Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BT_y8tC6dIOsSolQji30EA3V_Ks.roa
File:                     BT_y8tC6dIOsSolQji30EA3V_Ks.roa (raw, json)
Hash identifier:          RaxhNpw/99qVV8Vhyi1Z0lIgvQ1GFVEiK3FOzMdy+wA=
Subject key identifier:   05:3F:F2:F2:D0:BA:74:83:AC:4A:89:50:8E:2D:F4:10:0D:D5:FC:AB
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019591779C0D20E34B979CC50C57D33EDF95
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BT_y8tC6dIOsSolQji30EA3V_Ks.roa
Signing time:             Thu 13 Mar 2025 21:44:49 +0000
ROA not before:           Thu 13 Mar 2025 21:44:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215232
IP address blocks:        64.188.99.0/24 maxlen: 24
                          193.23.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:91:77:9c:0d:20:e3:4b:97:9c:c5:0c:57:d3:3e:df:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 13 21:44:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=053ff2f2d0ba7483ac4a89508e2df4100dd5fcab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9a:d6:e1:e9:90:ba:35:cc:b9:88:e9:87:74:
                    f8:a6:c2:18:81:97:17:5b:f2:c0:fe:9d:9f:4c:ab:
                    cf:62:0b:24:9b:73:00:d1:13:2b:54:fb:d3:a4:5a:
                    5d:40:d0:b8:f9:52:0f:fe:25:d8:7b:94:2e:5c:b2:
                    0f:04:c5:ac:33:97:10:6c:4c:d1:fc:de:a5:a2:00:
                    dd:b0:60:1a:b2:c9:b0:7e:44:d5:1e:d2:49:05:58:
                    44:31:01:28:53:9c:60:b7:d7:1d:62:f4:70:8d:0a:
                    f0:aa:db:62:b8:51:b2:29:57:dd:16:ad:78:de:f5:
                    20:98:ea:4a:63:04:43:79:d8:6b:55:4a:ed:25:46:
                    be:82:1f:0f:da:dc:1f:3b:b4:cb:de:e2:45:5a:71:
                    4c:37:96:df:f6:db:35:6c:6c:ea:dc:fe:a1:55:99:
                    68:9b:4e:d5:fd:9d:b2:b4:ae:51:cc:29:43:48:3e:
                    92:ec:7e:2d:3a:aa:f0:bb:d7:a3:de:a9:0b:df:92:
                    cb:84:c1:f5:91:dd:8b:62:a7:d4:74:1f:ab:13:7f:
                    24:95:ff:2b:20:40:0d:91:03:ea:f4:5e:6d:a4:c7:
                    87:c5:8e:62:77:98:25:d7:84:27:6b:54:27:26:93:
                    3a:5d:e0:91:e2:51:2e:c3:fc:48:ad:1e:ac:db:80:
                    61:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:3F:F2:F2:D0:BA:74:83:AC:4A:89:50:8E:2D:F4:10:0D:D5:FC:AB
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BT_y8tC6dIOsSolQji30EA3V_Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.99.0/24
                  193.23.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:28:d4:7a:e9:8a:3f:9b:c1:53:59:0e:b6:c7:73:27:13:39:
         b2:58:66:d2:3a:ae:3a:46:0f:6d:10:b5:b2:68:bf:1d:4a:e9:
         fc:b3:e0:7a:8e:80:68:d1:c2:57:3a:b1:d9:ed:e7:1c:c2:ba:
         25:73:7c:ba:84:2e:28:ef:6d:ec:19:f1:b6:ec:80:12:15:06:
         7c:8c:cc:f1:26:88:d4:11:81:be:b5:87:2c:0f:b5:a4:ed:b5:
         67:ad:fa:0e:ec:87:ff:12:d6:4b:d7:af:16:a6:d8:f6:5c:da:
         be:13:11:c9:84:7a:14:fa:20:ba:54:7e:15:9d:93:3c:92:10:
         1a:bd:ab:bf:bd:75:45:d7:48:58:fa:3e:de:43:24:10:94:2c:
         16:cc:78:81:50:60:64:d9:8a:be:32:c5:67:df:42:d2:cc:6a:
         f3:d1:ec:8d:23:2a:19:75:95:bf:3d:94:1c:d7:1e:ab:78:f6:
         f9:f9:b2:63:bd:51:52:c9:76:c1:de:e1:64:55:0e:7f:b8:1e:
         aa:ec:25:b5:80:f9:a9:df:d3:57:ba:00:05:77:9f:8c:97:c5:
         fc:12:f7:c3:b8:59:88:72:69:15:30:b7:ba:b0:40:d1:25:f8:
         47:d0:f0:4d:9e:11:b2:0a:1d:83:0b:1e:ad:e1:56:89:7a:de:
         c7:ae:9e:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWRd5wNIONLl5zFDFfTPt+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzEzMjE0NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTNmZjJmMmQwYmE3NDgzYWM0YTg5NTA4ZTJkZjQxMDBkZDVmY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZrW4emQujXMuYjph3T4psIYgZcX
W/LA/p2fTKvPYgskm3MA0RMrVPvTpFpdQNC4+VIP/iXYe5QuXLIPBMWsM5cQbEzR
/N6logDdsGAassmwfkTVHtJJBVhEMQEoU5xgt9cdYvRwjQrwqttiuFGyKVfdFq14
3vUgmOpKYwRDedhrVUrtJUa+gh8P2twfO7TL3uJFWnFMN5bf9ts1bGzq3P6hVZlo
m07V/Z2ytK5RzClDSD6S7H4tOqrwu9ej3qkL35LLhMH1kd2LYqfUdB+rE38klf8r
IEANkQPq9F5tpMeHxY5id5gl14Qna1QnJpM6XeCR4lEuw/xIrR6s24BhywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAU/8vLQunSDrEqJUI4t9BAN1fyrMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQlRfeTh0QzZkSU9zU29sUWppMzBFQTNWX0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAQLxjAwQA
wRfdMA0GCSqGSIb3DQEBCwUAA4IBAQBhKNR66Yo/m8FTWQ62x3MnEzmyWGbSOq46
Rg9tELWyaL8dSun8s+B6joBo0cJXOrHZ7eccwrolc3y6hC4o723sGfG27IASFQZ8
jMzxJojUEYG+tYcsD7Wk7bVnrfoO7If/EtZL168Wptj2XNq+ExHJhHoU+iC6VH4V
nZM8khAavau/vXVF10hY+j7eQyQQlCwWzHiBUGBk2Yq+MsVn30LSzGrz0eyNIyoZ
dZW/PZQc1x6rePb5+bJjvVFSyXbB3uFkVQ5/uB6q7CW1gPmp39NXugAFd5+Ml8X8
EvfDuFmIcmkVMLe6sEDRJfhH0PBNnhGyCh2DCx6t4VaJet7Hrp4l
-----END CERTIFICATE-----