Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FzO4e4bNgL2TJdVxa4jrF-Nkgdk.roa
File:                     FzO4e4bNgL2TJdVxa4jrF-Nkgdk.roa (raw, json)
Hash identifier:          FJyL2rrAc8+BztgLEvgk7vaMyJa1/Z6aEDRCooU142Y=
Subject key identifier:   17:33:B8:7B:86:CD:80:BD:93:25:D5:71:6B:88:EB:17:E3:64:81:D9
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0197C30DAC277CEFF53C1315409F2B11DCA1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FzO4e4bNgL2TJdVxa4jrF-Nkgdk.roa
Signing time:             Mon 30 Jun 2025 22:55:42 +0000
ROA not before:           Mon 30 Jun 2025 22:55:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        64.188.88.0/22 maxlen: 24
                          64.188.108.0/22 maxlen: 24
                          64.188.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 18:40:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c3:0d:ac:27:7c:ef:f5:3c:13:15:40:9f:2b:11:dc:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 30 22:55:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1733b87b86cd80bd9325d5716b88eb17e36481d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cb:26:95:3d:15:f2:a8:07:81:df:53:2f:f0:
                    df:f5:db:d3:d2:d7:61:57:26:e2:6f:69:ee:32:56:
                    c1:5b:91:d5:60:5a:6d:ee:8f:a1:26:78:a8:6a:81:
                    a7:1f:cb:6b:39:b1:bd:02:93:91:fe:7f:39:27:e7:
                    c3:27:87:3e:e0:0b:cc:79:b0:f6:2f:18:f0:6b:5f:
                    d0:1e:50:0f:01:9e:49:d9:15:7b:c0:ba:d0:80:00:
                    bc:19:d4:fa:66:0c:19:86:b3:08:71:9c:e4:32:26:
                    5f:aa:09:9d:a3:f2:13:19:57:b7:80:cc:e1:bd:6b:
                    37:71:30:d1:93:6f:f5:d2:8f:1e:05:73:de:21:ab:
                    69:9f:8a:da:a0:15:87:5b:39:5e:5e:67:c7:80:99:
                    a7:65:cc:3c:24:30:9d:54:2c:04:d0:7e:59:ab:db:
                    bf:33:78:df:6f:24:b4:05:6f:e7:8e:bb:dc:34:27:
                    1e:39:ed:c4:e9:ff:a2:28:57:52:e9:bd:87:55:92:
                    75:ea:b2:6d:24:77:2a:54:7e:cc:e2:8f:07:66:64:
                    21:8e:83:55:95:f5:37:b1:d7:d4:6b:a4:34:e5:e4:
                    25:11:81:36:ab:11:74:c0:01:f4:1c:e4:32:cb:00:
                    89:90:5f:a1:d8:0e:02:bf:b1:5d:26:5d:3c:28:6a:
                    45:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:33:B8:7B:86:CD:80:BD:93:25:D5:71:6B:88:EB:17:E3:64:81:D9
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FzO4e4bNgL2TJdVxa4jrF-Nkgdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.88.0/22
                  64.188.108.0/22
                  64.188.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:03:b0:73:20:a9:55:55:24:d6:34:e8:f7:89:ad:9b:60:f5:
         81:65:16:ab:96:90:01:a6:0b:6f:57:b3:cc:fb:bc:24:15:00:
         48:c5:d4:9e:17:8b:b8:3b:7c:7f:33:62:77:92:a8:60:d4:84:
         a0:e6:dc:60:09:57:18:71:74:d4:19:09:fc:1f:a7:05:97:f0:
         77:6c:f1:8d:df:d4:ad:ca:29:d2:4a:d6:aa:12:b4:aa:3e:11:
         9c:f2:40:6c:9a:93:54:94:b6:d6:3b:51:75:11:ce:a6:c2:da:
         fa:51:76:6d:2b:cc:68:49:79:c4:f4:15:17:ec:2d:06:91:87:
         97:e3:5e:99:73:4c:6d:81:e9:c9:91:db:ab:7d:33:6b:17:92:
         4d:be:d0:9a:65:e8:8c:9f:0d:d6:20:da:fa:37:e2:7f:4e:d7:
         01:2d:69:05:a5:65:44:a3:2d:03:cb:f2:81:f9:49:98:22:58:
         d5:d9:2b:05:31:3f:7d:3a:bf:51:fe:98:71:c6:92:1f:2b:65:
         02:cf:e8:75:9c:4e:7c:67:c4:71:c6:39:b2:df:12:21:39:cd:
         0e:d2:d0:e4:a4:5e:e5:f4:6f:81:16:8d:99:76:da:86:8c:bf:
         10:8d:5a:d8:cb:a8:8f:31:0a:56:8f:6a:d3:5d:d6:dd:d5:e6:
         23:0b:b0:b6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfDDawnfO/1PBMVQJ8rEdyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNjMwMjI1NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzMzYjg3Yjg2Y2Q4MGJkOTMyNWQ1NzE2Yjg4ZWIxN2UzNjQ4MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8smlT0V8qgHgd9TL/Df9dvT0tdh
Vybib2nuMlbBW5HVYFpt7o+hJnioaoGnH8trObG9ApOR/n85J+fDJ4c+4AvMebD2
Lxjwa1/QHlAPAZ5J2RV7wLrQgAC8GdT6ZgwZhrMIcZzkMiZfqgmdo/ITGVe3gMzh
vWs3cTDRk2/10o8eBXPeIatpn4raoBWHWzleXmfHgJmnZcw8JDCdVCwE0H5Zq9u/
M3jfbyS0BW/njrvcNCceOe3E6f+iKFdS6b2HVZJ16rJtJHcqVH7M4o8HZmQhjoNV
lfU3sdfUa6Q05eQlEYE2qxF0wAH0HOQyywCJkF+h2A4Cv7FdJl08KGpFOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBczuHuGzYC9kyXVcWuI6xfjZIHZMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRnpPNGU0Yk5nTDJUSmRWeGE0anJGLU5rZ2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCQLxYAwQC
QLxsAwQCQLx0MA0GCSqGSIb3DQEBCwUAA4IBAQAAA7BzIKlVVSTWNOj3ia2bYPWB
ZRarlpABpgtvV7PM+7wkFQBIxdSeF4u4O3x/M2J3kqhg1ISg5txgCVcYcXTUGQn8
H6cFl/B3bPGN39StyinSStaqErSqPhGc8kBsmpNUlLbWO1F1Ec6mwtr6UXZtK8xo
SXnE9BUX7C0GkYeX416Zc0xtgenJkdurfTNrF5JNvtCaZeiMnw3WINr6N+J/TtcB
LWkFpWVEoy0Dy/KB+UmYIljV2SsFMT99Or9R/phxxpIfK2UCz+h1nE58Z8Rxxjmy
3xIhOc0O0tDkpF7l9G+BFo2ZdtqGjL8QjVrYy6iPMQpWj2rTXdbd1eYjC7C2
-----END CERTIFICATE-----