Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/T_9uedx-DDCLwyL-0yVYoY8ZyQk.roa
File:                     T_9uedx-DDCLwyL-0yVYoY8ZyQk.roa (raw, json)
Hash identifier:          MIaIP+4vaA5/qIMV/fq117jQ2jxAOPFsl5mWS6lIxj8=
Subject key identifier:   4F:FF:6E:79:DC:7E:0C:30:8B:C3:22:FE:D3:25:58:A1:8F:19:C9:09
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0197C78442055B15CBBE8F82081C765883E1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/T_9uedx-DDCLwyL-0yVYoY8ZyQk.roa
Signing time:             Tue 01 Jul 2025 19:43:42 +0000
ROA not before:           Tue 01 Jul 2025 19:43:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213673
IP address blocks:        64.188.98.0/24 maxlen: 24
                          77.239.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 18:40:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:84:42:05:5b:15:cb:be:8f:82:08:1c:76:58:83:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul  1 19:43:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fff6e79dc7e0c308bc322fed32558a18f19c909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b3:72:31:d0:61:e4:d5:34:c7:9a:53:47:13:
                    b6:a8:13:c5:ae:f1:5e:4f:4e:2e:6b:bb:05:d0:1e:
                    d4:b9:4f:b7:8a:51:1b:f2:fa:8b:4e:ea:79:aa:c6:
                    5c:38:bd:f6:7a:a4:85:e3:92:86:8c:6a:20:ef:07:
                    42:60:a4:b3:e9:78:cf:77:bc:e4:1c:25:34:6f:49:
                    a3:54:00:9c:6b:75:e9:0a:70:c2:de:76:5b:ad:f0:
                    73:d5:85:18:09:f2:66:7a:46:b7:13:16:06:5d:ed:
                    66:8b:aa:79:d4:67:8b:68:90:11:f0:88:1a:3e:9f:
                    43:84:79:d7:34:bf:58:6d:dc:a2:b0:b5:db:c4:1d:
                    bf:fc:f2:90:52:cb:48:fa:67:f0:e6:80:d6:af:0c:
                    8a:0e:47:4c:c4:b5:24:73:1f:e9:36:b6:93:b6:31:
                    60:08:6d:83:c5:2f:23:f9:52:a4:e1:fe:fb:86:9d:
                    86:d5:5e:55:e8:92:32:4d:60:92:65:bf:c9:38:e3:
                    88:63:bd:ad:b6:6a:6a:23:ae:fa:f4:10:dc:5d:e8:
                    0a:21:ab:31:dd:3f:14:24:da:c8:02:16:87:74:c3:
                    a7:22:89:91:5d:30:35:67:ec:00:ac:36:bf:60:af:
                    f6:57:39:1c:37:85:1b:9b:e0:d9:24:fd:df:11:f1:
                    2f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FF:6E:79:DC:7E:0C:30:8B:C3:22:FE:D3:25:58:A1:8F:19:C9:09
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/T_9uedx-DDCLwyL-0yVYoY8ZyQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.98.0/24
                  77.239.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:c8:ca:88:9b:63:70:aa:cb:4e:00:2e:7c:7f:14:aa:09:0b:
         8a:79:ea:f5:e6:e4:df:4e:14:b9:27:93:71:18:e1:c4:4a:fd:
         3f:67:db:8d:26:30:03:3a:07:ff:36:96:f7:8b:bf:21:c2:6d:
         92:7a:b3:ae:d8:e3:a7:c1:62:37:39:70:96:44:b2:4e:56:56:
         f6:fb:ae:9e:82:69:97:d2:87:9e:e3:c1:ec:24:b2:df:5c:1c:
         7b:df:0b:73:de:9e:f5:b2:34:cf:90:2b:f1:ba:21:03:8b:49:
         ca:5d:92:7d:2f:dc:17:7d:c8:d1:06:cc:67:eb:fd:8d:4e:9d:
         c0:ae:dd:5d:b2:fc:78:87:5c:2a:2a:53:1b:3b:fa:19:3c:b5:
         ed:e4:91:13:88:63:e2:53:b0:14:26:27:3f:6a:a9:ff:84:74:
         63:2f:ff:8a:bb:cf:0f:51:f8:a6:24:12:de:45:b4:64:0f:98:
         fe:e5:01:5e:7c:66:1c:81:4c:94:04:e3:0d:fb:ed:61:54:eb:
         ee:d0:3b:b9:26:a4:cf:20:bd:2d:d9:d1:8e:7f:29:6b:43:24:
         b0:cc:aa:e6:cd:70:4a:cb:9f:fe:e2:b5:b0:2e:73:54:68:0a:
         0d:d7:9e:e0:db:3c:17:d5:07:f9:bc:9a:e7:3d:db:74:f1:8b:
         2e:ce:bf:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfHhEIFWxXLvo+CCBx2WIPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzAxMTk0MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZmNmU3OWRjN2UwYzMwOGJjMzIyZmVkMzI1NThhMThmMTljOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLNyMdBh5NU0x5pTRxO2qBPFrvFe
T04ua7sF0B7UuU+3ilEb8vqLTup5qsZcOL32eqSF45KGjGog7wdCYKSz6XjPd7zk
HCU0b0mjVACca3XpCnDC3nZbrfBz1YUYCfJmeka3ExYGXe1mi6p51GeLaJAR8Iga
Pp9DhHnXNL9YbdyisLXbxB2//PKQUstI+mfw5oDWrwyKDkdMxLUkcx/pNraTtjFg
CG2DxS8j+VKk4f77hp2G1V5V6JIyTWCSZb/JOOOIY72ttmpqI6769BDcXegKIasx
3T8UJNrIAhaHdMOnIomRXTA1Z+wArDa/YK/2VzkcN4Ubm+DZJP3fEfEvXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE//bnncfgwwi8Mi/tMlWKGPGckJMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVF85dWVkeC1ERENMd3lMLTB5VllvWThaeVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAQLxiAwQA
Te9rMA0GCSqGSIb3DQEBCwUAA4IBAQCpyMqIm2NwqstOAC58fxSqCQuKeer15uTf
ThS5J5NxGOHESv0/Z9uNJjADOgf/Npb3i78hwm2SerOu2OOnwWI3OXCWRLJOVlb2
+66egmmX0oee48HsJLLfXBx73wtz3p71sjTPkCvxuiEDi0nKXZJ9L9wXfcjRBsxn
6/2NTp3Art1dsvx4h1wqKlMbO/oZPLXt5JETiGPiU7AUJic/aqn/hHRjL/+Ku88P
UfimJBLeRbRkD5j+5QFefGYcgUyUBOMN++1hVOvu0Du5JqTPIL0t2dGOfylrQySw
zKrmzXBKy5/+4rWwLnNUaAoN157g2zwX1Qf5vJrnPdt08Ysuzr9K
-----END CERTIFICATE-----