Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fybirwPvyVJCXrxqtV-YK27b-o0.roa
File:                     fybirwPvyVJCXrxqtV-YK27b-o0.roa (raw, json)
Hash identifier:          j9pC/jVEGbL7C7VXWKxLXKyhy9dEXnXl93ohOUBPwNY=
Subject key identifier:   7F:26:E2:AF:03:EF:C9:52:42:5E:BC:6A:B5:5F:98:2B:6E:DB:FA:8D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019741FEA930CF8066B4E7360B4C5CDFE171
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fybirwPvyVJCXrxqtV-YK27b-o0.roa
Signing time:             Thu 05 Jun 2025 21:28:17 +0000
ROA not before:           Thu 05 Jun 2025 21:28:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210457
IP address blocks:        193.23.199.0/24 maxlen: 24
                          193.23.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:41:fe:a9:30:cf:80:66:b4:e7:36:0b:4c:5c:df:e1:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  5 21:28:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f26e2af03efc952425ebc6ab55f982b6edbfa8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:85:b4:65:42:01:9c:01:14:2b:5b:35:3a:82:
                    a1:0a:8b:15:e1:e3:6c:8d:29:57:78:61:37:9d:95:
                    40:51:b4:c3:00:f7:8d:98:2c:b4:78:26:46:2e:f2:
                    d9:c6:de:4d:43:8b:7e:bb:a4:cd:8f:b9:d8:c3:4b:
                    c7:24:d5:6f:13:21:d1:5e:5b:41:29:d8:0a:85:76:
                    ce:f8:34:7f:10:b9:1b:49:e4:04:70:97:4b:46:fe:
                    8c:c1:c8:02:52:d9:ec:60:5e:c4:f1:e9:be:e8:b9:
                    6f:39:81:ef:08:72:38:1f:93:99:4f:20:5d:84:0d:
                    46:bf:6e:9b:59:e6:61:e3:43:7b:c6:f7:63:e0:03:
                    93:50:3f:c7:f3:7f:d0:12:cf:5f:0a:01:cb:2c:cd:
                    a9:36:d7:02:a2:8d:f2:66:53:6f:3a:7b:b5:44:70:
                    49:5c:7f:c9:6c:38:d8:12:5a:57:2c:b4:57:45:8e:
                    c6:48:20:d8:0d:b9:f4:72:06:77:36:f4:14:6b:6a:
                    2d:bc:73:27:b8:b4:09:46:d9:af:7a:93:00:fb:f9:
                    11:d0:0d:fc:70:88:33:ee:cf:57:b9:91:c6:bf:ac:
                    cd:94:a8:b3:dc:f7:2c:ce:ea:fe:03:f7:07:7c:af:
                    0d:d9:8f:d6:8f:e7:1f:07:c5:be:77:36:a7:10:f9:
                    5b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:26:E2:AF:03:EF:C9:52:42:5E:BC:6A:B5:5F:98:2B:6E:DB:FA:8D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fybirwPvyVJCXrxqtV-YK27b-o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.199.0/24
                  193.23.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:54:15:5e:54:2c:2c:91:63:fc:2d:e3:1e:b0:68:3d:e6:df:
         b3:3f:ad:49:9d:b9:c0:04:c3:7f:62:08:3b:03:b1:32:fe:a0:
         0d:96:75:04:2e:ae:eb:ad:99:77:23:c8:37:0b:89:c1:a6:94:
         ce:40:14:cb:0e:5d:c7:f5:55:77:24:fa:10:c9:a1:85:11:a1:
         09:5d:c1:19:c7:b8:a9:a7:ae:05:ef:ea:41:d5:bf:19:41:03:
         03:13:db:28:28:7c:9d:f4:d5:b1:ca:86:2d:e0:5c:14:8f:c8:
         e4:c0:a1:b4:54:aa:2b:00:8f:96:0f:63:20:2a:df:76:9c:36:
         40:c3:f5:7c:cb:3e:81:9b:13:bd:87:81:df:7b:f9:f9:d8:72:
         59:14:6f:7f:e2:cc:f9:e7:5d:fb:be:c8:c2:dd:c7:c5:b2:3a:
         55:f9:26:a2:b5:ab:cf:fe:a7:80:86:39:11:7e:22:56:8d:3f:
         68:9f:c6:95:f2:52:fb:5b:99:93:df:c9:1c:fc:7c:7d:68:f8:
         dd:53:90:00:f8:ed:84:2d:6f:d5:db:3f:da:80:c7:7f:74:af:
         f4:b3:ad:62:8d:9b:15:07:50:55:5d:29:ab:43:8c:97:44:ae:
         71:15:4d:1e:c9:62:22:b9:48:ab:da:c4:cc:cf:0f:89:21:3e:
         a8:6c:48:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdB/qkwz4BmtOc2C0xc3+FxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNjA1MjEyODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjI2ZTJhZjAzZWZjOTUyNDI1ZWJjNmFiNTVmOTgyYjZlZGJmYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4W0ZUIBnAEUK1s1OoKhCosV4eNs
jSlXeGE3nZVAUbTDAPeNmCy0eCZGLvLZxt5NQ4t+u6TNj7nYw0vHJNVvEyHRXltB
KdgKhXbO+DR/ELkbSeQEcJdLRv6MwcgCUtnsYF7E8em+6LlvOYHvCHI4H5OZTyBd
hA1Gv26bWeZh40N7xvdj4AOTUD/H83/QEs9fCgHLLM2pNtcCoo3yZlNvOnu1RHBJ
XH/JbDjYElpXLLRXRY7GSCDYDbn0cgZ3NvQUa2otvHMnuLQJRtmvepMA+/kR0A38
cIgz7s9XuZHGv6zNlKiz3Pcszur+A/cHfK8N2Y/Wj+cfB8W+dzanEPlbMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH8m4q8D78lSQl68arVfmCtu2/qNMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZnliaXJ3UHZ5VkpDWHJ4cXRWLVlLMjdiLW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRfHAwQA
wRfdMA0GCSqGSIb3DQEBCwUAA4IBAQAxVBVeVCwskWP8LeMesGg95t+zP61JnbnA
BMN/Ygg7A7Ey/qANlnUELq7rrZl3I8g3C4nBppTOQBTLDl3H9VV3JPoQyaGFEaEJ
XcEZx7ipp64F7+pB1b8ZQQMDE9soKHyd9NWxyoYt4FwUj8jkwKG0VKorAI+WD2Mg
Kt92nDZAw/V8yz6BmxO9h4Hfe/n52HJZFG9/4sz55137vsjC3cfFsjpV+SaitavP
/qeAhjkRfiJWjT9on8aV8lL7W5mT38kc/Hx9aPjdU5AA+O2ELW/V2z/agMd/dK/0
s61ijZsVB1BVXSmrQ4yXRK5xFU0eyWIiuUir2sTMzw+JIT6obEhr
-----END CERTIFICATE-----