Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tbFN4uJzRU21womPSI5KkKj3qmg.roa
File:                     tbFN4uJzRU21womPSI5KkKj3qmg.roa (raw, json)
Hash identifier:          cTuOYvRU7Ql1EyywVLIjraQ+WjjxuydXASBnsAaUEgY=
Subject key identifier:   B5:B1:4D:E2:E2:73:45:4D:B5:C2:89:8F:48:8E:4A:90:A8:F7:AA:68
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0197C7AF479823611A9F5DD1BA04B8FF9B3C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tbFN4uJzRU21womPSI5KkKj3qmg.roa
Signing time:             Tue 01 Jul 2025 20:30:42 +0000
ROA not before:           Tue 01 Jul 2025 20:30:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        64.188.84.0/22 maxlen: 24
                          64.188.104.0/22 maxlen: 24
                          64.188.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 06:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:af:47:98:23:61:1a:9f:5d:d1:ba:04:b8:ff:9b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul  1 20:30:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5b14de2e273454db5c2898f488e4a90a8f7aa68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:93:f9:b9:e1:a5:bf:e9:05:59:b9:05:4d:1d:
                    b9:ac:ef:6b:d0:91:58:6c:94:a3:ce:9a:4b:4b:26:
                    8e:81:23:73:ab:27:3c:e6:c8:d9:8c:e0:bd:1d:b6:
                    09:b8:c9:63:52:6b:72:86:76:ff:82:48:30:d9:51:
                    57:60:e6:9a:a3:0a:47:2d:93:60:66:1d:c9:90:6e:
                    32:a8:e6:52:cd:23:ee:5a:5c:e2:d4:76:d3:3f:db:
                    8f:1d:bb:6f:25:48:44:67:f8:ca:6f:cb:44:6f:13:
                    ee:78:11:8b:c1:69:29:18:24:98:9c:9b:66:34:90:
                    8d:c1:1e:f3:2e:4f:d7:63:d4:03:84:bb:d8:31:ab:
                    b1:f3:0b:e4:16:8c:ff:54:2c:84:e3:0d:aa:f5:22:
                    fa:22:41:01:46:9f:b1:f3:d7:f9:8e:f1:b8:c1:76:
                    f9:6f:3e:1f:28:5c:a0:73:7c:93:2c:aa:9c:c7:23:
                    16:3b:14:89:c7:0c:4f:af:e1:ab:42:41:96:6c:35:
                    5e:b0:a7:b0:c8:0f:88:f5:b1:21:c3:c2:ac:74:21:
                    3e:a9:ad:80:c5:ea:18:75:36:8a:00:85:b2:14:8a:
                    b7:ac:d4:09:e3:b7:6b:2c:0e:e7:88:ad:13:50:2e:
                    23:aa:ba:23:52:67:03:e9:20:bf:d7:b9:2a:79:ff:
                    f5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B1:4D:E2:E2:73:45:4D:B5:C2:89:8F:48:8E:4A:90:A8:F7:AA:68
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tbFN4uJzRU21womPSI5KkKj3qmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.84.0/22
                  64.188.104.0/22
                  64.188.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:44:bb:7b:81:39:0e:9e:5a:66:3e:fc:43:10:cc:34:5e:cf:
         9a:9a:b8:4d:14:c4:1b:a6:ff:80:76:3a:3c:1f:ba:7a:1c:72:
         0b:88:ac:23:92:c8:78:08:9e:9c:a6:a8:e1:a1:80:ec:60:1a:
         02:05:29:93:e4:d1:58:53:ff:71:9b:bb:51:8b:22:e5:59:f5:
         79:01:bd:61:ca:74:c2:c4:8d:4a:69:40:b9:0b:16:68:9a:c8:
         e7:e0:bd:3f:21:2f:df:b2:7b:68:f2:cb:e6:b6:33:02:7d:da:
         ac:e1:7d:63:da:45:98:93:bf:b2:17:bb:ee:65:ef:05:1e:62:
         6d:12:0e:80:86:2a:91:cf:5b:f9:3d:7a:94:5d:77:22:17:36:
         55:05:6e:10:3b:88:7d:0d:f7:a1:45:18:93:d6:ab:65:0c:07:
         4a:c9:14:3e:84:66:5f:57:2a:16:0e:be:03:bb:4a:3f:26:f9:
         5b:13:cd:12:d4:29:4f:49:1d:db:f2:0b:8e:7b:ad:d5:ec:c4:
         07:ae:b8:2c:60:bf:88:50:a2:33:f4:97:05:ec:19:27:fe:a4:
         40:3d:ff:2e:1a:18:44:80:83:da:f7:76:fa:f8:2f:32:c1:b3:
         26:a5:d6:c5:bb:c5:73:1c:0a:8a:a5:2d:da:f7:be:4d:e9:4c:
         6b:58:11:6a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfHr0eYI2Ean13RugS4/5s8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzAxMjAzMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWIxNGRlMmUyNzM0NTRkYjVjMjg5OGY0ODhlNGE5MGE4ZjdhYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pP5ueGlv+kFWbkFTR25rO9r0JFY
bJSjzppLSyaOgSNzqyc85sjZjOC9HbYJuMljUmtyhnb/gkgw2VFXYOaaowpHLZNg
Zh3JkG4yqOZSzSPuWlzi1HbTP9uPHbtvJUhEZ/jKb8tEbxPueBGLwWkpGCSYnJtm
NJCNwR7zLk/XY9QDhLvYMaux8wvkFoz/VCyE4w2q9SL6IkEBRp+x89f5jvG4wXb5
bz4fKFygc3yTLKqcxyMWOxSJxwxPr+GrQkGWbDVesKewyA+I9bEhw8KsdCE+qa2A
xeoYdTaKAIWyFIq3rNQJ47drLA7niK0TUC4jqrojUmcD6SC/17kqef/1lQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLWxTeLic0VNtcKJj0iOSpCo96poMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdGJGTjR1SnpSVTIxd29tUFNJNUtrS2ozcW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCQLxUAwQC
QLxoAwQCQLxwMA0GCSqGSIb3DQEBCwUAA4IBAQCeRLt7gTkOnlpmPvxDEMw0Xs+a
mrhNFMQbpv+Adjo8H7p6HHILiKwjksh4CJ6cpqjhoYDsYBoCBSmT5NFYU/9xm7tR
iyLlWfV5Ab1hynTCxI1KaUC5CxZomsjn4L0/IS/fsnto8svmtjMCfdqs4X1j2kWY
k7+yF7vuZe8FHmJtEg6AhiqRz1v5PXqUXXciFzZVBW4QO4h9DfehRRiT1qtlDAdK
yRQ+hGZfVyoWDr4Du0o/JvlbE80S1ClPSR3b8guOe63V7MQHrrgsYL+IUKIz9JcF
7Bkn/qRAPf8uGhhEgIPa93b6+C8ywbMmpdbFu8VzHAqKpS3a975N6UxrWBFq
-----END CERTIFICATE-----