Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ln5d-4jCSiDI0h95KeJISMYXs4Y.roa
File:                     ln5d-4jCSiDI0h95KeJISMYXs4Y.roa (raw, json)
Hash identifier:          qkll3Uymam7ZZfE32AVbjQCQD7ZwX7fQH2x+YZmVZVg=
Subject key identifier:   96:7E:5D:FB:88:C2:4A:20:C8:D2:1F:79:29:E2:48:48:C6:17:B3:86
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0197D66E0151DBE38D19F6AFB5037490FF26
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ln5d-4jCSiDI0h95KeJISMYXs4Y.roa
Signing time:             Fri 04 Jul 2025 17:13:42 +0000
ROA not before:           Fri 04 Jul 2025 17:13:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49418
IP address blocks:        64.188.72.0/24 maxlen: 24
                          185.184.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 18:40:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:6e:01:51:db:e3:8d:19:f6:af:b5:03:74:90:ff:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul  4 17:13:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=967e5dfb88c24a20c8d21f7929e24848c617b386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0c:24:d6:b1:02:bd:09:91:ac:36:60:95:11:
                    1a:3b:37:c4:e4:df:c5:02:27:a2:00:1a:bc:9a:5a:
                    24:35:93:47:aa:0f:70:ce:af:b5:b9:3c:6e:23:46:
                    53:d3:c2:bd:e2:a5:94:e9:74:76:79:89:f3:14:8a:
                    3d:60:b9:46:78:f6:8c:24:b2:12:f5:b9:74:03:9d:
                    37:8a:89:98:55:c5:00:da:51:a8:5c:02:f3:3a:73:
                    64:ac:68:30:a5:99:de:e2:34:4e:51:69:ef:0a:d2:
                    cf:31:e2:50:68:f0:0c:0f:12:2c:9f:ee:2c:95:eb:
                    86:31:63:d9:cb:cd:a2:c8:4c:ca:51:70:96:1e:3d:
                    d4:ad:d8:f9:86:81:54:b5:ce:85:39:7e:c0:ba:91:
                    ce:e3:df:20:4b:74:29:6a:81:8e:ed:24:76:fb:fc:
                    b2:3e:77:e7:47:ab:92:f5:f1:c4:64:10:8d:39:b3:
                    0a:4b:08:09:66:dc:91:4c:41:16:95:e6:d7:21:6e:
                    97:7d:d2:62:57:10:a3:57:ab:ce:68:cf:20:ae:91:
                    a0:84:e9:1d:cd:4a:39:82:30:1e:bd:68:21:f2:83:
                    56:86:9a:f7:ad:b7:f6:5e:5f:f3:eb:d2:f2:36:20:
                    db:3c:23:eb:1c:28:17:19:e1:21:7f:d7:0e:c0:d1:
                    2c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:7E:5D:FB:88:C2:4A:20:C8:D2:1F:79:29:E2:48:48:C6:17:B3:86
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ln5d-4jCSiDI0h95KeJISMYXs4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.72.0/24
                  185.184.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:98:d5:0b:e0:37:44:c8:c2:f2:aa:b8:4a:75:88:b6:d4:31:
         a0:0c:70:1d:b3:fe:33:30:3d:88:6b:10:a7:88:ff:a6:e1:b4:
         27:1d:39:13:81:08:af:4c:e4:e4:e1:5e:04:c9:5d:1d:88:89:
         9e:73:91:d6:da:be:61:88:91:ab:83:10:eb:f5:30:95:d8:fb:
         8f:fb:f9:aa:c4:26:f6:9a:94:7e:48:99:62:f9:1a:5e:e6:ae:
         39:59:7e:31:23:c6:29:86:44:5e:2c:9f:a9:df:fe:b3:5f:2c:
         a0:b4:c4:b8:0c:a2:e6:61:1c:dc:3b:d4:db:10:23:95:1a:d6:
         85:20:6f:ab:c5:b8:2d:65:0b:b5:78:50:0c:24:1a:8a:08:6f:
         9d:b6:7b:b7:24:bd:31:a7:3d:bc:01:f7:7d:aa:ba:42:ff:12:
         1e:0c:39:39:91:ce:a4:7f:0a:8b:52:f4:2a:c0:a2:89:b9:51:
         77:44:a3:c1:b6:7c:eb:6d:91:2b:37:db:77:c7:f1:db:2c:2e:
         0f:14:88:74:43:12:af:b3:a2:cc:d2:2d:63:a9:d0:9f:13:c5:
         46:91:58:89:14:f4:4c:21:01:d1:a1:3b:f2:f5:7a:90:e5:a3:
         34:e8:e7:1d:94:92:d3:af:92:cb:79:89:98:2b:c7:73:a6:aa:
         e5:ee:8d:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfWbgFR2+ONGfavtQN0kP8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzA0MTcxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjdlNWRmYjg4YzI0YTIwYzhkMjFmNzkyOWUyNDg0OGM2MTdiMzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgwk1rECvQmRrDZglREaOzfE5N/F
AieiABq8mlokNZNHqg9wzq+1uTxuI0ZT08K94qWU6XR2eYnzFIo9YLlGePaMJLIS
9bl0A503iomYVcUA2lGoXALzOnNkrGgwpZne4jROUWnvCtLPMeJQaPAMDxIsn+4s
leuGMWPZy82iyEzKUXCWHj3Urdj5hoFUtc6FOX7AupHO498gS3QpaoGO7SR2+/yy
PnfnR6uS9fHEZBCNObMKSwgJZtyRTEEWlebXIW6XfdJiVxCjV6vOaM8grpGghOkd
zUo5gjAevWgh8oNWhpr3rbf2Xl/z69LyNiDbPCPrHCgXGeEhf9cOwNEskQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJZ+XfuIwkogyNIfeSniSEjGF7OGMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbG41ZC00akNTaURJMGg5NUtlSklTTVlYczRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAQLxIAwQC
ubh4MA0GCSqGSIb3DQEBCwUAA4IBAQBemNUL4DdEyMLyqrhKdYi21DGgDHAds/4z
MD2IaxCniP+m4bQnHTkTgQivTOTk4V4EyV0diImec5HW2r5hiJGrgxDr9TCV2PuP
+/mqxCb2mpR+SJli+Rpe5q45WX4xI8YphkReLJ+p3/6zXyygtMS4DKLmYRzcO9Tb
ECOVGtaFIG+rxbgtZQu1eFAMJBqKCG+dtnu3JL0xpz28Afd9qrpC/xIeDDk5kc6k
fwqLUvQqwKKJuVF3RKPBtnzrbZErN9t3x/HbLC4PFIh0QxKvs6LM0i1jqdCfE8VG
kViJFPRMIQHRoTvy9XqQ5aM06OcdlJLTr5LLeYmYK8dzpqrl7o1l
-----END CERTIFICATE-----