+fFM7HR1NThPY/3pouI93/ndjO
AUG7yfNAASJ/HgG8C0u83ycln/Qxv5kRrQIZIFlBwwoGuRC+4IBfEUPBlja3JiET
ZlhTFeVhuBh1eMgkW46M2JjvKoW6UYA8FSEykO0/pP35fmryFR33eJeB+783lVi2
pE51nUG71X6T1T1bdMWOkCYP5NvX0B3RrAKy2Fnz6J6dQiOpYDAnUCNuMb+X
-----END CERTIFICATE-----