Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zxpwrkt7n8auEqmqxO5dvYhslHA.roa
File:                     zxpwrkt7n8auEqmqxO5dvYhslHA.roa (raw, json)
Hash identifier:          YyGPhwvRoe+QMPUXxwGrHWbLumOuw68StjtLOaF7O+s=
Subject key identifier:   CF:1A:70:AE:4B:7B:9F:C6:AE:12:A9:AA:C4:EE:5D:BD:88:6C:94:70
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0198A03FAE84555CC330B887F4E2EA876356
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zxpwrkt7n8auEqmqxO5dvYhslHA.roa
Signing time:             Tue 12 Aug 2025 21:46:24 +0000
ROA not before:           Tue 12 Aug 2025 21:46:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206715
IP address blocks:        64.188.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a0:3f:ae:84:55:5c:c3:30:b8:87:f4:e2:ea:87:63:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Aug 12 21:46:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf1a70ae4b7b9fc6ae12a9aac4ee5dbd886c9470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bc:22:3c:de:0f:bd:f1:c9:11:08:c6:1c:03:
                    3a:50:0f:c1:a1:d5:41:38:cf:28:98:a5:85:55:42:
                    61:0b:fa:2f:d9:18:de:4b:7d:9d:cc:63:75:21:8a:
                    48:2f:7d:f8:5d:38:50:64:f4:89:15:08:24:72:61:
                    a7:d8:5d:f7:4a:36:4e:d0:7d:58:69:36:2b:0f:29:
                    87:9f:28:bb:a7:ee:d0:4c:14:ca:5d:02:f4:0c:5e:
                    82:a8:b6:38:2f:a6:b9:43:6f:81:82:ed:80:b5:60:
                    7c:b0:83:e3:8d:0c:f9:c0:c3:fa:5f:c0:92:e4:1d:
                    6e:fc:ac:74:c3:c8:7e:12:6b:b3:c3:5f:b3:e8:31:
                    85:10:23:37:01:eb:07:c9:b9:31:e0:6f:c0:42:14:
                    c1:88:fe:f3:38:28:c6:69:1c:ec:45:1c:4e:7e:20:
                    44:c4:7a:06:85:35:b8:45:1b:5e:e8:6d:39:80:0c:
                    35:4d:c5:09:69:25:3d:4a:d3:a0:7e:ab:80:b6:2a:
                    da:74:ff:1c:54:58:6e:e0:05:75:fc:99:32:0b:69:
                    bb:32:d4:bc:fd:51:22:7d:87:d2:7e:79:00:4e:0f:
                    89:82:c7:da:07:49:29:f5:e6:bc:c3:dc:39:ca:30:
                    4a:80:3d:1b:d0:31:4b:34:00:68:41:f3:36:ea:41:
                    23:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:1A:70:AE:4B:7B:9F:C6:AE:12:A9:AA:C4:EE:5D:BD:88:6C:94:70
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zxpwrkt7n8auEqmqxO5dvYhslHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:3d:eb:9d:c3:94:89:64:8f:8e:e7:b5:23:4a:58:4b:58:ac:
         d2:1b:5c:c8:49:d5:84:07:51:e5:16:5b:e6:cd:ce:62:8a:4e:
         3b:cf:f3:d3:cc:66:13:6c:ba:33:b3:ce:26:6f:69:51:ba:3c:
         38:7f:66:17:e5:3e:c3:69:ed:f3:2c:9d:c9:89:ba:50:3d:2f:
         1d:7b:11:23:30:a2:11:db:d6:ce:17:67:89:60:8e:eb:5f:85:
         39:f3:64:6c:ae:58:72:4e:5f:6d:5c:8b:74:6e:d3:b4:f3:60:
         db:2c:7f:20:e6:b9:96:10:92:ab:7c:6f:fa:8f:17:0a:d8:f5:
         1b:ad:29:8c:2e:74:4d:77:a8:7a:83:a8:48:57:42:9c:81:94:
         ae:cf:62:76:29:f0:0d:88:dd:4d:10:b9:6e:c5:2b:2f:be:fd:
         f8:4e:29:11:f6:b0:67:96:ce:a8:a0:39:d8:f1:7c:9c:36:b3:
         00:8e:c9:00:79:f0:8d:9a:05:c8:30:00:df:ab:7d:a4:6c:ec:
         b1:b5:2e:f6:f8:d8:2e:3c:6e:e3:a4:ef:74:78:4f:95:b1:0a:
         23:8b:c0:f3:7d:0c:1d:c4:72:14:c5:c7:5c:7d:1b:e3:9f:44:
         2c:94:67:f8:4c:56:a2:a0:22:1a:bb:e6:f4:8f:09:ea:a9:47:
         76:8e:8d:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZigP66EVVzDMLiH9OLqh2NWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODEyMjE0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjFhNzBhZTRiN2I5ZmM2YWUxMmE5YWFjNGVlNWRiZDg4NmM5NDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rwiPN4PvfHJEQjGHAM6UA/BodVB
OM8omKWFVUJhC/ov2RjeS32dzGN1IYpIL334XThQZPSJFQgkcmGn2F33SjZO0H1Y
aTYrDymHnyi7p+7QTBTKXQL0DF6CqLY4L6a5Q2+Bgu2AtWB8sIPjjQz5wMP6X8CS
5B1u/Kx0w8h+Emuzw1+z6DGFECM3AesHybkx4G/AQhTBiP7zOCjGaRzsRRxOfiBE
xHoGhTW4RRte6G05gAw1TcUJaSU9StOgfquAtiradP8cVFhu4AV1/JkyC2m7MtS8
/VEifYfSfnkATg+JgsfaB0kp9ea8w9w5yjBKgD0b0DFLNABoQfM26kEjiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8acK5Le5/GrhKpqsTuXb2IbJRwMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvenhwd3JrdDduOGF1RXFtcXhPNWR2WWhzbEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQLxSMA0G
CSqGSIb3DQEBCwUAA4IBAQAZPeudw5SJZI+O57UjSlhLWKzSG1zISdWEB1HlFlvm
zc5iik47z/PTzGYTbLozs84mb2lRujw4f2YX5T7Dae3zLJ3JibpQPS8dexEjMKIR
29bOF2eJYI7rX4U582RsrlhyTl9tXIt0btO082DbLH8g5rmWEJKrfG/6jxcK2PUb
rSmMLnRNd6h6g6hIV0KcgZSuz2J2KfANiN1NELluxSsvvv34TikR9rBnls6ooDnY
8XycNrMAjskAefCNmgXIMADfq32kbOyxtS72+NguPG7jpO90eE+VsQoji8DzfQwd
xHIUxcdcfRvjn0QslGf4TFaioCIau+b0jwnqqUd2jo07
-----END CERTIFICATE-----