Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/X-fszyfwpMCiMInecgQBQ1yjuwg.roa
File:                     X-fszyfwpMCiMInecgQBQ1yjuwg.roa (raw, json)
Hash identifier:          kTUUUnBX9dTK9UsKYR9sAWBBjiT4qXYXAYjJbDJFJyQ=
Subject key identifier:   5F:E7:EC:CF:27:F0:A4:C0:A2:30:89:DE:72:04:01:43:5C:A3:BB:08
Certificate issuer:       /CN=dfb8d9140502c9e035305189bf658234db14f54c
Certificate serial:       0197D5281244FD9624124EB9E5CBBBB8E5B5
Authority key identifier: DF:B8:D9:14:05:02:C9:E0:35:30:51:89:BF:65:82:34:DB:14:F5:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/X-fszyfwpMCiMInecgQBQ1yjuwg.roa
Signing time:             Fri 04 Jul 2025 11:17:42 +0000
ROA not before:           Fri 04 Jul 2025 11:17:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50489
IP address blocks:        79.135.121.0/24 maxlen: 24
                          212.104.134.0/24 maxlen: 24
                          213.254.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/37jZFAUCyeA1MFGJv2WCNNsU9Uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/37jZFAUCyeA1MFGJv2WCNNsU9Uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d5:28:12:44:fd:96:24:12:4e:b9:e5:cb:bb:b8:e5:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb8d9140502c9e035305189bf658234db14f54c
        Validity
            Not Before: Jul  4 11:17:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fe7eccf27f0a4c0a23089de720401435ca3bb08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6b:51:d4:43:ec:d9:c9:c4:e8:76:ff:cf:bb:
                    df:06:22:c1:85:61:dd:bf:52:ae:c2:8d:b6:3d:a0:
                    5f:18:1a:2c:3b:b4:77:4d:00:d4:51:4c:1f:32:c3:
                    9f:62:db:a3:8f:df:60:c1:1b:be:a9:2a:55:af:82:
                    77:5b:4f:13:5c:ad:04:43:ab:f5:f7:ce:d7:f9:9f:
                    60:43:32:83:54:49:83:70:c7:90:2c:f9:10:b5:7e:
                    30:fd:e3:e0:bd:5f:0f:de:58:64:ee:e4:06:4e:80:
                    a4:ec:56:80:eb:77:c0:13:8a:1e:61:1d:70:88:e8:
                    1b:70:d7:36:6d:1f:94:3a:f7:f7:8e:b5:2b:78:f6:
                    f3:86:57:54:df:bf:74:9a:2e:67:b1:0e:54:19:dd:
                    ff:f6:41:71:27:40:b8:71:ab:0f:d7:50:6d:15:13:
                    82:62:de:09:a3:c0:c6:82:4d:ab:c6:d4:63:41:6b:
                    9a:d3:e3:7c:bd:46:94:ac:4f:27:a3:23:de:f5:45:
                    e9:2f:e0:dc:61:b1:ac:da:3f:0b:6c:92:85:66:9c:
                    72:2b:0d:43:6b:34:0d:e0:c4:7a:98:d3:1c:71:7e:
                    cc:4f:1f:c8:61:ee:91:a0:dc:f5:d1:7e:41:92:79:
                    db:39:8b:78:42:e6:c2:16:93:da:ab:08:dd:72:e7:
                    c6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E7:EC:CF:27:F0:A4:C0:A2:30:89:DE:72:04:01:43:5C:A3:BB:08
            X509v3 Authority Key Identifier:
                keyid:DF:B8:D9:14:05:02:C9:E0:35:30:51:89:BF:65:82:34:DB:14:F5:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37jZFAUCyeA1MFGJv2WCNNsU9Uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/X-fszyfwpMCiMInecgQBQ1yjuwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/62a947-cfb8-4d3d-b308-41e73c1ebae1/1/37jZFAUCyeA1MFGJv2WCNNsU9Uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.135.121.0/24
                  212.104.134.0/24
                  213.254.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:f5:10:36:21:a2:6f:d6:9b:39:eb:b9:7d:2c:aa:0a:bb:d3:
         17:66:32:e3:da:38:59:40:28:2c:59:5e:c6:d8:db:4f:9f:9a:
         1d:c0:8c:d6:24:26:64:4a:ec:d2:38:1b:20:bc:f1:36:07:9b:
         0c:e9:7c:b5:e7:bc:71:73:82:81:70:7a:1c:b3:f2:60:90:5a:
         e4:ff:56:4f:0a:fb:44:3a:9b:80:e5:8c:e4:e2:9c:1e:95:46:
         ac:5a:6a:15:92:20:43:9f:44:77:37:54:5d:28:8b:c7:f7:04:
         49:5a:5d:16:f9:31:a0:cc:4d:44:78:08:ed:73:87:73:dd:d6:
         43:88:04:c3:8e:41:45:f4:57:5f:af:fb:f9:01:3d:33:4a:40:
         7d:11:7d:ce:15:d1:d1:1e:01:03:de:06:e4:a4:94:1e:be:23:
         16:c8:66:2e:fb:94:4b:f1:31:ea:ff:1a:19:a6:b7:e2:24:93:
         10:7b:65:9c:7a:f0:38:2b:ab:c1:1c:f9:87:6a:d7:5d:3a:42:
         dd:f3:36:1a:c6:f7:ab:d4:ff:b4:22:db:29:69:86:53:53:13:
         b8:31:18:55:16:89:7f:1f:73:d6:52:5b:57:6f:c3:4a:71:e1:
         2a:8e:34:c6:f8:8d:5a:c3:47:8f:8d:49:79:a7:1f:97:5c:f4:
         00:7b:30:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfVKBJE/ZYkEk655cu7uOW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjhkOTE0MDUwMmM5ZTAzNTMwNTE4OWJmNjU4MjM0ZGIx
NGY1NGMwHhcNMjUwNzA0MTExNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmU3ZWNjZjI3ZjBhNGMwYTIzMDg5ZGU3MjA0MDE0MzVjYTNiYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWtR1EPs2cnE6Hb/z7vfBiLBhWHd
v1Kuwo22PaBfGBosO7R3TQDUUUwfMsOfYtujj99gwRu+qSpVr4J3W08TXK0EQ6v1
987X+Z9gQzKDVEmDcMeQLPkQtX4w/ePgvV8P3lhk7uQGToCk7FaA63fAE4oeYR1w
iOgbcNc2bR+UOvf3jrUrePbzhldU3790mi5nsQ5UGd3/9kFxJ0C4casP11BtFROC
Yt4Jo8DGgk2rxtRjQWua0+N8vUaUrE8noyPe9UXpL+DcYbGs2j8LbJKFZpxyKw1D
azQN4MR6mNMccX7MTx/IYe6RoNz10X5BknnbOYt4QubCFpPaqwjdcufGHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF/n7M8n8KTAojCJ3nIEAUNco7sIMB8GA1UdIwQY
MBaAFN+42RQFAsngNTBRib9lgjTbFPVMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdqWkZBVUN5ZUExTUZHSnYyV0NOTnNVOVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82MmE5NDctY2ZiOC00ZDNkLWIzMDgt
NDFlNzNjMWViYWUxLzEvWC1mc3p5ZndwTUNpTUluZWNnUUJRMXlqdXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82MmE5NDctY2ZiOC00ZDNkLWIzMDgtNDFlNzNjMWViYWUx
LzEvMzdqWkZBVUN5ZUExTUZHSnYyV0NOTnNVOVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAT4d5AwQA
1GiGAwQA1f6oMA0GCSqGSIb3DQEBCwUAA4IBAQBj9RA2IaJv1ps567l9LKoKu9MX
ZjLj2jhZQCgsWV7G2NtPn5odwIzWJCZkSuzSOBsgvPE2B5sM6Xy157xxc4KBcHoc
s/JgkFrk/1ZPCvtEOpuA5Yzk4pwelUasWmoVkiBDn0R3N1RdKIvH9wRJWl0W+TGg
zE1EeAjtc4dz3dZDiATDjkFF9Fdfr/v5AT0zSkB9EX3OFdHRHgED3gbkpJQeviMW
yGYu+5RL8THq/xoZprfiJJMQe2WcevA4K6vBHPmHatddOkLd8zYaxver1P+0Itsp
aYZTUxO4MRhVFol/H3PWUltXb8NKceEqjjTG+I1aw0ePjUl5px+XXPQAezBO
-----END CERTIFICATE-----