Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YbnOV1tkwnDtmcFyRFLGkK4tHgU.roa
File:                     YbnOV1tkwnDtmcFyRFLGkK4tHgU.roa (raw, json)
Hash identifier:          vQcbK7VQCmY6z5ntoyh6Bo8Dn7DnMFTEzJGId/TLAuw=
Subject key identifier:   61:B9:CE:57:5B:64:C2:70:ED:99:C1:72:44:52:C6:90:AE:2D:1E:05
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019861D24E6603202F9422603AFAE5E4A02D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YbnOV1tkwnDtmcFyRFLGkK4tHgU.roa
Signing time:             Thu 31 Jul 2025 18:50:29 +0000
ROA not before:           Thu 31 Jul 2025 18:50:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        64.188.92.0/22 maxlen: 24
                          193.23.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:d2:4e:66:03:20:2f:94:22:60:3a:fa:e5:e4:a0:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul 31 18:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61b9ce575b64c270ed99c1724452c690ae2d1e05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:33:87:82:17:dd:ba:e1:a4:7e:38:e4:f0:
                    65:19:42:7d:19:73:00:44:c3:45:3e:9a:ff:da:d0:
                    28:08:08:6f:42:ac:42:d0:ab:23:0b:83:1e:d6:be:
                    d4:e8:cb:7b:38:8b:7d:ab:79:49:f0:b4:66:9b:6b:
                    f2:9f:c3:0f:d4:ce:7f:ee:b1:86:63:33:62:ca:07:
                    8d:15:bc:83:74:3c:76:37:2e:5e:c1:a6:94:a7:3e:
                    b4:8a:d5:6f:68:68:ec:6f:1f:d6:aa:d8:84:98:60:
                    be:1e:e9:a7:46:c8:6e:4a:63:a2:c2:9c:47:85:b3:
                    c1:ff:44:3d:33:e9:5f:3a:39:b4:24:32:96:ee:68:
                    65:4d:53:a5:6e:57:c5:03:59:e5:ef:c7:46:63:da:
                    8f:bd:e7:13:ef:07:93:b4:e7:4f:e8:c5:31:67:96:
                    c3:27:8d:92:20:fc:bf:55:24:a7:8f:9e:ca:ca:a9:
                    51:2d:ff:1d:6a:52:8f:66:2b:99:e1:dd:e0:e1:0b:
                    e3:59:2c:48:58:fa:7c:a9:04:6b:8b:c4:e6:48:62:
                    3d:db:64:50:18:6c:fb:d7:86:c4:6c:0d:52:1a:a1:
                    ac:1a:0e:0b:08:fb:20:47:16:bf:81:16:78:f0:51:
                    16:0b:32:54:e2:5b:3e:ef:81:3e:4e:bb:3a:bd:79:
                    41:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B9:CE:57:5B:64:C2:70:ED:99:C1:72:44:52:C6:90:AE:2D:1E:05
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YbnOV1tkwnDtmcFyRFLGkK4tHgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.92.0/22
                  193.23.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:9c:24:f2:5f:35:55:53:78:cc:b6:5a:7b:ac:04:8b:24:64:
         72:e2:63:e7:84:32:af:84:64:8c:0c:b5:4e:f2:6e:fd:ba:01:
         27:6c:71:af:79:3d:4f:23:f7:04:72:68:de:9b:b6:21:e9:cc:
         86:5a:e7:97:32:b2:ca:3a:74:83:2c:f4:21:a5:05:fc:92:ea:
         0c:35:68:b1:9b:e0:76:a3:a2:6f:9e:eb:c0:0f:10:b6:0e:be:
         da:9d:e1:35:b8:d5:a0:6d:ee:98:37:69:aa:cb:de:42:a6:58:
         d4:67:c1:f1:2d:32:43:00:21:6e:58:89:74:46:1a:5a:1e:55:
         26:13:9c:72:60:59:b8:96:56:6c:31:ab:05:59:7e:62:57:d6:
         e6:37:23:52:07:c0:bc:16:a8:94:19:01:a9:a7:74:05:8b:fc:
         73:78:c0:7d:3c:0a:6a:d0:55:0d:a8:2c:2d:ce:0f:d7:d5:bf:
         e9:e2:81:60:ea:6e:39:d2:4f:71:53:96:7f:79:1e:16:e6:1f:
         6c:16:fe:bd:89:e6:ef:cb:d1:cc:ee:77:6f:99:2a:15:c0:f7:
         a3:ae:ec:64:db:dd:ec:a5:12:f3:f9:2b:bb:0e:58:aa:95:7e:
         3b:1e:09:cd:57:8c:8a:02:93:c6:84:a2:7a:55:dc:16:b3:0e:
         a3:9a:f8:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhh0k5mAyAvlCJgOvrl5KAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzMxMTg1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWI5Y2U1NzViNjRjMjcwZWQ5OWMxNzI0NDUyYzY5MGFlMmQxZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zkzh4IX3brhpH445PBlGUJ9GXMA
RMNFPpr/2tAoCAhvQqxC0KsjC4Me1r7U6Mt7OIt9q3lJ8LRmm2vyn8MP1M5/7rGG
YzNiygeNFbyDdDx2Ny5ewaaUpz60itVvaGjsbx/WqtiEmGC+HumnRshuSmOiwpxH
hbPB/0Q9M+lfOjm0JDKW7mhlTVOlblfFA1nl78dGY9qPvecT7weTtOdP6MUxZ5bD
J42SIPy/VSSnj57KyqlRLf8dalKPZiuZ4d3g4QvjWSxIWPp8qQRri8TmSGI922RQ
GGz714bEbA1SGqGsGg4LCPsgRxa/gRZ48FEWCzJU4ls+74E+Trs6vXlB7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGG5zldbZMJw7ZnBckRSxpCuLR4FMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWWJuT1YxdGt3bkR0bWNGeVJGTEdrSzR0SGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCQLxcAwQA
wRfZMA0GCSqGSIb3DQEBCwUAA4IBAQBonCTyXzVVU3jMtlp7rASLJGRy4mPnhDKv
hGSMDLVO8m79ugEnbHGveT1PI/cEcmjem7Yh6cyGWueXMrLKOnSDLPQhpQX8kuoM
NWixm+B2o6JvnuvADxC2Dr7aneE1uNWgbe6YN2mqy95CpljUZ8HxLTJDACFuWIl0
RhpaHlUmE5xyYFm4llZsMasFWX5iV9bmNyNSB8C8FqiUGQGpp3QFi/xzeMB9PApq
0FUNqCwtzg/X1b/p4oFg6m450k9xU5Z/eR4W5h9sFv69iebvy9HM7ndvmSoVwPej
ruxk293spRLz+Su7DliqlX47HgnNV4yKApPGhKJ6VdwWsw6jmvj0
-----END CERTIFICATE-----