Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/d-ZobvgAMFJ0eP9AE1uhYcsQVDs.roa
File:                     d-ZobvgAMFJ0eP9AE1uhYcsQVDs.roa (raw, json)
Hash identifier:          aLSwFXDpLlrawmw0mLWL/kkoph6Md5gFv3dgFqPWU60=
Subject key identifier:   77:E6:68:6E:F8:00:30:52:74:78:FF:40:13:5B:A1:61:CB:10:54:3B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0198CE9232031459281758BF97BF675F6D9C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/d-ZobvgAMFJ0eP9AE1uhYcsQVDs.roa
Signing time:             Thu 21 Aug 2025 21:39:04 +0000
ROA not before:           Thu 21 Aug 2025 21:39:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213229
IP address blocks:        64.188.88.0/24 maxlen: 24
                          144.31.212.0/24 maxlen: 24
                          193.23.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ce:92:32:03:14:59:28:17:58:bf:97:bf:67:5f:6d:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Aug 21 21:39:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77e6686ef80030527478ff40135ba161cb10543b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a4:b0:aa:a0:56:56:54:40:4b:97:d1:bd:f0:
                    68:d7:dd:31:33:04:6d:ac:33:0d:3d:5d:0f:a8:ea:
                    3f:d4:41:0b:e1:06:4c:06:1d:9d:a2:8c:0d:46:01:
                    8c:91:f5:3a:b1:06:e3:d3:08:2b:0b:c4:0f:f2:8a:
                    0f:98:0f:f1:62:95:55:d2:f9:9c:61:e9:c8:cb:6e:
                    6c:5b:c6:6e:33:7c:d8:3c:2c:f8:97:59:98:37:b8:
                    bb:67:3e:04:d2:7c:54:4c:1f:a9:0d:ac:93:5a:60:
                    5b:c9:5d:83:e9:3a:cd:57:e1:70:b1:4b:f6:c3:d0:
                    55:26:8a:d2:de:36:7b:b2:b6:2e:f4:cf:13:d8:96:
                    1d:85:d2:8d:6b:57:94:14:53:96:ce:03:04:3f:59:
                    ac:cf:76:dd:fb:56:13:fa:85:ec:46:f2:0a:4c:0c:
                    ee:af:40:fb:96:45:ec:df:b9:0f:c4:33:ce:2d:fb:
                    2f:c1:86:c2:9d:6f:59:b7:6f:b4:08:0e:e9:5d:3f:
                    92:a3:8d:64:89:60:58:f0:10:8c:56:7f:ff:42:9f:
                    55:bb:41:8e:e3:a4:4c:bc:33:a1:4a:a1:54:6f:77:
                    27:7d:c1:29:2c:4e:18:eb:e3:04:cb:65:3b:ed:89:
                    d1:71:fb:ab:47:9b:e9:df:7a:4b:39:34:e6:f1:2f:
                    ce:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E6:68:6E:F8:00:30:52:74:78:FF:40:13:5B:A1:61:CB:10:54:3B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/d-ZobvgAMFJ0eP9AE1uhYcsQVDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.88.0/24
                  144.31.212.0/24
                  193.23.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:79:75:0c:0d:85:ef:8e:b7:44:b0:05:6c:3c:5b:a4:46:4f:
         66:01:9c:1f:85:26:93:d4:fe:5a:ab:8d:12:20:ca:ff:bd:bd:
         d2:f8:2c:8a:c5:b5:93:f8:19:6e:98:e9:85:b1:8c:8e:00:e9:
         1a:1a:70:02:df:93:c7:8a:4a:62:e4:ff:1d:be:be:bd:70:0a:
         ee:83:13:87:21:05:c7:3d:f1:08:3f:aa:30:00:1e:34:95:05:
         9a:9d:82:ad:3a:99:58:e8:f0:08:72:e9:27:85:bd:94:c4:21:
         8e:c5:79:74:4f:4f:f3:5c:d2:a9:34:90:b2:5f:e8:b2:d7:6b:
         2e:aa:67:75:51:48:4b:f5:61:4e:10:76:8a:59:1c:8e:8f:f0:
         40:ee:e9:ae:2d:41:6c:f0:9f:44:f0:ef:c6:46:6b:3f:60:ed:
         e7:e0:52:51:46:e3:20:b0:00:9c:bb:3d:ad:08:3c:5d:60:a6:
         90:0f:1e:99:e7:f5:93:a4:a7:13:8c:64:c9:63:e9:84:c4:e1:
         1a:47:ef:86:21:0b:d6:0e:2b:12:26:2e:bf:b1:ab:1c:ac:5f:
         e9:e6:94:cb:48:d9:f9:91:fe:75:82:24:1a:38:f5:1b:7e:25:
         a0:48:a5:89:7c:7a:8e:f1:6c:f5:a2:db:03:8b:8f:1f:e0:b3:
         f3:9b:62:15
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjOkjIDFFkoF1i/l79nX22cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODIxMjEzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U2Njg2ZWY4MDAzMDUyNzQ3OGZmNDAxMzViYTE2MWNiMTA1NDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqSwqqBWVlRAS5fRvfBo190xMwRt
rDMNPV0PqOo/1EEL4QZMBh2doowNRgGMkfU6sQbj0wgrC8QP8ooPmA/xYpVV0vmc
YenIy25sW8ZuM3zYPCz4l1mYN7i7Zz4E0nxUTB+pDayTWmBbyV2D6TrNV+FwsUv2
w9BVJorS3jZ7srYu9M8T2JYdhdKNa1eUFFOWzgMEP1msz3bd+1YT+oXsRvIKTAzu
r0D7lkXs37kPxDPOLfsvwYbCnW9Zt2+0CA7pXT+So41kiWBY8BCMVn//Qp9Vu0GO
46RMvDOhSqFUb3cnfcEpLE4Y6+MEy2U77YnRcfurR5vp33pLOTTm8S/OxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHfmaG74ADBSdHj/QBNboWHLEFQ7MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZC1ab2J2Z0FNRkowZVA5QUUxdWhZY3NRVkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAQLxYAwQA
kB/UAwQAwRfQMA0GCSqGSIb3DQEBCwUAA4IBAQAYeXUMDYXvjrdEsAVsPFukRk9m
AZwfhSaT1P5aq40SIMr/vb3S+CyKxbWT+BlumOmFsYyOAOkaGnAC35PHikpi5P8d
vr69cArugxOHIQXHPfEIP6owAB40lQWanYKtOplY6PAIcuknhb2UxCGOxXl0T0/z
XNKpNJCyX+iy12suqmd1UUhL9WFOEHaKWRyOj/BA7umuLUFs8J9E8O/GRms/YO3n
4FJRRuMgsACcuz2tCDxdYKaQDx6Z5/WTpKcTjGTJY+mExOEaR++GIQvWDisSJi6/
sascrF/p5pTLSNn5kf51giQaOPUbfiWgSKWJfHqO8Wz1otsDi48f4LPzm2IV
-----END CERTIFICATE-----